Threat Detection

Including Digital Risk Protection in Your Threat Detection and Response Strategy

Mar 8, 2024 By Kroll In Kroll

Many organizations focus on addressing the risks within their internal attack surface while overlooking the potential threats created by their external digital footprint on the surface, deep and dark web. This article outlines how companies can significantly mitigate this risk by combining digital risk protection with their detection and response approach.

Read Post

Kroll

Read more about Including Digital Risk Protection in Your Threat Detection and Response Strategy

Focus Terrapin patching efforts with Zeek

Mar 8, 2024 By Ben Reardon In Corelight

In this blog, we will demonstrate how Zeek’s metadata approach can help focus patching efforts related to the recent SSH “Terrapin” attack. One of the interesting aspects to bear in mind as you read this is that Zeek provides visibility of the vulnerable elements of this encrypted protocol, and thus serves as a reminder that network monitoring is still very much relevant, even in a heavily encrypted world.

Read Post

Corelight

Read more about Focus Terrapin patching efforts with Zeek

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Mar 8, 2024 By SnapAttack In SnapAttack

Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links.

View Video

SnapAttack

Read more about Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

The Reality of EDR Costs

Mar 6, 2024 By Laura In SenseOn

With EDR, like other security tool types, effective performance always comes at a cost. Even if you use an EDR tool that is open source or free, your organisation will still need to invest time to configure, maintain and operate it on an ongoing basis. Sometimes, as we explain in this blog, these costs can dwarf the initial spend in getting an EDR licence in the first place. But, paying high EDR costs is not the only way to get EDR capabilities.

Read Post

SenseOn

Read more about The Reality of EDR Costs

Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Mar 1, 2024 By Ed Smith In Corelight

Securing a network against the myriad of evolving cyber threats requires more than just a robust firewall or endpoint protection platform; it demands a multifaceted approach. Corelight’s Open Network Detection and Response (NDR) Platform complements and significantly enhances the effectiveness of next-generation firewalls (NGFWs). Here are 9 reasons why adding Corelight to your cybersecurity arsenal, alongside existing NGFWs, is not just an upgrade but a strategic necessity.

Read Post

Corelight

Read more about Dual Defenses: 9 Reasons Why Open NDR Is Essential Alongside NGFW

Automated Threat Analysis from Splunk Attack Analyzer

Mar 1, 2024 By Splunk In Splunk

Learn how Splunk Attack Analyzer automates threat analysis for credential phishing and malware threats.

View Video

Splunk

Read more about Automated Threat Analysis from Splunk Attack Analyzer

Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

Feb 26, 2024 By Allen Marin In Corelight

In this second post of our threat hunting with Corelight and CrowdStrike blog series we dive into Persistence, which is one the many tactical categories outlined in the MITRE ATT&CK framework. In our previous blog, we reviewed some of the common techniques in the Initial Access category, like Drive-By Compromise and Spearphishing. In this post, we examine and provide some useful threat hunting tips on some of the common tactics attackers use to maintain long-term access to a target's environment.

Read Post

Corelight

Read more about Inside the Mind of a Cybersecurity Threat Hunter Part 2: Identifying Persistence Techniques

Beat the Clock: Meet the 5/5/5 Detection and Response Benchmark With Sysdig and Tines

Feb 23, 2024 By Victor Hernando In Sysdig

10 minutes to pain. When it comes to cloud security, 10 minutes or less is what bad actors need to execute an attack. Does it mean your business could be at risk if you fail to detect and respond to an attack in less than 10 minutes? Absolutely yes. With more and more sophisticated security attacks actively occurring nowadays, security teams need to hold themselves to a modernized benchmark.

Read Post

Sysdig

Read more about Beat the Clock: Meet the 5/5/5 Detection and Response Benchmark With Sysdig and Tines

ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot

Feb 22, 2024 By SnapAttack In SnapAttack

We know threat actors use RMM tools for command and control and to blend in with other legitimate activity in networks. But how about exploiting RMM tools for fun, profit, and remote code execution? In this week's Threat SnapShot, we'll look at two recent vulnerabilities in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) an authentication bypass and directory traversal that can be combined together to achieve remote code execution.

View Video

SnapAttack

Read more about ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot

Ephemeral Containers and APTs

Feb 19, 2024 By Nigel Douglas In Sysdig

The Sysdig Threat Research Team (TRT) published their latest Cloud-Native Security & Usage Report for 2024. As always, the research team managed to shed additional light on critical vulnerabilities inherent in current container security practices.

Read Post