Maze Ransomware Attack Hits Cognizant
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems. Continue reading Maze Ransomware Attack Hits Cognizant
Collaborate Disseminate
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems. Continue reading Maze Ransomware Attack Hits Cognizant
We’ve received frequent emails from our Threat Intelligence Group with IoCs artifacts, such as file names, hashes, domains/urls. They request us to do preventive measures for the given attributes.
However, I find it very hard to follow t… Continue reading How to respond to Indicators of Compromise?
So I am currently struggling with a cyber security lab, and after searching various online sources and reading documentation I can’t find a solution. The 2 tasks are as follows:
“The attacker has deployed the Mimikatz t… Continue reading Finding a mimikatz file on a compromised host? [on hold]
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to pow… Continue reading Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
There are symptoms in google when doing a search like:
site: example.subdomain.domain.com (my pretend example site)
Search engine is returning a particular false result for 1 php web server where it:
1) Displays a generic … Continue reading Search Engine Poisoning
I am preparing for an exam, at this is a question from last year, that I struggle to answer. Especially I don’t understand how the discovery of different IOCs poses a problem to the attacker.
Question:
A new ongoing APT … Continue reading How to use indicators of compromise (IOC)?
Much of our defensive architecture today is based on the ability to extract indicators of compromise from logs, packet data and flow data and the monitoring of processes on the system. While this is good, to work through the enormous amounts of alerts … Continue reading Behavioral analysis versus artifacts/IOC’s
What are the advantages and/or disadvantages between MISP and STIX/TAXII formats with a focus on deploying a local instance and push events via DXL (Data Exchange Layer)?
I have to decide which should be the central unit in … Continue reading MISP vs STIX/TAXII Threat Intelligence
A large U.S. manufacturing company is the latest organization to be targeted with the LokiBot trojan – although this most recent campaign harbored some bizarre red flags. Continue reading U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign
Cynet Free IR empowers its users with a solution that is accessible and easy to use, bringing crucial incident response services in-house, while saving them valuable time and resources. Continue reading Cynet Provides Security Responders with Free IR Tool to Validate and Respond to Active Threats