Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection

Hunting CVE-2024-30051: Desktop Window Manager Privilege Escalation | Threat SnapShot

May 17, 2024 By SnapAttack In SnapAttack
In this episode, we dive into CVE-2024-30051, a critical out-of-bounds write vulnerability in the Desktop Window Manager. This bug, similar to CVE-2023-36033, allows attackers to escalate privileges to SYSTEM by exploiting a heap overflow in dwmcore.dll. CVE-2024-30051 has been actively exploited to deploy malware like Qakbot, as identified by Kaspersky. This video covers the process of hunting down a sample, executing it in a sandbox environment, and creating effective detections using logs from the exploit’s activity.
View Video

ESXi Ransomware: Trends, Logging, and Detection | Threat SnapShot

May 11, 2024 By SnapAttack In SnapAttack
Since 2021, ransomware groups have set their sights on VMware ESXi hypervisors, with the SEXi variant, emerging in 2024, being the most recent threat. The Babuk Locker was one of the first to target ESXi, and its leaked source code enabled other strains like ESXiArgs, BlackBasta, and Clop to develop customized variants terminating VMs and encrypting data on ESXi servers. While employing similar tactics like exploiting vulnerabilities and encrypting VM files, these ESXi-focused ransomware exhibit patterns that provide detection opportunities across the board. By analyzing past attacks, we can better prepare for future threats targeting our virtualization environments. Join the SnapAttack community to access in-depth detection content covered in this video and stay ahead of evolving ransomware targeting ESXi.
View Video
coralogix

Dynamic Bad Actor Scoring in Coralogix

May 9, 2024 By Chris Cooney In Coralogix
Bad bots, hackers, and other malicious agents can be tracked by a huge volume of metrics – session activity, HTTP headers, response times, request volume & cadence, and more. This complexity has created a market for siloed, complex, and extremely expensive tools. In contrast, Coralogix can consume simplistic data, like CDN logs, and derive complex, dynamically changing scores. When coupled with built-in cost optimization and the wider platform features, this makes a very compelling case.
Read Post
safebreach

The Road to CTEM, Part 1: Breaking Down the 5 Phases

May 9, 2024 By SafeBreach In SafeBreach
Continuous threat exposure management (CTEM) is a formal program to manage cyber risk that allows organizations to enhance and optimize their overall cybersecurity posture. As outlined by Gartner, CTEM offers a cyclical approach to finding and mitigating threat exposure—which is the accessibility and exploitability of digital and physical assets—in an ongoing, proactive, and prioritized way.
Read Post
Corelight

Next-Generation SIEM: Corelight is the Data of Choice

May 7, 2024 By Todd Wingler In Corelight
For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor activities across endpoints and networks.
Read Post

Operationalizing the 2024 M-Trends Report | Threat SnapShot

May 5, 2024 By SnapAttack In SnapAttack
Threat reports are invaluable resources, but transforming their insights into actionable defense strategies can be a daunting task. In this week's Threat SnapShot, AJ takes you on a journey through the 2024 M-Trends report, unveiling a seamless path to operationalize its findings using SnapAttack's cutting-edge platform. Whether you're a threat hunter, detection engineer, or security analyst, this video offers valuable insights and practical guidance on staying ahead of emerging threats by operationalizing the 2024 Mandiant Trends Report.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.