What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-14 17:58:35 | Ukraine Government and Embassy Websites Attacked (lien direct) |
Tensions are high right now in Eastern Europe. Russia has massed troops on the border of Ukraine and continues to stoke fears that they will invade and forcibly annex the former Soviet state. There has not been any overt military action as of yet, but there was a bit of a “warning shot” today as more than a dozen Ukrainian government websites-as well as websites for the US, UK, and Swedish embassies-were targeted by a cyberattack. |
|||
|
2022-01-14 17:03:05 | The MalOp Severity Score: Because Every Second Counts (lien direct) |
Managed Detection and Response (MDR) isn't a new concept. Organizations of all shapes and sizes work with security vendors to help manage their network security and address common use cases such as; talent shortages, operations teams that are stretched thin, alert fatigue, and 24x7 threat hunting and remediation. |
Threat | ||
|
2022-01-13 14:15:48 | CISO Stories Podcast: Privacy Hunger Games - Change the Rules (lien direct) |
Information is meant to be shared with others- others with a need to know, that is. But CISOs may find that their organization is sharing with entities without proper procedures in place. CCO/CPO Samantha Thomas joins the podcast to discuss how she tackled this dilemma and subsequently changed the law in the process - check it out... |
|||
|
2022-01-13 14:11:43 | On Becoming a Defender at Cybereason (lien direct) |
A market leader in cybersecurity, Cybereason surged out of the gate 10 years ago and has been growing exponentially since. With new technologies constantly emerging and new markets opening globally, Cybereason offers an expanding variety of careers. It's the ideal culture for passionate, evolving people such as Sarah Cohen, Cybereason Senior Sales Manager for the North American market. Below, Sarah talks about what it's like to work in one of the world's most innovative, flexible environments-the champion for today's cyber Defenders. |
Guideline | ||
|
2022-01-13 10:00:00 | Employee Spotlight: On Defending Clients and Promoting Growth (lien direct) |
When Sibel Narin-Farooq decided to look for a more challenging position two and a half years ago, she quickly received two offers from a well-known firm in finance. Instead, she pursued an opportunity that struck her as a riskier option-an Executive Assistant role at Cybereason, a company she'd never heard of in a field where she had no experience. |
|||
|
2022-01-12 14:06:05 | Achieve 10X Faster Response Time with Cybereason XDR (lien direct) |
Despite spending millions of dollars on cybersecurity tools over the past few years, most organizations still can't detect or respond to cyber attacks in a reasonable timeframe. According to Verizon's 2021 Data Breach Investigations Report (DBIR), 60% of incidents were discovered within days. However, in 20% of attacks, it took months or longer before organizations realized a breach had occurred. |
Data Breach | ||
|
2022-01-12 14:00:22 | EDR, MDR and XDR – What Are the Differences? (lien direct) |
As attacks get more complex, organizations are increasingly prioritizing threat detection and response capabilities. In a January 2020 survey, the SANS Institute learned that half of IT and security leaders planned on increasing their investment in network detection and response tools to help their organizations better defend against emerging threats. |
Threat Guideline | ||
|
2022-01-11 13:40:10 | Threat Analysis Report: DatopLoader Exploits ProxyShell to Deliver QBOT and Cobalt Strike (lien direct) |
At the beginning of 2021, security researcher Orange Tsai reported a series of vulnerabilities targeting Microsoft Exchange servers dubbed ProxyLogon. The Cybereason Incident Response team encountered many compromises during the year that involved these vulnerabilities. Additional vulnerabilities were disclosed during the year by Orange and others, including ProxyOracle and the last one in August dubbed ProxyShell. |
|||
|
2022-01-11 10:00:00 | The State of Ransomware in the Public Sector (lien direct) |
Government agencies have seen plenty of ransomware attacks over the course of this past year. According to ZDNet, malicious actors used ransomware to target government entities more than any other sector in H1 2021. |
Ransomware | ||
|
2022-01-10 21:25:03 | FBI Warns US Companies to Avoid Malicious USB Devices (lien direct) |
