threat hunting – Page 5 – WindowsTechs.com

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

Posted on April 14, 2023 by Charlotte Hammond

Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed “Minodo” to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force experts.

The post Ex-Conti and FIN7 Actors Collaborate with New Backdoor appeared first on Security Intelligence.

Continue reading Ex-Conti and FIN7 Actors Collaborate with New Backdoor→

Threat hunting programs can save organizations from costly security breaches

Posted on April 12, 2023 by Help Net Security

Cybersecurity threats to organizations are only increasing, not only in number but in scope, according to Team Cymru. The true cost of cyber breaches Proactive threat hunting helps organizations save money by preventing security breaches and reducing t… Continue reading Threat hunting programs can save organizations from costly security breaches→

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

Posted on March 20, 2023 by John Dwyer

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as […]

The post When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule appeared first on Security Intelligence.

Continue reading When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule→

Red vs. Blue: Kerberos Ticket Times, Checksums, and You!

Posted on March 14, 2023 by Roza Maille

This blog post was co-authored with Charlie Clark of Semperis. 1 Introduction At SANS Pen Test HackFest 2022, Charlie Clark (@exploitph) and I presented our talk ‘I’ve Got a Golden Twinkle in My Eye‘ whereby we built and demonstrated two tools that assist with more accurate detection of forged tickets being used. Although we demonstrated…

The post Red vs. Blue: Kerberos Ticket Times, Checksums, and You! appeared first on TrustedSec.

Continue reading Red vs. Blue: Kerberos Ticket Times, Checksums, and You!→

With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job

Posted on February 24, 2023 by Ronda Swaney

Vulnerabilities like Log4j remain responsible for security breaches a full year after the discovery of the flaw. In the months after widespread reporting about the vulnerability, 40% of Log4j downloads remained vulnerable to exploitation. Rapid Response — by Both Security Teams and Hackers What made this exposure so damaging was how widespread this piece of […]

The post With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job appeared first on Security Intelligence.

Continue reading With 40% of Log4j Downloads Still Vulnerable, Security Retrofitting Needs to Be a Full-Time Job→

Detecting the Undetected: The Risk to Your Info

Posted on February 16, 2023 by Ignacio Salim

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories […]

The post Detecting the Undetected: The Risk to Your Info appeared first on Security Intelligence.

Continue reading Detecting the Undetected: The Risk to Your Info→

IoC detection experiments with ChatGPT

Posted on February 15, 2023 by Victor Sergeev

We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. Continue reading IoC detection experiments with ChatGPT→

Good, Perfect, Best: how the analyst can enhance penetration testing results

Posted on February 10, 2023 by Olga Zinenko, Kaspersky Security Services

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results→

ESXiArgs: What you need to know and how to protect your data

Posted on February 7, 2023 by Roza Maille

Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the…

The post ESXiArgs: What you need to know and how to protect your data appeared first on TrustedSec.

Continue reading ESXiArgs: What you need to know and how to protect your data→