Netacea Launches North American Partner Program
Appointment of U.S. leadership team and new UPSTACK partnership agreement will help companies better defend themselves against the growing bot threat.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds
Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.
Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases
Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation.
CrowdStrike Services Offers Incident Response Tracker for the DFIR Community
During a recent client engagement for a tabletop exercise (TTX), it became apparent that the client did not have a methodology for tracking indicators and building an incident timeline. The CrowdStrike Services team wanted to provide more information to our client on how incidents can and should be tracked, but nothing was available in the public domain.
Understanding Insecure Direct Object References (IDOR)
IDOR is a broken access control vulnerability where invalidated user input can be used to perform unauthorized access to application functions. IDOR can result in sensitive information disclosure, information tampering etc. This issue was previously part of OWASP top 10 2007, later it was merged with OWASP top 10 A5 Broken Access control vulnerability.
Random but Memorable - Episode 8.6: Games Revival Outtake Special
Is there a better way to ring in the New Year than with the revival of all Random but Memorable's iconic games? What the Phrase, Real or Not Real, Play Your Passwords Right, Three Word Password, Ridiculous Requirements – whichever's your favourite, the gang's all here! Not only that, we've also included some bonus, long-requested outtakes (with the help of a trusty soundboard!) Listen to the chaos unfold as we uncover some lost gems from the show. (Some of which probably should have stayed lost...)
Power the SOC of the Future with the DataLinq Engine - Part 2
In my first blog in this series, we discussed the importance of data to the modern SOC, and the unique approach of ThreatQ DataLinq Engine to connect the dots across all data sources, tools and teams to accelerate detection, investigation and response. We developed the DataLinq Engine with the specific goal of optimizing the process of making sense out of data in order to reduce the unnecessary volume and resulting burden.
What Oil and Gas Companies Must Do to Counter Cyber Threats
The oil and gas industry’s global supply chain uses a vast array of information technology (IT) and operational technology (OT) systems. These systems require constant cybersecurity protection to ensure energy flows efficiently and productively around the world to meet global needs. Hackers know that IT and OT systems are often interdependent and closely linked. In fact, the recent Colonial Pipeline attack resulted from the successful breach of Colonial’s IT network.
TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
The TellYouThePass ransomware family was recently reported as a post-exploitation malicious payload used in conjunction with a remote code execution vulnerability in Apache Log4j library, dubbed Log4Shell. TellYouThePass was first reported in early 2019 as a financially motivated ransomware designed to encrypt files and demand payment for restoring them. Targeting both Windows and Linux systems, TellYouThePass ransomware re-emerged in mid-December 2021 along with other ransomware like Khonsari.
FIN7 Sends BadUSB Devices to U.S. Businesses as Part of Targeted Ransomware Campaign
First reported by The Record, the FBI has issued a new security Flash Alert warning organizations that the cybercrime gang FIN7 is again sending malicious USB drives to U.S. business targets in the transportation, insurance and defense industries through the U.S. Postal Service and United Parcel Service. This latest wave of attacks began in August 2021 with FIN7, which is also known as Carbanak Group and Navigator Group. The drives can be recognized by the LilyGo label on the case.