Cybercriminals constantly evolve the tactics, techniques, and procedures they use to execute attacks to find innovative ways to bypass or circumvent security controls. Sometimes the best strategy is the simplest one, though, and may succeed in catching targets off guard. A new warning from the FBI cautions US companies to be on alert for an old tactic that is apparently being used again-tricking users into connecting a malicious USB device. |
|||
|
2022-01-10 14:04:41 | Malicious Life Podcast: How the Internet Changed the NSA (lien direct) |
From the late '80s to early 2000s, the NSA transitioned from being a hardware-first organization - that is, creating and operating physical spying devices - to software-first: excelling in hacking networks, tracking people online, etc. That transition was by no means easy: the NSA, by that point, was a huge organization - and big organizations are notorious for being very resistant to change. Jeff Man, our guest today, was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out… |
|||
|
2022-01-10 13:59:36 | Building Enterprise Immunity with XDR (lien direct) |
Nils Lonberg, a Ph.D. from Harvard, was a revolutionary scientist who made groundbreaking contributions to cancer research. In the book The Elegant Defense, author Matt Richtel outlines how “for centuries, the fight against cancer had been built on the idea of attacking the cancer,” but Lonberg leveraged the fact that cancer gets out of control because the immune system receives “a signal to stop from the cancer,” and thinks the signal is legitimate. He focused on targeting how the cancer interacted with the immune system, and his work was published in the 2007 New England Journal of Medicine. |
|||
|
2022-01-07 14:10:22 | Cybereason XDR: 10X Productivity Boost From Unified Investigations (lien direct) |
When is an endpoint attack just an endpoint attack? In today's world of advanced persistent threats and ransomware, an attack that stops at the endpoint is now a rare event. |
|||
|
2022-01-06 15:21:04 | CISO Stories Podcast: Server Room to War Room - Enterprise Incident Response (lien direct) |
In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Dawn-Marie Hutchinson, CISO at Optiv, has navigated organizations during crises with a “play like you practice” approach - check it out... |
Guideline | ||
|
2022-01-05 14:47:28 | Automating the “R” in Your XDR Strategy (lien direct) |
The advent of Extended Detection and Response (XDR) offers an edge against advanced attacks, but many of the so-called "XDR approaches" available today are actually little more than extensions of current EDR solutions that rely on known Indicators of Compromise (IOCs) to find and block known threats. While they can deliver more visibility across network assets, they don't deliver the correlation necessary to weed out novel attacks where known IOCs are not available.
In contrast, Advanced XDR leverages artificial intelligence (AI) and machine learning (ML) to automatically correlate telemetry from across disparate network assets to reveal attacks that have never been seen before. Advanced XDR detects earlier based on the more subtle chains of potentially malicious behavior to allow Defenders to remediate faster, and here's why. |
|||
|
2022-01-05 14:43:25 | Cybereason Nabs Three \'Built In Boston\'s Best Places to Work 2022\' Awards (lien direct) |
We are excited to share that Built In, the online community for startups and tech companies, has named Cybereason to three of Boston's 2022 Best Places to Work lists: Boston Best Places to Work, Boston Best Paying Companies, and Boston Best Large Companies to Work For. |
|||
|
2022-01-04 14:08:28 | Malicious Life Podcast: Does Code === Free Speech? (lien direct) |
When the FBI asked Apple to write code that would give the FBI access to a suspect's iPhone following the 2015 mass shooting in San Bernardino, Apple refused, arguing that forcing it to write code goes against the First Amendment. Apple's claim wasn't the first time that this highly controversial claim was invoked in judicial proceedings - check it out… |
|||
|
2021-12-31 14:34:08 | A \'NEW\' Cybersecurity Philosophy for the New Year (lien direct) |
It's the end of another year. It feels a bit “Groundhog Day”- like a repeat of the end of 2020-as we head into a new year with the world battling the COVID pandemic and IT teams around the world responding to a massive cybersecurity event. If we focus on the right things, though, we can break the cycle in 2022. |
|||
|
2021-12-29 12:00:00 | CISO Stories Podcast: Key Issues to Cover for Today\'s CISOs (lien direct) |
As if CISOs don't have enough to focus on, here's a few more items that should be top of mind. KAR Global CISO Leon Ravenna dives into cyber insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest “fads” like CASB, ZTNA, SASE and more - check it out... |
