Black Kingdom is targeting Exchange servers that remain unpatched against the ProxyLogon vulnerabilities disclosed by Microsoft earlier this month. It strikes the on-premises versions of Microsoft Exchange Server, abusing the remote code execution (RCE) vulnerability also known as ProxyLogon (CVE-2021-27065[2]).
On March 2, 2021, Microsoft announced it had detected the use of multiple 0-day exploits in limited and targeted attacks of on-premises versions of Microsoft Exchange Server. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign—with high confidence—to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.
In previous posts, we’ve written about two topics covered in the Devo eBook The Shift Is On, which presents the use case for centralized log management (CLM) in the cloud. First, we looked at the 5 best practices for security logging in the cloud. Next, we delved into the question of when your organization should adopt centralized logging. In our final installment, let’s examine the five key evaluation criteria for choosing the right CLM solution for your business.
Most security pros know the value of log data. Organizations collect metrics, logs, and events from some parts of the environment. But there is a big difference between monitoring and a true centralized log management. How can you measure the effectiveness of your current logging solution? Here are four signs that it’s time to centralize log management in your organization: This post is based on content from the new Devo eBook The Shift Is On.
The MITRE ATT&CK framework is a global curated knowledge base of adversary tactics and techniques. This post delves into the history of the ATT&CK framework and provides insights into why every SOC team can benefit from using it to develop threat models and methodologies to protect their organization.
Logs are critical for detecting and investigating security issues. They also provide essential visibility into business operating environments. Many organizations, when they are small and just starting out, can get away with using a local log server and storage to collect data. Almost all security teams start off with this kind of on-premises logging approach. Most teams use an open-source, homegrown solution for this type of short-term, small-scale log analytics.
In their debut LP, Q: Are We Not Men? A: We Are Devo!, the band introduces their defining theme that mankind’s evolution has reached the point—devolved to the point, actually—that we are converging on sameness… emotionless and robotic. This notion informed everything from the way Devo dressed (awesome!), to the music they wrote, to the way they performed. What does the band Devo’s theme of devolution have to do with me joining a software company of the same name?
The new Devo eBook, Building the Modern SOC, presents four evolutionary steps for creating a highly automated and efficient security operations center (SOC) that empowers analysts. This is the last in a series of posts highlighting the most important elements of the four steps. Previous posts covered Step 1, establishing a foundation of centralized, scalable visibility, Step 2, extracting intelligent insights from your data, and Step 3, supercharging your analysts with the power of automation.
For any organization that felt prepared, with their operations well-planned as they headed into 2020, that feeling disappeared quickly. 2020 became the year of the unexpected, forcing organizations to adapt, repeatedly. Looking ahead to 2021, companies of all types and sizes are working to be as prepared, agile, and adaptable as possible. This is certainly true when it comes to building or restructuring an organization’s cybersecurity posture.
On December 8, 2020, cybersecurity company FireEye announced in a blog post that it had been attacked by what CEO Kevin Mandia described as a “highly sophisticated threat actor” that “targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers.”
