What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-13 15:38:18 | Webinar April 26th: Profile of the Dark Economy of Ransomware (lien direct) |
Ransomware operators have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises. |
Ransomware Threat | ||
|
2022-04-01 05:00:00 | (Déjà vu) Webinar April 14th: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response.
Join this session to learn more about how mature security teams can more effectively manage a modern ransomware operation and avoid a system-wide takeover by bad actors - delivered through a step-by-step walkthrough of an attack:
Why ransomware continues to evolve & common delivery methods
The differences and similarities between ransomware and other forms of malware
Common methods attackers use to escalate their operations
Reliable techniques Defenders can use to end active ransomware operators in their environments
|
Ransomware Threat | ||
|
2022-03-31 20:07:58 | Cybereason Excels in the 2022 MITRE ATT&CK® Evaluations: 100% Prevention, Visibility and Real-Time Protection (lien direct) |
The MITRE Engenuity ATT&CK® Evaluations for Enterprise has quickly become the de facto authority for measuring the effectiveness of security solutions against real world scenarios that mimic advanced persistent threat attack progressions. |
Threat | ||
|
2022-03-28 15:00:25 | MITRE ATT&CK: Wizard Spider and Sandworm Evaluations Explained (lien direct) |
Later this week MITRE Engenuity will be releasing the results from their fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. In this article, we'll review why MITRE is the preeminent organization providing third-party evaluations of vendor solutions, and the key metrics to look for when evaluating the effectiveness of a solution. |
Threat | ||
|
2022-03-25 20:02:36 | Webinar April 7th: 2021 MITRE ATT&CK Evaluations Explained (lien direct) |
The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks. |
Ransomware Threat | NotPetya NotPetya | |
|
2022-03-23 12:59:50 | AI-Driven XDR: Defeating the Most Complex Attack Sequences (lien direct) |
What is an AI-driven XDR solution? AI-driven Extended Detection and Response (XDR) is a specific approach for advanced threat detection and automated response. AI-driven XDR extends continuous threat detection and monitoring across an organization's endpoints, cloud workloads, applications, and the network. |
Threat | ||
|
2022-03-22 15:40:28 | Authentication Platform Okta Investigates Alleged Breach (lien direct) |
Authentication platform Okta is reportedly investigating a potential breach after threat actors under the moniker Lapsus$ posted screenshots allegedly showing they had gained access to the company's internal environment. If confirmed, the attack could put the security of Okta's customers at risk. |
Threat | ||
|
2022-03-22 13:15:00 | Cybereason vs. Carbon Black: Why Delayed Detections Matter (lien direct) |
The U.S. Treasury Department estimates that U.S. companies have paid $1.6 billion in ransomware attacks since 2011. Given the lucrative nature of ransomware attacks, the threat shows no signs of diminishing.
In fact, the ransomware threat is constantly changing and evolving as attackers use more and more sophisticated techniques and vulnerabilities to gain access to organizations' data and networks. |
Ransomware Threat | ||
|
2022-03-17 13:50:48 | Enriching Raw Telemetry with the Cybereason Historical Data Lake (lien direct) |
Regardless of whether you are performing Threat Hunting across your most recent dataset or your long-term historical datasets, an important dimension to your data is the enrichment and contextualization process.
Contextual data provides the Threat Hunter (“hunter”) with additional data points and a more complete picture of the activity, allowing them to make more informed decisions about whether the activity should be investigated further or disregarded. |
Threat | ||
|
2022-03-16 12:43:23 | Leveraging the X in XDR: Correlating Across Multiple Sources of Telemetry (lien direct) |
Several trends are driving Managed Detection and Response (MDR) adoption as a viable alternative for organizations that don't necessarily have the resources on-hand to conduct intense threat hunting internally. The MDR market is expected to reach over $7 billion by 2028. That's up from $974.9 million in 2020, per Big News Network. |
Threat | ||
|
2022-03-16 12:33:41 | Webinar March 29th: Assessing the Cyberattack Risk in the Russia-Ukraine Conflict (lien direct) |
The situation in Ukraine continues to be tenuous, and global intelligence sources are advising that the threat of Russian state-sponsored and state-condoned attacks targeting Western nations and organizations remains high. Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive…yet. |
Threat | ||
|
2022-03-10 14:39:49 | CISO Stories Podcast: Lessons Learned from Building an ISAC (lien direct) |
Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990's and now represent over 20 industry sectors. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community - check it out... |
Threat | ||
|
2022-03-09 14:41:21 | Threat Hunting: From LOLBins to Your Crown Jewels (lien direct) |
Continuous, real-time threat hunting is one of the key capabilities that organizations need today. By sharing the strategies that our Threat Hunting and Incident Response teams use, I hope to show you how you can implement threat hunting on your network as an integral part of your security operations. |
Threat | ||
|
2022-03-07 16:57:52 | (Déjà vu) THREAT ALERT: Emotet Targeting Japanese Organizations (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2022-02-16 14:10:02 | Securing Critical Infrastructure with XDR (lien direct) |
In January, CISA, the FBI and the NSA released a joint Cybersecurity Advisory (CSA), titled Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, that provided an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures (TTPs), as well as detection actions, incident response guidance, and recommended mitigations.