|||
|
2021-12-27 12:00:00 | Malicious Life Podcast: Logout4Shell - A Digital Vaccine for Log4Shell (lien direct) |
A digital 'vaccine' was released to address Log4Shell, which has been called “the single biggest, most critical vulnerability ever.” Nate Nelson talks to Yonatan Striem-Amit, CTO & Co-Founder of Cybereason about the Log4j vulnerability and about the unusual vaccine dubbed Logout4Shell that uses the Log4j exploit to close the vulnerability - check it out… |
Vulnerability | ||
|
2021-12-23 14:14:11 | Cybereason Named \'Highest-Rated Cloud Computing Company to Work For\' by Battery Ventures (lien direct) |
Cybereason has been named to Battery Ventures' 5th Annual list of Highest-Rated Cloud-Computing Companies To Work For, a ranking of the top 25 privately held cloud companies. |
|||
|
2021-12-23 10:00:00 | Cybereason Partners with M.Tech to Strengthen Organizations\' Cybersecurity (lien direct) |
Cybereason has partnered with M.Tech, one of the largest cybersecurity and network performance solutions distributors in Asia, to provide organizations the ability to predict, detect and respond to cyberattacks at planetary scale and maximum speed across endpoints, networks, identities, the cloud and application workspaces. |
|||
|
2021-12-22 13:17:54 | CISO Stories Podcast: Model-Driven Security Leveraging Data Science (lien direct) |
Cybersecurity talent shortages are well documented, and asking experienced cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, so we need to find a better way to defend. |
|||
|
2021-12-21 13:12:29 | History\'s Most Notorious Ransomware Gangs (lien direct) |
In a recent study, titled Ransomware: The True Cost to Business, we found that the costs of ransomware have increased for organizations. We learned that two-thirds of organizations experienced significant revenue loss following a ransomware attack, for instance. |
Ransomware | ||
|
2021-12-20 12:51:12 | Malicious Life Podcast: Shawn Carpenter - A Cyber Vigilante (lien direct) |
In 2003, Shawn Carpenter - an employee of Sandia National Laboratory - was at a crossroads: should he ignore a Chinese attack against U.S. targets, as his superiors ordered him to do, or do what he thinks is right and continue investigating the case on his own? Check it out… |
|||
|
2021-12-17 23:09:51 | The First True XDR Solution (lien direct) |
It has been a uniquely amazing week for me and for Cybereason. We started the week by sharing LogOut4Shell-a free vaccine we developed to prevent the Log4Shell vulnerability from being exploited. Then we hosted DefenderCon '21 and launched Cybereason XDR powered by Google Chronicle. |
Vulnerability | ||
|
2021-12-17 15:00:00 | UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046) (lien direct) |
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart.
The previous version of the Vaccine used the Log4Shell vulnerability to remove the JNDI interpolator entirely from all logger contexts to prevent the vulnerability from being exploited in the running JVM (server process). This update not only fixes the vulnerability, but also edits the jar file on disk to remove the JndiLookup class to permanently mitigate the Log4Shell vulnerability on a running server. It also performs additional changes on the plugin registry.
Due to the nature of the permanent solution, there is nominal risk involved, so the Vaccine offers the option to execute the completely safe but temporary solution, or the slightly more risky but permanent solution. The documentation has been updated to reflect that we now support both options.
The Log4shell vulnerability still requires patching. This updated Logout4Shell mitigation option can provide security teams the time required to roll out patches while reducing the risk from exploits targeting the Log4j vulnerability.
The latest version is pushed to our github at https://github.com/Cybereason/Logout4Shell
UPDATE 12/15/21: Our initial vaccine approach was to set the formatMsgLookup flag to "true" and reconfigured the Log4j logger, which supported versions >= 2.10.0. In this updated Vaccine technique, in order to support older versions < 2.10.0, the "flag" no longer exists and instead it removes the JNDI interpolator entirely from all logger contexts.
The update also pushes an additional fix to make this removal behavior the "default" even in cases where the "flag" is still supported. We still highly recommend upgrading to 2.16.0, or removing the JNDI class entirely from each server if upgrading to the latest patched version is not possible for your organization at this time.
