Security Boulevard

MAY 10, 2023

As cyber attackers grow increasingly sophisticated, proactive threat hunting becomes essential. Behavioral threat hunting, leveraging the MITRE ATT&CK framework, offers a powerful way to stay ahead. The post Unlocking the Power of Threat Hunting with MITRE ATT&CK appeared first on Security Boulevard.

Cyber Attacks 45

Cyber Attacks Cybersecurity 45

Jane Frankland

JANUARY 9, 2024

In recent years, data breaches and compliance failures have made organisations increasingly aware of the need for comprehensive cybersecurity solutions to detect and address threats. They include monitoring for potential threats and incidents, responding to confirmed breaches, and providing support for incident investigation processes.

Threat Detection 147

Threat Detection Technology Marketing Artificial Intelligence 147

McAfee

OCTOBER 25, 2021

Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. You can apply predictive analytics to leverage in-depth threat intelligence sources to produce real-time, automated assessments of your security posture risks from device to cloud.

Cybersecurity 91

Cybersecurity Artificial Intelligence CISO Threat Detection 91

The Last Watchdog

JANUARY 29, 2023

Above all, the core exposure derives from an increasing number of unknown threats, according to a Divisional Head of Cybersecurity Compliance at a global motor manufacturer: “The number of unknowns is increasing. The threat of ransomware. And the more senior the cybersecurity role, the more stressful the job.

Digital transformation 203

Digital transformation CISO Cybersecurity Manufacturing 203

Security Affairs

MAY 4, 2022

The investigation of the security firm started with the discovery of ‘ VHD ransomware ’ in the threat landscape in March 2020. The MATA malware framework could target Windows, Linux, and macOS operating systems. The malware framework implements a wide range of features that allow attackers to fully control the infected systems.

Ransomware 93

Ransomware Banking Malware Hacking 93

Security Boulevard

NOVEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. To us, this is a model of peer teams that work together for common mission.

Engineering 80

Engineering Architecture Cyber threats Threat Detection 80

Security Boulevard

DECEMBER 1, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This intelligence can be derived directly from TI feeds or from red team exercises or threat hunting activities. which will only be less useful for technical defenders.

Engineering 72

Engineering Unstructured Data Cybersecurity Architecture 72

Security Boulevard

NOVEMBER 3, 2023

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. To us, this is a model of peer teams that work together for common mission.

Backups 64

Backups Engineering Architecture Cyber threats 64

Security Affairs

MAY 7, 2021

After a few unremarkable and quiet years, Hancitor resurfaced again — it decided to join the Big Game Hunting. Group-IB Threat Intelligence & Attribution team found that Hancitor is being actively used by the threat actors to deploy Cuba ransomware. Cuba ransomware has been active since at least January 2020. exe: Figure 3.

Ransomware 108

Ransomware Education Manufacturing Malware 108

Anton on Security

MARCH 28, 2023

OK, let’s start our analysis using this mini-framework I just created: What problems have you solved with SIEM historically? However, in this blog I am exploring why a particular toolset — SIEM — has a place in today’s security arsenal so I am being inherently tool-centric, not problem-centric.) Conclusion ! So, why buy a SIEM in 2023?

Threat Detection 100

Threat Detection Banking Technology Risk 100

Security Boulevard

MAY 21, 2024

On Detection: Tactical to Functional Part 12 Introduction At Shmoocon 2015, Will Schroeder (Harmj0y) gave a talk titled “ I Hunt Sys Admins ,” describing how attackers can hunt (or find the location of) system administrators throughout the network.

Computers and Electronics 59

Computers and Electronics Engineering Accountability System Administration 59

McAfee

JULY 27, 2020

The latest innovation in MVISION Cloud, the multi-cloud security platform for enterprise, introduces MITRE ATT&CK into the workflow for SOC analysts to investigate cloud threats and security managers to defend against future attacks with precision. Cloud Threat Investigation 101: Hunting with MITRE ATT&CK.

Data breaches 62

Data breaches Accountability Software 62

Anton on Security

AUGUST 31, 2022

SOC (not necessarily “clown-grade” , this label is reserved for people who want to hunt before they detect or even log…) may rely solely on vendor-provided detection content. This advice is sorely needed at many SOCs I’ve seen where panic-driven (“OMG a new threat, how/where do we detect it?! Now, perhaps a true 2002 (!)

