As companies shift more focus to combatting the recent epidemic in ransomware attacks, they are faced with choices on how to best deploy defenses to counter new attacker tactics and stay ahead of the threat.

Software development and delivery is an ever-changing landscape. Writing software was once an art form all its own, where you could write and deploy machine code with singleness of purpose and no concern for things like connecting to other computers. But as the world and the variety of systems that software supports became more complex, so did the ecosystem supporting software development.

In Part 1 of this blog series, we took a look at how we could use Elastic Stack machine learning to train a supervised classification model to detect malicious domains. In this second part, we will see how we can use the model we trained to enrich network data with classifications at ingest time. This will be useful for anyone who wants to detect potential DGA activity in their packetbeat data.

We’ve always been vocal about the imminent threat of breaches and propagated the message that irrespective of the size of your business, the industry you’re in, or your geography, you can be subject to a security breach. And unfortunately, history repeats itself often. On May 11, 2020, Nippon Telegraph & Telephone (NTT), a large telecommunications company, revealed that attackers may have stolen data from its internal systems, affecting over 600 customers.

Ransomware has been around for decades going back all the way to 1989. Since then it has only magnified in scope and complexity. Now at a time when working remotely is becoming more universal and the world is trying to overcome the Covid-19 pandemic, ransomware has never been more prominent. Ransomware is a type of malware that prevents users from accessing their system or personal files and demands a “ransom payment” in order to regain access.

Note: We sent this monthly newsletter on July 7th 2020. Subscribe below to get this newsletter in your inbox. Today, we are releasing major updates to Bearer. They include a new dashboard, a rebuilt navigation, and improvements to many of our existing features. Each improvement has been designed based on your feedback and with your developer experience (DX) in mind. Here’s a short overview.

As our personal and business lives move into the digital sphere, implementing robust cybersecurity practices has quickly become a necessity. Much like brushing your teeth twice a day or making sure you get eight hours of sleep each night, it’s important to regularly protect and clean our data. Indeed, with 70% of Americans conducting their banking primarily online, it’s easy to see that a lapse in judgment or ignorance of how to stay safe could have serious consequences for many.

Being a sysadmin basically means being a superhero. Fighting bad guys (aka hackers), helping ordinary people (aka users), saving your home (aka IT environment) from various disasters — it all sounds very heroic, but it’s just an average day in a sysadmin’s life. But superheroes can feel pain as well. Five years ago, we asked brave sysadmins to blow off some steam and complain about their suffering by letting us know what they really hate about their work.

Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision SMB backdoor was included called Double Pulsar. This backdoor is implemented by exploiting the recently patched Windows vulnerability: CVE-2017-0143. For detection, we are going to first focus on the backdoor portion of the implant, hunting for traces left behind on the network.

As healthcare and life sciences organizations move to digitize their operations and automate their workflows, they are encountering new challenges related to HIPAA regulations, which dictate how patient information should be collected and stored.