This updated Vaccine version also mitigates the most recent lower severity vulnerability disclosure (CVE-2021-45046) which was patched in log4j version 2.16.0. This vulnerability showed that in certain scenarios, for example, where attackers can control a thread-context variable that gets logged, even the flag log4j2.formatMsgNoLookups is insufficient to mitigate Log4shell.
The text below has been updated to reflect the latest guidance and changes to the temporary workaround Vaccine developed by Cybereason.
=============================================================
Cybereason researchers have developed and released a “vaccine” for the Apache Log4Shell vulnerabilities (CVE-2021-44228) and (CVE-2021-4504 |
Vulnerability | ||
|
2021-12-16 17:48:04 | (Déjà vu) THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Tool Threat | ||
|
2021-12-16 13:46:51 | The Definitive Guide to Extended Detection and Response (XDR) (lien direct) |
Cybereason is pleased to release a comprehensive guide to Cybereason XDR Powered by Google Chronicle. This exceptional resource, titled The Definitive Guide to Achieving 10X the Security Results Without 10X the Work, is intended for security leaders who are seeking answers to how XDR can help them address the most pressing operational and business challenges facing cybersecurity teams. |
Guideline | ||
|
2021-12-16 13:16:20 | CISO Stories Podcast: CISOs Need Training Too (lien direct) |
The CISO has trained the workforce and completed the security awareness month annual training. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? |
Guideline | ||
|
2021-12-15 17:56:17 | How Cybereason Detects and Prevents Exploits Leveraging Log4Shell Vulnerability (lien direct) |
Log4Shell is a vulnerability (CVE-2021-44228) impacting Apache Log4j which was disclosed on the project's GitHub on December 9, 2021. The flaw has the highest possible severity rating of 10 and is pervasive. |
Vulnerability | ||
|
2021-12-15 15:13:11 | AI-Driven Cybereason XDR and EDR Now Available on Google Cloud Marketplace (lien direct) |
The AI-driven Cybereason XDR Platform delivers unprecedented prevention, detection and response capabilities to protect endpoints, user personas, cloud workloads and application workspaces with unmatched speed and accuracy on a planetary scale. |
|||
|
2021-12-14 13:41:32 | Introducing Cybereason XDR Powered by Google Chronicle (lien direct) |
Cybereason and Google Cloud have unveiled Cybereason XDR powered by Google Chronicle, the first AI-driven XDR platform capable of ingesting and analyzing threat data from across the entire IT environment. |
Threat | ||
|
2021-12-13 15:04:15 | Security Industry Innovator Art Coviello Joins Cybereason Board of Directors (lien direct) |
Cybereason is honored to announce that security industry pioneer Art Coviello Jr. has joined the Cybereason Board of Directors. Coviello is a cybersecurity icon who formerly served as President and CEO of RSA Security, and as Executive Vice President of EMC, heading the Security Division following its acquisition of RSA. |
★★★★★ | ||
|
2021-12-13 13:08:24 | Malicious Life Podcast: Ransomware Attackers Don\'t Take Holidays (lien direct) |
In November of 2021, Cybereason released a special report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our senior producer, talked with Ken Westin, Director of Security Strategy at Cybereason, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous - check it out... |
Ransomware Threat | ||
|
2021-12-10 23:55:00 | Cybereason Releases Vaccine to Prevent Exploitation of Apache Log4Shell Vulnerability (CVE-2021-44228) (lien direct) |
Cybereason researchers have developed and release a “vaccine” for the Apache Log4Shell vulnerability (CVE-2021-44228). The vaccine is now freely available on GitHub. It is a relatively simple fix that requires only basic Java skills to implement and is freely available to any organization. Cybereason previously announced that none of the company's products or services were impacted by the vulnerability. |
Vulnerability | ||
|
2021-12-10 21:08:07 | Cybereason Solutions Are Not Impacted by Apache Log4j Vulnerability (CVE-2021-44228) (lien direct) |
A newly revealed vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on the project's GitHub on December 9, 2021, and designated as CVE-2021-44228 with the highest severity rating of 10. |
Vulnerability | ★★ | |
|
2021-12-10 16:13:20 | Cybereason Extends Feature Support for Linux (lien direct) |
