Blog, DNS and Threat Detection - Cyber Security Informer

Stories from the SOC – DNS recon + exfiltration

CyberSecurity Insiders

MARCH 13, 2021

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. The post Stories from the SOC – DNS recon + exfiltration appeared first on Cybersecurity Insiders.

DNS

DNS Threat Detection Cybersecurity Cyber threats

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Security Boulevard

FEBRUARY 23, 2023

Thankfully, nearly all malware depends on DNS at some point in their kill chain, making the protocol a critical vector for shutting down these threats. Some of the common forms these DNS-based attacks can take include: DNS spoofing: A malicious actor alters DNS records to redirect traffic to a fake website or server.

Antivirus

Antivirus DNS Threat Detection Small Business

Who’s Hacking You?

Webroot

MARCH 9, 2021

In that spirit, we put together this blog post to explain the different hacker types and methods they use against us. DNS (Domain Name System) is especially vulnerable. One of the most common methods of infiltration includes internet-based attacks, such as Denial of Service (DoS), Distributed Denial of Service (DDoS) and DNS poisoning.

Hacking

Hacking DNS Surveillance Cybercrime

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

HYAS Threat Intel Report May 20 2024

Security Boulevard

MAY 20, 2024

Weekly Threat Intelligence Report Date: May 20, 2024 Prepared by: David Brunsdon, Threat Intelligence - Security Engineer, HYAS Cyber Threat Intelligence Analysis This week in the HYAS Insight threat intelligence platform, we found a concerning open directory hosting multiple pieces of malware. Malware Analysis 1.

DNS

DNS Malware Education Phishing

Proactive Intelligence: A Paradigm Shift In Cyber Defense

Security Boulevard

MARCH 6, 2024

The truth is that we can make a paradigm shift in the way we think about detection, protection, and proactiveness with respect to intelligence and resilience. Early Threat Detection Understanding attacker infrastructure is the key to not just reactive but true, proactive threat intelligence.

DNS

DNS Phishing Data breaches Cyber threats

Future Focused: Encryption and Visibility Can Co-Exist

Cisco Security

MARCH 16, 2021

In fact, 63% of threats detected by Cisco Stealthwatch in 2019 were in encrypted traffic. In this blog I’ll describe two recent privacy advances—DNS over HTTPS (DoH) and QUIC—and what we’re doing to maintain visibility. Keeping your destination private: DNS over HTTPS. DNS message encryption (control plane) is new.

Encryption

Encryption DNS Threat Detection Internet

A compelling story

Cisco Security

JUNE 13, 2022

Surely, someone must have written a blog or something more descriptive about this already,” they would say. Then, they would copy-paste anything that looks like a searchable term – an IP address, domain, SHA checksum – and start searching it, either on a threat intelligence search site or even a general-purpose search engine.

DNS

DNS Engineering Authentication Malware

Detecting Targeted Attacks on Public Cloud Services with Cisco Secure Cloud Analytics

Cisco Security

MAY 3, 2022

According to Cado, the software could be delivered by leveraging DNS over HTTPS to avoid detection at the network access layer and using compromised credentials to execute the software designed for Lambda environments. Continuous Monitoring and Threat Detection in the Public Cloud using Cisco Secure Cloud Analytics.

DNS

DNS Threat Detection Software Cryptocurrency

Threat Protection: The REvil Ransomware

Cisco Security

AUGUST 11, 2021

We looked at REvil, also known as Sodinokibi or Sodin, earlier in the year in a Threat Trends blog on DNS Security. In it we talked about how REvil/Sodinokibi compromised far more endpoints than Ryuk, but had far less DNS communication. Figure 1-DNS activity surrounding REvil/Sodinokibi.

Ransomware

Ransomware DNS Encryption Backups

Strengthening Cyber Resilience: A Milestone Partnership

Security Boulevard

APRIL 18, 2024

This proactive approach to threat detection and mitigation ensures that organizations can stay one step ahead of cyber adversaries, minimizing the impact of potential attacks and safeguarding their digital assets, and the correctness and completeness of the solution has been independently tested and validated by AV-TEST.

Digital transformation

Digital transformation Architecture Cyber threats DNS

PCI DSS reporting details to ensure when contracting quarterly CDE tests

CyberSecurity Insiders

APRIL 14, 2023

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice.

