threat hunting – Page 6 – WindowsTechs.com

ESXiArgs: What you need to know and how to protect your data

Posted on February 7, 2023 by Roza Maille

Threat Overview Around February 03, 2023, a ransomware campaign called “ESXiArgs” emerged that targeted Internet-facing VMware ESXi servers running versions older than 7.0. Though not confirmed, it has been reported by the French CERT (CERT-FR), BleepingComputer, and other sources that the campaign leverages CVE-2021-21974, which is a three-year-old vulnerability in the OpenSLP component of the…

The post ESXiArgs: What you need to know and how to protect your data appeared first on TrustedSec.

Continue reading ESXiArgs: What you need to know and how to protect your data→

How to Spot a Nefarious Cryptocurrency Platform

Posted on February 7, 2023 by Jonathan Reed

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms […]

The post How to Spot a Nefarious Cryptocurrency Platform appeared first on Security Intelligence.

Continue reading How to Spot a Nefarious Cryptocurrency Platform→

How Do Threat Hunters Keep Organizations Safe?

Posted on February 2, 2023 by Jennifer Gregory

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able […]

The post How Do Threat Hunters Keep Organizations Safe? appeared first on Security Intelligence.

Continue reading How Do Threat Hunters Keep Organizations Safe?→

How Threat Actors Use OneNote to Deploy ASyncRAT

Posted on February 1, 2023 by Roza Maille

See how Research Team Lead Carlos Perez dissects a sample of a OneNote document that was used to deploy ASyncRAT, an open-source remote admin tool, to enable phishing attacks. You’ll find out how these OneNote files are now being used by threat actors and where to find the location that ASyncRAT is being downloaded and…

The post How Threat Actors Use OneNote to Deploy ASyncRAT appeared first on TrustedSec.

Continue reading How Threat Actors Use OneNote to Deploy ASyncRAT→

New Attacks, Old Tricks: How OneNote Malware is Evolving

Posted on January 31, 2023 by Roza Maille

1 Analysis of OneNote Malware A lot of information has been circulating regarding the distribution of malware through OneNote, so I thought it would be fun to look at a sample. It turns out there are a lot of similarities between embedding malicious code into a OneNote document and the old macro/VBA techniques for Office…

The post New Attacks, Old Tricks: How OneNote Malware is Evolving appeared first on TrustedSec.

Continue reading New Attacks, Old Tricks: How OneNote Malware is Evolving→

5 Golden Rules of Threat Hunting

Posted on January 27, 2023 by Olga Hout

When a breach is uncovered, the operational cadence includes threat detection, quarantine and termination. While all stages can occur within the first hour of discovery, in some cases, that’s already too late. Security operations center (SOC) teams monitor and hunt new threats continuously. To ward off the most advanced threats, security teams proactively hunt for […]

The post 5 Golden Rules of Threat Hunting appeared first on Security Intelligence.

Continue reading 5 Golden Rules of Threat Hunting→

What your SOC will be facing in 2023

Posted on January 23, 2023 by Sergey Soldatov, Roman Nazarov

Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023? Continue reading What your SOC will be facing in 2023→

RomCom RAT Attack Analysis: Fake It to Make It

Posted on January 10, 2023 by Doug Bonderud

The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom. Initially a spear-phishing campaign, the RomCom attack has evolved to include domain and download spoofing of well-known and trusted products. In this piece, we’ll break down […]

The post RomCom RAT Attack Analysis: Fake It to Make It appeared first on Security Intelligence.

Continue reading RomCom RAT Attack Analysis: Fake It to Make It→

A LAPS(e) in Judgement

Posted on January 10, 2023 by Roza Maille

As security practitioners, we live in a time where there is an abundance of tools and solutions to help us secure our homes, organizations, and critical data. We know the dangers of unpatched applications and devices as well as the virtues of things like password managers and encrypted databases to protect our passwords and other…

The post A LAPS(e) in Judgement appeared first on TrustedSec.

Continue reading A LAPS(e) in Judgement→

3 Reasons to Make EDR Part of Your Incident Response Plan

Posted on January 5, 2023 by Serge Woon

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect […]

The post 3 Reasons to Make EDR Part of Your Incident Response Plan appeared first on Security Intelligence.

Continue reading 3 Reasons to Make EDR Part of Your Incident Response Plan→