Collaborate Disseminate
Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. Suricata features Suricata offers comprehensive capabilities for network security monitoring (NSM), includin… Continue reading Suricata: Open-source network analysis and threat detection
Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Activ… Continue reading Active Directory compromise: Cybersecurity agencies provde guidance
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and reported… Continue reading A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it.
WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and significance of the breach wasn’t immediately apparent. Suspicions were triggered when the department detected unusual traffic emanating from one of its servers that was running a trial version of the Orion software suite made by SolarWinds, according to sources familiar with the incident. The software, used by system administrators to manage and configure networks, was communicating externally with an unfamiliar system on the internet. The DOJ asked the security firm Mandiant to help determine whether the server had been hacked. It also engaged Microsoft, though it’s not clear why the software maker was also brought onto the investigation…
Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution at their disposal: Untitled Goose Tool. Released by the Cybersecurity and In… Continue reading CISA releases free tool for detecting malicious activity in Microsoft cloud environments
Last year, Microsoft announced automatic attack disruption capabilities in Microsoft 365 Defender, its enterprise defense suite. On Wednesday, it announced that these capabilities will now help organizations disrupt two common attack scenarios: BEC (bu… Continue reading Microsoft announces automatic BEC, ransomware attack disruption capabilities
Sophos released the Active Adversary Playbook 2022, detailing attacker behaviors that Sophos’ Rapid Response team saw in the wild in 2021. The findings show a 36% increase in dwell time, with a median intruder dwell time of 15 days in 2021 versus 11 da… Continue reading Intruder dwell time jumps 36%
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a variety of campaigns. A complex vulnerability Microsoft has described CVE-2022-301… Continue reading Attackers are leveraging Follina. What can you do?
A WatchGuard report shows a record number of evasive network malware detections with advanced threats increasing by 33%, indicating a higher level of zero day threats than ever before. Researchers detected malware threats in EMEA at a much higher rate … Continue reading Network intrusion detections skyrocketing
The global market for perimeter intrusion detection systems estimated at $11 billion in the year 2020, is projected to reach a revised size of $21.3 billion by 2026, growing at a CAGR of 11.9% over the analysis period, according to ResearchAndMarkets. … Continue reading Perimeter intrusion detection systems market to reach $21.3 billion by 2026