Intelligence & Analytics – Page 2

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

Posted on June 28, 2023 by Joshua Magri

In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living […]

The post Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution appeared first on Security Intelligence.

Continue reading Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution→

How Do Some Companies Get Compromised Again and Again?

Posted on June 16, 2023 by Mike Elgan

Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also […]

The post How Do Some Companies Get Compromised Again and Again? appeared first on Security Intelligence.

Continue reading How Do Some Companies Get Compromised Again and Again?→

Going Up! How to Handle Rising Cybersecurity Costs

Posted on June 15, 2023 by Doug Bonderud

The average cost of cybersecurity systems, solutions and staff is increasing. As noted by research firm Gartner, companies will spend 11% more in 2023 than they did in 2022 to effectively handle security and risk management. This puts companies in a challenging position: If spending stays the same, IT environments are at risk. If they […]

The post Going Up! How to Handle Rising Cybersecurity Costs appeared first on Security Intelligence.

Continue reading Going Up! How to Handle Rising Cybersecurity Costs→

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

Posted on June 6, 2023 by Joshua Chung

In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10’s tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. […]

The post ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK) appeared first on Security Intelligence.

Continue reading ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)→

SOCs Spend 32% of the Day On Incidents That Pose No Threat

Posted on June 6, 2023 by Josh Nadeau

When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC […]

The post SOCs Spend 32% of the Day On Incidents That Pose No Threat appeared first on Security Intelligence.

Continue reading SOCs Spend 32% of the Day On Incidents That Pose No Threat→

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

Posted on May 30, 2023 by IBM Security X-Force Team

This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, and Diego Matos Martins. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. […]

The post BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration appeared first on Security Intelligence.

Continue reading BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration→

Despite Tech Layoffs, Cybersecurity Positions are Hiring

Posted on May 26, 2023 by Jennifer Gregory

It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals […]

The post Despite Tech Layoffs, Cybersecurity Positions are Hiring appeared first on Security Intelligence.

Continue reading Despite Tech Layoffs, Cybersecurity Positions are Hiring→

Why People Skills Matter as Much as Industry Experience

Posted on April 28, 2023 by Jennifer Gregory

As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating […]

The post Why People Skills Matter as Much as Industry Experience appeared first on Security Intelligence.

Continue reading Why People Skills Matter as Much as Industry Experience→

The Needs of a Modernized SOC for Hybrid Cloud

Posted on April 24, 2023 by Chris Meenan

Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing […]

The post The Needs of a Modernized SOC for Hybrid Cloud appeared first on Security Intelligence.

Continue reading The Needs of a Modernized SOC for Hybrid Cloud→