Cybereason this week announced support for Endpoint Controls and pre-execution and at rest NGAV protection for Linux. |
|||
|
2021-12-10 02:00:00 | (Déjà vu) Webinar January 11th 2022: Live Attack Simulation - Ransomware Threat Hunte (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-12-09 20:10:19 | (Déjà vu) THREAT ALERT: The Return of Emotet (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2021-12-09 13:44:22 | CISO Stories Podcast: No Senior Management Buy-In - No Success (lien direct) |
Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund security investments. Chris Apgar, CEO and President at Apgar & Associates, joins the podcast to discuss how to show senior management that funding these initiatives is more than just risk avoidance - check it out... |
|||
|
2021-12-09 04:02:00 | Cybereason Taps Former Dyson CISO CK Chim as Field CSO to Support APAC Expansion (lien direct) |
Cybereason today announced CK Chim, Chim was most recently Dyson's Chief Information Security Officer (CISO), has joined the company as Field Chief Security Officer for the Asia Pacific region, bringing more than 20 years of industry experience to the team. |
|||
|
2021-12-08 13:12:59 | Leveraging the XDR Advantage in the Midst of a Pandemic (lien direct) |
The pandemic has changed organizations' technology priorities profoundly over the last two years. In a study reported on by Business Wire, cybersecurity and hybrid working constituted the top enterprise technology priorities looking ahead to 2022, at 58% and 55% of organizations, respectively. |
|||
|
2021-12-07 13:12:31 | Ransomware by the Numbers – An Impact Overview (lien direct) |
The number of global ransomware attacks is on the rise. According to Threatpost, the global volume of ransomware operations reached 304.7 million attacks in H1 2021. That's a year-over-year increase of 151%. What's more, that's 100k+ more attack attempts than what security researchers detected in all of 2020. |
Ransomware | ||
|
2021-12-06 16:46:14 | Under the Hood: What Artificial Intelligence on the Endpoint Looks Like (lien direct) |
In light of a recent Cybereason research report, Organizations at Risk: Ransomware Attackers Don't Take Holidays, regarding the prevalence of ransomware attacks that occur during off-hours, it's imperative that we look towards robust AI security solutions, such that you can know your organization is protected even when none of your staff is online. |
Ransomware | ||
|
2021-12-06 13:01:12 | Malicious Life Podcast: Tay: A Teenage Bot Gone Rogue (lien direct) |
In March, 2016, Microsoft had something exciting to tell the world: the tech giant unveiled an AI chatbot with the personality of a teenager. Microsoft Tay, as it was nicknamed, could tweet, answer questions and even make its own memes. But within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets - check it out... |
|||
|
2021-12-03 19:01:52 | Cl0p Ransomware Gang Tries to Topple the House of Cards (lien direct) |
When I wrote the introduction for our recent report Organizations at Risk: Ransomware Attackers Don't Take Holidays, I described current factors and trends with the potential to disrupt the upcoming holiday season. |
Ransomware | ||
|
2021-12-02 16:07:45 | Planned Parenthood Ransomware Attack Has Far Reaching Implications (lien direct) |
The Planned Parenthood Los Angeles affiliate announced that their computer network was hit by a ransomware attack. The compromise occurred between October 9 and 17 and affected around 400,000 patients' data. |
Ransomware | ||
|
2021-12-02 15:42:07 | Planned Parenthood Ransomware Attack Puts Lives at Risk (lien direct) |
The Planned Parenthood branch in Los Angeles revealed that it was the victim of a ransomware attack that resulted in attackers obtaining sensitive information on about 400,000 patients. All ransomware attacks and data breaches are bad, but this one is particularly egregious because the sensitive nature of the compromised information could destroy families or possibly put lives in danger. |
Ransomware | ||
|
2021-12-02 13:16:25 | CISO Stories Podcast: Skills I Needed to be a First-Time CISO (lien direct) |
Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Richard Kaufmann VP/CISO at Amedisys discusses how growth begins outside of your comfort zone and why some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable - check it out... |
To see everything:
Our RSS (filtrered)
