November 14, 2024 at 07:40AM Managed services provider Trustwave and endpoint detection firm Cybereason have announced a merger to enhance integrated cybersecurity solutions. They will operate independently while strategically collaborating on a comprehensive service portfolio. Focus areas include client consulting and threat detection AI. The merger is set to close in early 2025. ### Meeting … Read more
November 12, 2024 at 07:05AM The SANS State of ICS/OT Cybersecurity 2024 report reveals insights from 530 professionals on current and planned technologies in critical infrastructure. Key current technologies include access controls and backup tools, while future focus areas include ICS-specific training and metrics. Increasing investment in less-deployed technologies like SBOM and SOAR is noted. … Read more
October 31, 2024 at 11:10AM British EDR vendor Sophos describes a prolonged conflict with advanced Chinese government-backed hackers. The company employed custom implants to monitor these hackers, who were targeting vulnerabilities in firewall zero-day exploits. **Meeting Takeaways:** 1. **Company Involvement**: British EDR vendor, Sophos, is actively engaged in cybersecurity efforts, particularly in relation to threats … Read more
October 16, 2024 at 12:30PM Threat actors are exploiting the open-source EDRSilencer tool to evade endpoint detection and response (EDR) solutions. Trend Micro reports that EDRSilencer blocks the outbound traffic of various EDR processes, aiding malicious activities by rendering security software ineffective. This trend highlights the increasing use of advanced tools to circumvent security measures. … Read more
October 15, 2024 at 02:48PM EDRSilencer, an open-source tool, is being used by attackers to mute alerts from Endpoint Detection and Response (EDR) tools, enabling cyber threats to go undetected. Trend Micro reports it can block multiple EDR products, urging the adoption of multi-layered security measures to counteract this tool’s capabilities. **Meeting Takeaways: EDRSilencer and … Read more
October 9, 2024 at 03:06PM Ivanti has alerted customers to three new vulnerabilities in its Cloud Services Appliance (CVA) that are currently being exploited, alongside a previously disclosed zero-day vulnerability. The company advises users to review administrative access and EDR alerts, and recommends migrating to CSA version 5.0 if compromised. ### Meeting Takeaways: 1. **New … Read more
September 10, 2024 at 02:31PM The RansomHub ransomware gang has utilized TDSSKiller, a legitimate tool from Kaspersky, to neutralize endpoint detection and response (EDR) services on target systems. Based on the meeting notes, it appears that the RansomHub ransomware gang has been utilizing TDSSKiller, a legitimate tool from Kaspersky, to bypass endpoint detection and response … Read more
September 10, 2024 at 12:34PM CosmicBeetle debuts new ransomware, ScRansom, targeting SMBs globally, possibly as an affiliate for RansomHub. The attack spans various sectors and uses brute-force attacks and known security flaws for infiltration. Cicada3301 ransomware is observed with modifications, while a kernel-mode signed Windows driver, POORTRY, used by multiple ransomware gangs as an EDR … Read more
September 3, 2024 at 10:23AM Cicada3301, a new ransomware, has evolved from the infamous 4chan puzzle project. It has already compromised 21 companies, mainly in Europe and North America. With advanced features and similarities to BlackCat ransomware, it poses a significant threat. Its stealth tactics and obfuscation have raised concerns, emphasizing the need for robust … Read more
July 23, 2024 at 12:16PM NDR, or Network Detection and Response, is compared to “pest control” to emphasize its importance in identifying cyber intruders and closing security gaps. It provides a complete view of the network environment, allowing security teams to trace intruder paths and respond effectively. NDR, along with EDR and ASM, forms a … Read more