Penetration Testing

Penetration Testing DNS Passwords Accountability

How to Mitigate DDoS Attacks with Log Analytics

CyberSecurity Insiders

APRIL 30, 2021

Mitigating against DDoS attacks in cloud-based environments can be a challenge, but current technologies make it possible for organizations to efficiently monitor their entire networks, analyze security logs at scale, and rapidly detect and respond to DDoS attacks before they impact user experience.

DDOS

DDOS Cyber Attacks DNS Threat Detection

Global outbreak of Log4Shell

CyberSecurity Insiders

DECEMBER 16, 2021

According to a Netlab blog on December 13, 2021, Netlab identified 10 different implants using the vulnerability to spread: Muhstik, DDoS+backdoor. rmi|dns):/[^n]+' /var/log. Review detections of suspicious child processes spawned by Java. We can observe the growth of JNDI related scans cross the internet: Figure 1.

DDOS

DDOS DNS Internet Internet

Endangered data in online transactions and how to safeguard company information

CyberSecurity Insiders

JANUARY 6, 2022

This blog was written by an independent guest blogger. HTTPS and DNS), data link (e.g., Online transactions are essential for every modern business. From online shopping to banking, transferring funds, and sending invoices, online transactions ensure utter convenience and efficiency. Avoid storing payment data from your customers.

Encryption

Encryption Identity Theft Authentication Data breaches

The Case for Multi-Vendor Security Integrations

Cisco Security

AUGUST 26, 2022

The AlienApp for Cisco Secure Endpoint enables you to automate threat detection and response activities between USM Anywhere and Cisco Secure Endpoint. This new integration supports Umbrella proxy, cloud firewall, IP, and DNS logs. They include various items like DKIM key inspections, DNS Resource Records and more.

Firewall

Firewall Authentication Passwords Threat Detection

Serverless and PaaS Security with CloudPassage Halo

CyberSecurity Insiders

MARCH 4, 2021

In our previous blog, we introduced the Gartner report “Security Considerations and Best Practices for Securing Serverless PaaS” 1 which discusses the challenges security teams face securing serverless and PaaS services, along with the best practices Gartner recommends to address those challenges. Read more here: [link].

DNS

DNS Threat Detection Information Security Software

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. SCA detected 289 alerts including Suspected Port Abuse, Internal Port Scanner, New Unusual DNS Resolver,and Protocol Violation (Geographic).

Wireless

Wireless DNS Mobile Technology

Rapidly executing on SASE vision with new cloud security enhancements

Cisco Security

MAY 17, 2021

I won’t go into all the details here (see this Umbrella blog for more) but we have radically simplified the deployment and management process. This functionality is powered by the massive, real-time Talos threat intelligence feed (>40,000 active threat detection elements) to extend the depth of the Umbrella cloud-delivered firewall.

Firewall

Firewall Architecture Internet Internet

Identity and Access Management (IAM) in Payment Card Industry (PCI) Data Security Standard (DSS) environments.

CyberSecurity Insiders

APRIL 6, 2023

This is the first of a series of consultant-written blogs around PCI DSS. GoDaddy, Network Solutions) DNS service (E.g., GoDaddy, Network Solutions) DNS service (E.g., Many organizations have multiple IAM schemes that they forget about when it comes to a robust compliance framework such as PCI DSS.

Accountability

Accountability DNS DDOS VPN

Cyber Security Informer

Stories from the SOC – DNS recon + exfiltration

Why Small and Medium Sized Businesses Need More Than Just an AntiVirus Solution

Webinars

Trending Sources

Who’s Hacking You?

Webinars

HYAS Threat Intel Report May 20 2024

Proactive Intelligence: A Paradigm Shift In Cyber Defense

Future Focused: Encryption and Visibility Can Co-Exist

A compelling story

Detecting Targeted Attacks on Public Cloud Services with Cisco Secure Cloud Analytics

Threat Protection: The REvil Ransomware

Strengthening Cyber Resilience: A Milestone Partnership

PCI DSS reporting details to ensure when contracting quarterly CDE tests

How to Mitigate DDoS Attacks with Log Analytics

Global outbreak of Log4Shell

Endangered data in online transactions and how to safeguard company information

The Case for Multi-Vendor Security Integrations

Serverless and PaaS Security with CloudPassage Halo

Black Hat USA 2023 NOC: Network Assurance

Rapidly executing on SASE vision with new cloud security enhancements

Identity and Access Management (IAM) in Payment Card Industry (PCI) Data Security Standard (DSS) environments.

Stay Connected