Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability has been found in eladmin up to 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file LocalStoreController.java. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-44676. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Loftware Spectrum up to 4.6 HF13. Affected is an unknown function. The manipulation leads to xml external entity reference. This vulnerability is traded as CVE-2023-37233. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Loftware Spectrum up to 4.6. This issue affects some unknown processing of the component Log Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-37232. Access to the local network is required for this attack. There is no exploit available.

The threat actor known as CosmicBeetle has debuted a new custom ransomware strain called ScRansom in attacks targeting small- and medium-sized businesses (SMBs) in Europe, Asia, Africa, and South America, while also likely working as an affiliate for RansomHub. "CosmicBeetle replaced its previously deployed ransomware, Scarab, with ScRansom, which is continually improved," ESET researcher Jakub

Collaboration between offensive (Red Team) and defensive (Blue Team) operations is essential to fortify an organization’s defenses. During a recent SiegeCast session, Tim Medin (CEO of Red Siege), Justin Polk […]

• One financial services and consulting behemoth designed its cybersecurity stack with an understanding that adversary infrastructure would be a fundamental requirement. But the firm had to ensure it would operate within inevitable budgetary constraints.

• Clear definition of required capabilities led to the selection of HYAS Insight because of its unique ability to support the security team’s existing threat intelligence efforts across its centers worldwide. The firm’s addition of HYAS solutions resulted in a deeper understanding of adversary infrastructure and better awareness to stop cybercriminals and nation-state attackers.

• As a result of using HYAS, the firm disrupted fraud rings and eliminated or reduced the impact of cyberthreats for its clients, while also pruning other solutions from its security stack to reduce costs. A strong working relationship ensured that HYAS’s actionable data were optimized and could drive concrete results for the firm and its clients.

How do global consulting firms with international reach think about providing their cybersecurity services? One major managed service provider (MSP) which we’ll call “MSP Global” offers security operations center as-a-Service (SOCaaS) and cyber threat hunting, detection, and response for clients in more than 150 countries and territories.

MSP Global found tremendous value in incorporating HYAS solutions into a strategy for supporting their global cybersecurity services. Given MSP Global’s size and number of clients around the world, it was crucial to have the most robust cybersecurity capabilities possible. MSP Global designed a comprehensive framework of technical capabilities, effective processes, and rich threat intelligence to support their clients. A critical aspect of this was not only the ability to detect and mitigate attacks but also to understand threat actor behavior and the infrastructure used to carry out their attacks. They needed the right players on board to support their framework, including partnering with the leading intelligence firm specializing in adversary infrastructure. Who fit the bill? HYAS did.

Challenges Q: Why do clients engage MSP Global’s cybersecurity services?

MSP Global offers SOCaaS and related threat hunting, incident response, and other services to clients who want reliable third-party managed services. Regardless of the services chosen, the firm provided intelligence reporting with industry-specific data, analysis, and insight to help protect client businesses from a wide range of threats.

One of MSP Global’s primary goals when onboarding new clients was to define each client’s particular intelligence requirements. That meant understanding the threat landscape and attack surface for each client. The requirements of course included factors specific to the client, but also inevitably included relevant threat patterns and actors in the client’s industry as a whole.

Those in the banking industry, for example, received different intelligence reports than healthcare providers based upon the specific threats and changing landscape for that industry.  But regardless of the industry, MSP Global leveraged the diverse, contextualized cyber threat intelligence provided by HYAS. The firm combined HYAS intel into an all-source intelligence model optimized for the client.

Q: What drove MSP Global to consider HYAS as a threat intelligence and incident response solution?

The business case for visibility on infrastructure intelligence was clear. Enterprises need timely, relevant, and actionable cyber threat intelligence to understand threat infrastructure and to prevent, detect, and mitigate the impacts of phishing, ransomware, and other kinds of cyber attacks. HYAS provides its clients with rich passive DNS, both standard and industry-exclusive WhoIs, proprietary malware intelligence, and other contextualized intelligence that helps SOC analysts and threat hunters connect the dots and uncover adversary infrastructure.

The case for infrastructure intelligence was so clear that when MSP Global’s intelligence division decided to build its service, it defined its collection strategy around specific intelligence “pillars” that would mutually reinforce each other to provide the best possible cybersecurity services. Adversary infrastructure was an essential part of one of these pillars, representing a predetermined requirement that could only be met with capabilities like HYAS’s.

Solutions Q: What made MSP Global choose HYAS among other solutions in the marketplace?

No business can escape financial constraints, but it was clear to MSP Global that a single vendor could not demonstrate expertise in all the areas required. The company looked at multiple vendors and found that HYAS occupies a special niche.  HYAS Insight provides unrivaled adversary “infrastructure intelligence” that helps organizations identify the infrastructure used by adversaries to launch attacks and provides visibility into past patterns of activity.  It also identifies future threat activity for associated infrastructure that has not yet been weaponized.

HYAS Protect provides protective DNS capabilities that scrutinizes DNS traffic - a requirement of any communication with the internet - to prevent the corporate network or employee endpoints from communicating with suspicious or malicious sites on the internet. That means adversary activity is interrupted, such as phishing or malware communication with command and control infrastructure. It also means security practitioners get clear insights into the patterns of traffic and unwanted activity across their network so they can track down anomalies and institute change that better protects their organizations.

MSP Global saw something unique in HYAS solutions as well as a standard of excellence that helped put them in the best position to deliver cybersecurity services that best met their client’s objectives.