Engineering 189

Engineering Risk 189

McAfee

NOVEMBER 18, 2021

In the October 2021 Threat Report , McAfee Enterprise ATR provides a global view of the top threats, especially those ransomware attacks that affected most countries and sectors in Q2 2021, especially in the Public Sector (Government). Let’s review the high severity campaigns and threat profiles added to MVISION Insights recently.

Ransomware 77

Ransomware Government Threat Reports Architecture 77

McAfee

DECEMBER 22, 2021

Threat Summary. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. Getting the Latest Threat Intelligence. Attack Chain and Defensive Architecture.

Malware 98

Malware Risk Internet Internet 98

Cisco Security

NOVEMBER 16, 2021

It is the only endpoint security solution that comes with a built-in extended detection and response (XDR) platform, allowing you to see more threats, block more attacks, and remediate faster. Cisco Endpoint Security expands to stop more stop threats easier, faster. This type of malware avoids detection by executing in-memory.

Ransomware 117

Ransomware Malware Architecture Risk 117

Security Affairs

AUGUST 15, 2022

The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver , TA446), a Russia-linked threat actor that is behind a persistent hacking campaign targeting people and organizations in NATO countries. ” reads the post published by Microsoft.

Phishing 84

Phishing Accountability Hacking Surveillance 84

Security Boulevard

MARCH 28, 2023

OK, let’s start our analysis using this mini-framework I just created: What problems have you solved with SIEM historically? However, in this blog I am exploring why a particular toolset — SIEM — has a place in today’s security arsenal so I am being inherently tool-centric, not problem-centric.) Conclusion ! So, why buy a SIEM in 2023?

Threat Detection 69

Threat Detection Banking Risk Technology 69

Security Affairs

FEBRUARY 18, 2019

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack.

Cybercrime 99

Cybercrime Advertising Threat Detection Marketing 99

eSecurity Planet

DECEMBER 13, 2021

“This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use,” she said. A Major Threat. All threat actors need to trigger an attack is one line of text. The Log4Shell flaw – which Impacts Log4j versions 2.0 through 2.14.1

Cybersecurity 143

Cybersecurity Software Government Threat Detection 143

Pen Test Partners

OCTOBER 11, 2023

It is fast to roll out and is bolstered by an active community that contribute to a growing repository of EDR features and current threat hunts. Once the clients have been deployed across the network via a method of your choosing (for example Intune or GPO), the queries and threat hunting can begin. Paleo-programming.

Accountability 52

Accountability DNS Firewall Malware 52

Security Affairs

FEBRUARY 10, 2022

The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe This blog details the use of regsvr32.exe exe along with Squiblydoo technique, insights from our threat intelligence systems and Uptycs EDR detections. Threat actors can use regsvr32 for loading COM scriptlets to execute DLLs.

Malware 89

Malware Engineering Hacking Ransomware 89

Digital Shadows

FEBRUARY 7, 2023

A key metric that many ReliaQuest customers rely on is using the MITRE ATT&CK® framework to measure detection coverage. Many organizations use the ATT&CK knowledge base to develop specific threat models and methodologies that are used to verify security status in their environments.

Technology 40

Technology Accountability Risk Cybersecurity 40

Fox IT

JANUARY 15, 2020

This blog describes a method to detect one technique utilized by many popular attack frameworks based solely on connection metadata and statistics, in turn enabling this technique to be used on multiple log sources. Many attack frameworks use beaconing. Most frameworks are very customizable to your needs and preferences.

DNS 45

DNS Malware Accountability Software 45

Security Affairs

NOVEMBER 23, 2018

Threat actors carried out spear phishing attacks impersonating a State Department official to attempt compromising targets. The experts discovered that Cozy Bear cyberspies used in the last campaign a technique to drop malicious code that was already employed by threat actors. New “Cozy Bear” campaign, old habits. Pierluigi Paganini.

