Elastic continues to provide customers the ability to modernize their security operations programs. Today’s launch celebrates several initiatives that together equip customers to modernize security operations, including.

DCShadow is a feature in the open-source tool mimikatz. In another blog post, we cover without detection once they’ve obtained admin credentials. But DCShadow can also enable an attacker to elevate their privileges. How can a Domain Admin elevate their access even higher? By obtaining admin rights in other forests. Leveraging SID History, an attacker can add administrative SIDs to their user account and obtain admin level rights in other trusted domains and forests.

The overpass-the-hash attack is a combination of two other attacks: pass-the-hash and pass-the-ticket. All three techniques fall under the Mitre category “Exploitation of remote services.” In an overpass-the-hash attack, an adversary leverages the NTLM hash of a user account to obtain a Kerberos ticket that can be used to access network resources.

Snyk, the leader in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer’: Application Security Testing. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding overall rating, user interest, and adoption.

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and accelerate analyst workflows. Today, we are pleased to share that the Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.

Do a quick search for the top cybersecurity breaches thus far in 2022 and you’ll quickly be overwhelmed with reports of cryptocurrency thefts, attacks targeting multinational corporations and critical infrastructure, and nation-state backed attacks spurred by ongoing geopolitical conflict. It’s easy for individuals to let their guard down and think they’re safe because these complex attacks aren’t targeting them specifically.

It’s a challenging time for a lot of businesses right now and we’ve yet to see the full impact of the global economic slowdown. With that, we feel fortunate to be in a position to double down on our mission to help new and existing customers unlock the power of automation, and move from reactive to proactive. In short, Tines has raised an additional $55 million in new funding, led by Felicis, alongside our existing investors Accel, Blossom Capital, Addition, and Lux Capital.

October is Cybersecurity Awareness Month, established back in 2004 by the Office of the U.S. President and the U.S. congress. Led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), the initiative helps both individuals and enterprises make smarter, more informed security decisions.

In this blog post, we outline the research our Threat Intelligence team has undertaken into this new attack vector. A new LOLBins tactic for executing payloads through PowerShell was released by Alh4zr3d, a security researcher, on Twitter in September 2022. In the tweet, the security researcher recommended that organisations stay away from IEX and Invoke-WebRequest when using PowerShell commands and, as a substitute, host a text record with their payload on a domain.

When two companies merge, there is typically a lot of data that needs to be transferred between the two organizations. This data may include confidential information such as customer records, financial reports, and employee data. If this data falls into the wrong hands, it could be used to commit fraud or theft. That’s where data loss prevention (DLP) comes in.