Incident response – Page 6 – WindowsTechs.com

Preventing Unauthorized Public Exposure of Repositories

Posted on June 6, 2024 by Akhil

Recently, a developer accidentally made a private repository public, which contained secret keys. Although a third-party application promptly flagged and rotated the exposed credentials, the repository remained public for some time, raisin… Continue reading Preventing Unauthorized Public Exposure of Repositories→

Trusted relationship attacks: trust, but verify

Posted on May 28, 2024 by Dmitry Kachan, Alina Sukhanova

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. Continue reading Trusted relationship attacks: trust, but verify→

34% of organizations lack cloud cybersecurity skills

Posted on May 28, 2024 by Help Net Security

Incident response today is too time consuming and manual, leaving organizations vulnerable to damage due to their inability to efficiently investigate and respond to identified threats, according to Cado Security. The incident response challenge is fur… Continue reading 34% of organizations lack cloud cybersecurity skills→

VMware Abused in Recent MITRE Hack for Persistence, Evasion

Posted on May 23, 2024 by Eduard Kovacs

MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack.
The post VMware Abused in Recent MITRE Hack for Persistence, Evasion appeared first on SecurityWeek.
Continue reading VMware Abused in Recent MITRE Hack for Persistence, Evasion→

ShrinkLocker: Turning BitLocker into ransomware

Posted on May 23, 2024 by Cristian Souza, Eduardo Ovalle, Ashley Muñoz, Christopher Zachor

The Kaspersky GERT has detected a new group that has been abusing Microsoft Windows features by modifying the system to lower the defenses and using the local MS BitLocker utility to encrypt entire drives and demand a ransom. Continue reading ShrinkLocker: Turning BitLocker into ransomware→

NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack

Posted on May 23, 2024 by Eduard Kovacs

Intercontinental Exchange, the company that operates NYSE and other exchanges, has agreed to pay a $10 million fine related to a 2021 hack.
The post NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack appeared first on SecurityWeek.
Continue reading NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack→

The importance of access controls in incident response

Posted on May 17, 2024 by Help Net Security

The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your development and operations teams are blocked from solving the problem. That’s w… Continue reading The importance of access controls in incident response→

What does this payload mean? [closed]

Posted on May 16, 2024 by Caesar

My server was attacked recently and while going through the logs I found this payload
0x160x030x010x000xee0x010x000x000xea0x030x036{0xd80x12:R0xb3c0x86Ss0xbdI0xf50xc90xc6;.3Q0xf0O0x0e0xd50x880xcc0xe4)0x8bJ+0xe4

0x160x030x010x010x070x010x0… Continue reading What does this payload mean? [closed]→

Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam

Posted on May 15, 2024 by Ryan Naraine

Financial terms were not released but the price tag is expected to be hefty with Exabeam’s most recent valuation pegged at $2.5 billion.
The post Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam appeared first on SecurityWeek.
Continue reading Thoma Bravo-owned LogRhythm Announces Merger with Rival Exabeam →

Incident response analyst report 2023

Posted on May 14, 2024 by Kaspersky GERT, Kaspersky Security Services

The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations. Continue reading Incident response analyst report 2023→