Q: How does MSP Global use HYAS Insight to help its clients?

HYAS Insight plays neatly into MSP Global’s threat hunting and cyber threat intelligence offerings. Fundamental to supporting these solutions is accurate infrastructure data and the context around it. HYAS provides the necessary real-time data, historical details, and a diverse range of correlated intelligence to help the company’s worldwide centers effectively stop bad actors, whether script kiddies or advanced adversaries.
MSP Global’s intel teams don’t directly provide its clients with data from HYAS. Rather, they use HYAS Insight to support their services with intelligence they can trust, and that means better SOC triage, prioritization, and response to threats, and also more timely, in-depth intelligence reports catered to their clients.

Q: How does HYAS reinforce MSP Global’s security posture?

In addition to using HYAS Insight to support SOCaaS incident response, amplify MSP Global’s threat hunting, and provide threat intel to generate reports, the firm uses HYAS for:

• Data enrichment: Better connection between diverse data types leads to better outcomes for all teams. The company found that different perspectives on single domains provides a more detailed picture, giving analysts clearer paths forward. Solutions like HYAS Insight help organizations understand not just what’s in front of them, but what’s coming their way.
• Fraud: Fraud investigators can put a stop to illicit activities by cross-referencing rich datasets to correlate and pinpoint events, patterns, timeframes of activity, and other information.  This helps fraud teams build cases against specific individuals, liaise with law enforcement, and shut down a bad actor. MSP Global’s anti-fraud teams use HYAS Insight to deconflict and piece together data provided by other tools, building actionable plans to disrupt cyber fraud.

Results Q: How does HYAS help MSP Global achieve its mission?

HYAS intelligence has empowered MSP Global to successfully identify and stop:

• Fraudulent activity
• DNS tunneling
• Malware command and control
• Pre-weaponized attack infrastructure

And HYAS has also helped MSP Global cut costs. Annually evaluation of 3rd party product fit against the firm’s evolving objectives is a standard component of its vendor management process, ensuring the firm maximizes the value gained from its investments. Reevaluations have resulted in extremely high ROI with HYAS Insight, so high that the firm has managed to prune other less valuable solutions from its security stack.

Q: How does MSP Global’s senior intelligence manager rate HYAS?

MSP Global rates HYAS solutions very high, noting how quickly the intelligence division can pull  information necessary for cybersecurity investigations it conducts on behalf of its clients. In addition, HYAS Insight’s advanced capabilities give MSP Global’s intel teams more ways to present data and recommend action. 

But good products and services are nothing without the right partnership. The relationship between HYAS and MSP Global has ultimately strengthened them both and empowered their missions to build stabler, safer business environments for those they serve.

Connect with us to learn how HYAS's unrivaled threat intelligence and investigation capabilities can augment your existing security stack and protect against advanced cyberthreats. 

The post How One Consultancy Behemoth Uses HYAS for Unrivaled Cybersecurity appeared first on Security Boulevard.

49% have experienced a major security breach in the past 12 months, according to respondents to our new “ Voice of a Threat Hunter 2024 ”...

The post How Effective Threat Hunting Programs are Shaping Cybersecurity appeared first on Security Boulevard.

LOKKER released a new consent management solution available in its Privacy Edge Platform. This builds on LOKKER’s earlier release of its Consent Verification tool, which allows businesses to check whether their existing consent management platform is configured correctly. Many state and federal privacy laws require organizations to provide consumers with the ability to opt in or opt out of their data being shared with third parties and trackers on their websites and ensure that what … More →

The post LOKKER’s consent management solution blocks all unauthorized data collection on websites appeared first on Help Net Security.

TIDRONE group targets military, drone and satellite industries in Taiwan

A fresh wave of attacks on APAC government entities involves both self-propagating malware spreading via removable drives and a spear-phishing campaign.

This post first appeared on blog.netwrix.com and was written by Jonathan Blackwell.
Introduction Administrators can perform all typical Windows registry operations using either the old-good regedit user interface or the reg.exe utility. But there is another option — PowerShell. PowerShell can dramatically streamline the work of managing the registry, either on the local machine or remotely. In this article, we’ll detail how to create, manage and delete … Continued

Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down. [...]

安全行业的打卡活动，质量少见又稀缺。

When ransomware visits your network, resolve to build it back better. And if you’re tempted to pay the ransom, don’t. That money is better spent on new defenses to prevent a repeat incident. These are some of the takeaways from a remarkable British Library report, Learning Lessons From The Cyberattack, that analyzes the paralyzing ransomware […]

The post 10 Lessons from the British Library Ransomware Attack appeared first on Ransomware.org.

Пространство-время не такое, каким мы его знали.

Tufin Orchestration Suite (TOS) R24-2 ensures organizations’ network operations are efficient, secure, and always audit-ready by automating complex tasks, enhancing security visibility, and driving compliance. The key benefits TOS R24-2 delivers are: Automation: Automates complex firewall policies and access requests to reduce manual efforts and ensure the accurate implementation of network changes across Microsoft Azure, Google Cloud Platform (GCP) and VMware cloud platforms. Enhanced compliance: Remain audit-ready with comprehensive change tracking, proactive risk analysis, and … More →

The post Tufin improves security automation on Azure, GCP, and VMware clouds appeared first on Help Net Security.

Authors/Presenters:Junzhe Wang, Matthew Sharp, Chuxiong Wu, Qiang Zeng, Lannan Luo

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.
Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis appeared first on Security Boulevard.

Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2. [...]