Malware 84

Malware Advertising Phishing Media 84

Cisco Security

AUGUST 29, 2022

In part one of our Black Hat USA 2022 NOC blog, we discussed building the network with Meraki: Adapt and Overcome. Talos Threat Hunting, by Jerzy ‘Yuri’ Kramarz and Michael Kelley. Cisco Secure Malware Analytics (formerly Threat Grid). Cisco Secure Threat Intelligence (correlated through SecureX). VirusTotal.

DNS 74

DNS Wireless Malware Firewall 74

Cisco Security

APRIL 22, 2021

This round is particularly rewarding because we had to face the difficult challenge of performing well against a set of simulated attacks from the formidable threat actors Carbanak and FIN7. What is the MITRE ATT&CK Framework? To do that, I will take a “Q&A” approach to share my thoughts. Let’s start. How does it work?

Engineering 86

Engineering Technology Architecture Accountability 86

eSecurity Planet

JULY 13, 2023

They found a tool called WormGPT “through a prominent online forum that’s often associated with cybercrime,” Kelley wrote in a blog post. This experiment underscores the significant threat posed by generative AI technologies like WormGPT, even in the hands of novice cybercriminals.”

Cybercrime 98

Cybercrime Phishing Marketing System Administration 98

Cisco Security

MARCH 11, 2021

Part 1: Top threat categories. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flows. This is where it becomes helpful to know about the larger trends on the threat landscape. While performing this analysis we looked at a wide variety of threat trends.

DNS 139

DNS Phishing Ransomware Internet 139

McAfee

MARCH 9, 2021

In a Security Operations Center (SOC) this resource is serving as a progressive framework for practitioners to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks. Proactively discover indicators with hunting. appeared first on McAfee Blogs. Prevention. Detection Focus. Prevention Focus.

Marketing 81

Marketing Ransomware Malware Risk 81

McAfee

AUGUST 6, 2021

This is the third in a series of blogs on the Cybersecurity EO, and I encourage you to read those you may have missed. MVISION EDR can discover and block threats in the pre-execution stage, investigate threats through analytics, and help provide an incident response plan. Part 1 , Part 2 ).

Cybersecurity 78

Cybersecurity Artificial Intelligence Technology Engineering 78

eSecurity Planet

MAY 5, 2021

Managed Detection and Response (MDR) services offer their clients 24/7 turnkey threat monitoring, detection and remote response capabilities. Having an entire external team devoted solely to threat detection and response increases the chances of identifying threats that may otherwise elude internal teams. Top MDR services.

Threat Detection 56

Threat Detection Technology Artificial Intelligence Cybersecurity 56

Security Boulevard

AUGUST 31, 2022

SOC (not necessarily “clown-grade” , this label is reserved for people who want to hunt before they detect or even log…) may rely solely on vendor-provided detection content. This advice is sorely needed at many SOCs I’ve seen where panic-driven (“OMG a new threat, how/where do we detect it?! Now, perhaps a true 2002 (!)

Engineering 98

Engineering Risk Government Network Security 98

SecureList

MAY 12, 2021

The threat may have been around a long time, but it’s changed. First, we will debunk three preconceived ideas that obstruct proper thinking on the ransomware threat. Along with the rise of big-game hunting in 2020, we saw the emergence of a number of high-profile groups in the ransomware world. And not without good reason.

Ransomware 127

Ransomware Encryption Malware Cybercrime 127

McAfee

APRIL 20, 2021

Each year, MITRE Engenuity conducts independent evaluations of cybersecurity products to help government and industry make better decisions to combat security threats and improve industry’s threat detection capabilities. These products were configured following MITRE Engenuity’s standards: . Visibility .

Threat Detection 90

Threat Detection Cybersecurity Government Network Security 90

Cisco Security

MAY 20, 2021

As threats proliferated over the years and point products multiplied exponentially, security teams eventually became overburdened with complexity. Changing threat landscapes and network architectures have been especially prominent in 2020 and 2021. New platform innovations. Find out more.). Be ready for tomorrow.

Firewall 102

Firewall Technology CISO Architecture 102

SecureList

JULY 29, 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. Russian-speaking activity. If the victim double clicked on it, the LNK then executed a loader written in.NET referred to as BoomBox, or a DLL. Chinese-speaking activity.

Malware 142

Malware Phishing Password Management Social Engineering 142