Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection

Beat the Clock: Meet the 5/5/5 Detection and Response Benchmark With Sysdig and Tines

10 minutes to pain. When it comes to cloud security, 10 minutes or less is what bad actors need to execute an attack. Does it mean your business could be at risk if you fail to detect and respond to an attack in less than 10 minutes? Absolutely yes. With more and more sophisticated security attacks actively occurring nowadays, security teams need to hold themselves to a modernized benchmark.

ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot

We know threat actors use RMM tools for command and control and to blend in with other legitimate activity in networks. But how about exploiting RMM tools for fun, profit, and remote code execution? In this week's Threat SnapShot, we'll look at two recent vulnerabilities in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) an authentication bypass and directory traversal that can be combined together to achieve remote code execution.

SnapAttack ThreatLabs: How to Detect CVE-2023-46214

CVE-2023-46214 is identified as a Remote Code Execution (RCE) vulnerability within Splunk Enterprise, as reported in the Splunk security advisory SVD-2023-1104 on November 16, 2023. Successful exploitation of this vulnerability would give an attacker code execution on the target server. This can lead to exfiltration of sensitive information, persistence, lateral movement, destruction or impairment of the server, or many other malicious activities.

Click with Caution: The Moniker Link Vulnerability (CVE-2024-21413) Exposed | Threat Snapshot

Did you catch the Moniker Link vulnerability from Microsoft's recent "Patch Tuesday"? It's not often that a 9.8 CVSS remote code execution flaw is identified in one of Microsoft's products. But does it live up to the hype? Tracked as CVE-2024-21413, this security flaw could lead to NTLM credential theft and potentially allow remote code execution through manipulated hyperlinks in Microsoft Outlook.

Understanding Identity Threat Detection and Response

When it comes to modern systems and networks, identities are the new perimeter. Long gone are the days of singular office-bound systems with a set server room and endpoints that stayed on desks. With the rise of hybrid work models, cloud computing, and rapid digitization in industries like healthcare and manufacturing, it’s a user’s identity that holds increasing power over a network’s function and security.

Accelerate SOC Maturity with Threat Hunting

SOC leaders who got their start in security 10 or 20 years ago have witnessed an incredible evolution of cyber attacks. Those who have failed to keep up find themselves operating in an unrecognizable sea of advanced adversaries. All kinds of organizations across every industry are struggling to maintain their pace on the rapid timeline that threat actors have set for them.

Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShot

Remote Monitoring and Management (RMM) tools, traditionally utilized by IT departments to oversee and manage network infrastructure, software, and systems remotely, have increasingly become a double-edged sword in cybersecurity. The recent breach of AnyDesk, a popular RMM software, underscores the criticality of securing these tools against exploitation. Adversaries like Scattered Spider exploit these legitimate tools for malicious purposes, leveraging them to gain unauthorized access, maintain persistence, and conduct lateral movement within targeted networks.

Unzipped! The Hidden Dangers Behind .Zip Domains | Threat SnapShot

Phishing attacks got a little more interesting last year with the addition of.zip as a domain name. Attackers started using it in phishing campaigns, playing on a user's assumption that they were downloading the popular archive file. In this week's Threat SnapShot, we'll take a closer look at how attackers have used the.zip domain for phishing, as well as detection and hunting strategies you can use to keep your organization safe..