"Russian state-sponsored APT actors have used sophisticated cyber capabilities to target a variety of U.S. and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors," the advisory states.
"Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware... CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting."
While critical infrastructure defense has always been high priority objective, there's still some disconnect in the world of critical infrastructure security around preparedness. According to a report covered by PRNewswire, a majority (84%) of critical infrastructure organizations indicated they had suffered at least one security breach involving their Operational Technology (OT) between 2018 and 2021; yet, 56% of respondents to the same study said they were “highly confident” that they wouldn't experience an OT breach in 2022. |
Threat | ||
|
2022-02-15 22:11:13 | Addressing the Risk from Cyberattacks in the Russia-Ukraine Conflict (lien direct) |
The situation in Ukraine continues to fluctuate, and U.S. intelligence sources are advising that Russia is preparing for an imminent invasion. Cyberattacks have already been observed in the conflict, and I expect diversions, distractions, and false flags as tensions escalate. There is also the potential risk of other threat actors being opportunistic under the cover of Russian aggression. |
Threat | ||
|
2022-02-10 11:00:00 | (Déjà vu) THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot (lien direct) |
The Cybereason Global Security Operations Center Team (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat Guideline | ||
|
2022-02-08 14:13:21 | Financial Services and the Evolving Ransomware Threat (lien direct) |
There's no doubt about it, ransomware attackers are increasingly targeting organizations in the financial services sector. As reported by Berkley Financial Specialists, financial institutions reported 635 ransomware-related events in the first half of 2021. That's a 30% increase over the same from the previous year. |
Ransomware Threat | ||
|
2022-02-08 10:00:00 | (Déjà vu) Webinar February 24th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-02-04 15:18:38 | Iranian Threat Actors Turn Up Heat on Cyber Cold War (lien direct) |
Cybereason released new reports this week sharing discoveries made by our researchers related to two different Iranian threat actors. One of the keys to giving Defenders the tools they need to reverse the adversary advantage is understanding how attackers think and the tools they use-which is why research into emerging tactics and techniques is essential. |
Threat | ||
|
2022-02-04 11:00:00 | Responding to Multi-Endpoint Threats with XDR (lien direct) |
Today's advanced threat actors are capable of gaining access to your network and moving laterally to more sensitive systems in just minutes. Therefore, detection, insight, and speed of response are critical to preventing business disruption, data theft or ransomware. |
Threat | ||
|
2022-01-20 13:33:58 | Cybereason XDR: 10X Faster Threat Hunting (lien direct) |
For many Security Operations Centers (SOCs), conducting effective queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt. |
Threat | ||
|
2022-01-19 10:00:00 | (Déjà vu) Webinar February 3rd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-01-14 17:03:05 | The MalOp Severity Score: Because Every Second Counts (lien direct) |
Managed Detection and Response (MDR) isn't a new concept. Organizations of all shapes and sizes work with security vendors to help manage their network security and address common use cases such as; talent shortages, operations teams that are stretched thin, alert fatigue, and 24x7 threat hunting and remediation. |
Threat | ||
|
2022-01-12 14:00:22 | EDR, MDR and XDR – What Are the Differences? (lien direct) |
As attacks get more complex, organizations are increasingly prioritizing threat detection and response capabilities. In a January 2020 survey, the SANS Institute learned that half of IT and security leaders planned on increasing their investment in network detection and response tools to help their organizations better defend against emerging threats. |
Threat Guideline | ||
|
2021-12-16 17:48:04 | (Déjà vu) THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Tool Threat | ||
|
2021-12-14 13:41:32 | Introducing Cybereason XDR Powered by Google Chronicle (lien direct) |
Cybereason and Google Cloud have unveiled Cybereason XDR powered by Google Chronicle, the first AI-driven XDR platform capable of ingesting and analyzing threat data from across the entire IT environment. |
Threat | ||
|
2021-12-13 13:08:24 | Malicious Life Podcast: Ransomware Attackers Don\'t Take Holidays (lien direct) |
In November of 2021, Cybereason released a special report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our senior producer, talked with Ken Westin, Director of Security Strategy at Cybereason, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous - check it out... |
Ransomware Threat | ||
|
2021-12-10 02:00:00 | (Déjà vu) Webinar January 11th 2022: Live Attack Simulation - Ransomware Threat Hunte (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-12-09 20:10:19 | (Déjà vu) THREAT ALERT: The Return of Emotet (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2021-11-29 06:00:00 | Webinar December 1st: Ransomware Attackers Don\'t Take Holidays (lien direct) |
Cybereason recently released a research report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, that focuses on the threat that ransomware attacks during the weekends and holidays pose to organizations as we move into the holiday season. The global survey includes responses from 1,200+ security professionals at organizations that have previously suffered a successful ransomware attack. |
