Why packet capture is an important tool in the threat hunting toolbelt
With IT security technology rapidly improving, an increasing number of organizations are turning towards analytics, AI, and automation to help with managing the complex task of detecting and remediating cyber-attacks as well as to assist in reducing dwell time. These tools are becoming increasingly advanced by the day, and have become the industry standard for IT security. On the other hand, many of the cybersecurity tools used nowadays utilize predefined rules and signatures to identify malicious activity.
How to detect Cobalt Strike Process Injection
The Cobalt Strike is a framework designed for adversary simulation. It is commonly used by penetration testers and red teams to test an organization’s resilience against targeted attacks. It can be configured using Malleable C&C profiles which can be used to customize the behavior of its beacon, giving users the ability to emulate the TTP’s of in the wild threat actors.
How to write a proper password policy and choosing a password management solution?
The proper password policy is just as important as any other IT security solution. The password policy determines what requirements a new password must meet and how long it will last. The following rules are recommended for a good password policy
User vulnerabilities, threat hunting and MDATP
For almost every organization security is important, no matter that we are talking about physical security or digital. This fact won’t be written over neither the type of the organization/company nor the size of it. In the digital world often we make the mistake that we lay back behind the safety of firewall, antivirus and email filers. And not caring about the education of our employees in information security.
Transforming Splunk to a semi-SOAR platform
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. The goal of using a SOAR stack is to improve the efficiency of physical and digital security operations.
Why Proxy-Based Firewalls Are Not Enough
The first proxy-based firewalls achieved the basic task of controlling which websites users could access on the Internet. Since then, the technology has developed and evolved to provide additional features like malware detection and blocking, in-line data loss prevention (DLP), SSL/TLS inspection and bandwidth control.
Coronavirus panic at the service of government-backed hacker groups
As we wrote in a previous post, the current pandemic is an excellent source of cyber attacks (as well). However, it is not only profit-making that is behind these operations, but the political, ideological load is at least as crucial as monetization. For groups with a state background (almost infinite availability of financial, material and human resources), another phenomenon has emerged at the global level, affecting most people (in this case everyone).
Banking Trojan TrickBot got a new module
A banking trojan, like any “common” trojan, is a malicious program that disguises itself as a real, harmless application. Its purpose is to steal sensitive information from users (login details, financial information, credit card details, etc). In addition, the banking trojans use various solutions to create botnets, steal login credentials, inject malicious code into browsers, and to steal money.
Like the pandemic wouldn’t be enough: recent coronavirus themed cyber attacks
People are alarmed, scared, or even in panic. Numerous companies already had or currently transitioning their everyday work to Home Office environments (RDP,VPN). Hence the borderline between the corporate infrastructure (as a target) and the employee’s home network is becoming more and more blurred.