Fighting Cyber Threats With Open-Source Tools and Open Standards

Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified. Once a potential threat is detected, the staff of the security operations center (SOC) investigates […]

The post Fighting Cyber Threats With Open-Source Tools and Open Standards appeared first on Security Intelligence.

Continue reading Fighting Cyber Threats With Open-Source Tools and Open Standards

Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

Ransomware actors are specializing, collaborating and assisting each other to conduct sophisticated attacks that are becoming increasingly difficult to prevent. Combating these groups effectively similarly requires a team approach — specialization, understanding tactics and techniques and how to counter them and cutting off activity at its source. Arguably, it has never been more imperative that […]

The post Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight appeared first on Security Intelligence.

Continue reading Dissecting Sodinokibi Ransomware Attacks: Bringing Incident Response and Intelligence Together in the Fight

The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have

The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications. The […]

The post The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have appeared first on Security Intelligence.

Continue reading The OWASP Top 10 Threats Haven’t Changed in 2021 — But Defenses Have

Red & Blue: United We Stand

Offensive and defensive security are typically viewed as opposite sides of the same fence. On one side, the offensive team aims to prevent attackers from compromising an organization, whereas on the other side the defensive team aims to stop attackers once they are inside. The fence, metaphorically speaking, is the adversary. The adversary’s moves, motives […]

The post Red & Blue: United We Stand appeared first on Security Intelligence.

Continue reading Red & Blue: United We Stand

How to Protect Yourself From a Server-Side Template Injection Attack

Server-side templates provide an easy method of managing the dynamic generation of HTML code. But they can also fall victim to server-side template injection (SSTI). Take a look at the basics of server-side web templates, and how to detect, identify and mitigate SSTI in web applications. Server-side templates allow developers to pre-populate a web page […]

The post How to Protect Yourself From a Server-Side Template Injection Attack appeared first on Security Intelligence.

Continue reading How to Protect Yourself From a Server-Side Template Injection Attack

Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Recently, X-Force Red released a tool called Windows Feature Hunter, which identifies targets for dynamic link library (DLL) side-loading on a Windows system using Frida. To provide a defensive counter-measure perspective for DLL side-loading, X-Force Incident Response has released SideLoaderHunter, which is a system profiling script and Sysmon configuration designed to identify evidence of side-loading […]

The post Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon appeared first on Security Intelligence.

Continue reading Hunting for Evidence of DLL Side-Loading With PowerShell and Sysmon

Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […]

The post Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang appeared first on Security Intelligence.

Continue reading Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

This blog supplements a Black Hat USA 2021 talk given August 2021.  IBM Security X-Force threat intelligence researchers continue to track the infrastructure and activity of a suspected Iranian threat group ITG18. This group’s tactics, techniques and procedures(TTPs) overlap with groups known as Charming Kitten, Phosphorus and TA453. Since our initial report on the group’s training […]

The post ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group appeared first on Security Intelligence.

Continue reading ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group

Beyond Ransomware: Four Threats Facing Companies Today

The recent DarkSide attack makes it clear: no system is safe from ransomware. And while the attackers say they weren’t out to hurt anyone, only to make money, the impact is the same. It could lead to potential disruptions of critical services across the country. At the same time, it stokes fears that similar attacks […]

The post Beyond Ransomware: Four Threats Facing Companies Today appeared first on Security Intelligence.

Continue reading Beyond Ransomware: Four Threats Facing Companies Today

FragAttacks: Everything You Need to Know

A cybersecurity researcher discovered a new category of Wi-Fi vulnerabilities recently. But the surprising news is that this new category is actually very old. Called FragAttacks, these 12 Wi-Fi vulnerabilities have existed since the late 90s. But they’re new to the cybersecurity world because people only recently discovered and described them. Researchers unveiled the details on May […]

The post FragAttacks: Everything You Need to Know appeared first on Security Intelligence.

Continue reading FragAttacks: Everything You Need to Know