Ransomware Threat | ||
|
2021-11-23 13:29:20 | Which Data Do Ransomware Attackers Target for Double Extortion? (lien direct) |
Double extortion is one of the most prevalent ransomware tactics today. The attackers first exfiltrate sensitive information from their target before launching the ransomware encryption routine. The threat actor then demands a ransom payment in order to regain access to the encrypted assets along with an additional threat to publicly expose or otherwise release the data if the ransom demand is not met promptly. |
Ransomware Threat | ||
|
2021-11-18 12:06:57 | CISO Stories Podcast: Who is Your SOC Really For? (lien direct) |
Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? Ricardo Lafosse, CISO at Kraft Heinz, explains - check it out... |
Threat | ||
|
2021-11-09 18:46:51 | (Déjà vu) THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-10-29 15:49:18 | (Déjà vu) Webinar November 11th: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-28 13:00:12 | (Déjà vu) THREAT ANALYSIS REPORT: Snake Infostealer Malware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Malware Threat | ||
|
2021-10-28 12:00:00 | (Déjà vu) Webinar: Live Attack Simulation - EMEA Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-27 17:25:51 | (Déjà vu) THREAT ALERT: Malicious Code Implant in the UAParser.js Library (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2021-10-26 15:21:56 | Microsoft Publishes Veiled Mea Culpa Disguised as Research (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM-the threat actor behind the SolarWinds attacks-is targeting delegated administrative privileges as part of a larger malicious campaign.
Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and IT services organizations in what at first glance appears to be a standard threat intelligence report, but upon examination more closely resembles a technical vulnerability disclosure. |
Vulnerability Threat | ||
|
2021-10-25 16:22:58 | Webinar: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-20 12:39:41 | Why All Telemetry is Essential for XDR Performance (lien direct) |
Robust telemetry is essential to any threat detection and response strategy. Organizations need the ability to collect threat information from across their IT infrastructure so that they can see what's going on in their environments and correlate the intelligence across devices, personas, application suites, and the cloud so that it's actionable. |
Threat | ||
|
2021-10-18 11:52:07 | Malicious Life Podcast: Operation GhostShell - An Iranian Espionage Campaign (lien direct) |
In July 2021, Nocturnus - the Cybereason Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies globally. Their investigation resulted in the discovery of a new threat actor dubbed MalKamak that has been operating since at least 2018, and a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control). |
Threat | ||
|
2021-10-12 12:00:20 | Cybereason and Google Cloud Join Forces to Drive XDR Innovation (lien direct) |
Cybersecurity defenders are under unprecedented pressure and attack from nearly every angle and every threat vector. To properly defend businesses, governments, hospitals, financial institutions and our critical infrastructure, security teams are accelerating their move to Extended Detection and Response (XDR).
Properly executing and implementing XDR involves cutting-edge innovation, the very latest in detection technology, and most importantly the ability to collect and analyze all event telemetry data at scale. |
Threat | ||
|
2021-10-12 08:00:00 | What is Ransomware-as-a-Service and How Does it Work? (lien direct) |
Editor's Note: Unlock the knowledge, resources and expert guidance you need to successfully prevent ransomware attacks from impacting your organization's operations with this complimentary Ransomware Toolkit...
Recently, we introduced a blog series where we'll break down some key drivers of the ransomware threat landscape for Cybersecurity Awareness Month (formerly National Cybersecurity Awareness Month). We spent the first week analyzing Initial Access Brokers (IABs). For this week, let's focus on Ransomware-as-a-Service (RaaS).
|
Ransomware Threat | ||
|
2021-10-04 11:59:49 | Running Robust Managed Detection and Response Services (lien direct) |
Information security practitioners have published a lot of articles around topics like how to build and run a security operations center (SOC) and specific SOC functions such as incident response and threat hunting. These topics are always important, as threat actors are constantly coming up with more sophisticated attack strategies and vectors. |
Threat | ||
|
2021-09-27 17:05:50 | (Déjà vu) Threat Analysis Report: Inside the Destructive PYSA Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-09-27 12:03:13 | Malicious Life Podcast: Should the U.S. Ban Chinese and Russian Technology? (lien direct) |
Every year, seemingly, there's a new story of some software like 'Tik Tok' or 'FaceApp' from a hostile country that may or may not be a security threat to us in the West. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible? Ira Winkler joins the discussion - check it out... |
Threat | ||
|
2021-09-22 17:26:23 | Threat Analysis Report: PrintNightmare and Magniber Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-09-15 12:46:32 | Four Considerations for Evaluating XDR Platforms (lien direct) |
There's a growing need for the more holistic approach to threat detection and response that XDR can deliver. Why? Just look at what's going on in the digital threat landscape... |
Threat | ||
|
2021-09-10 16:00:00 | THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat |
To see everything:
Our RSS (filtrered)
