Rethinking How You Work With Detection and Response Metrics

April 19, 2024 at 01:40PM Black Hat Asia conference in Singapore discussed the challenge of distinguishing true security threats from false alarms. Allyn Stott emphasized the importance of metrics in assessing detection and response programs, driving improvements, and demonstrating risk reduction to the business. He advised using frameworks like MITRE ATT&CK, SANS Institute’s HMM, and … Read more

#StopRansomware: Akira Ransomware

April 18, 2024 at 03:02PM Summary: This joint Cybersecurity Advisory (CSA), released by the FBI, CISA, EC3, and NCSC-NL, highlights the Akira ransomware threat. The report details the ransomware’s impact, encryption methods, impact on different system architectures, and recommended mitigations for network defenders. The CSA also provides technical details using the MITRE ATT&CK framework. For … Read more

Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization

February 15, 2024 at 02:19PM CISA and MS-ISAC conducted an incident response assessment revealing a threat actor gaining unauthorized access to a state government organization’s network environment. Moreover, the attacker compromised network administrator credentials through the account of a former employee, successfully accessing the organization’s internal and Azure environments. A Cybersecurity Advisory containing mitigation strategies … Read more

#StopRansomware: Play Ransomware

December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more

Tidal Cyber Raises $5 Million for Threat-Informed Defense Platform

November 9, 2023 at 11:49AM Tidal Cyber, a startup founded by MITRE veterans, has raised $5 million in seed funding to develop its threat-informed defense platform. The Washington, DC-based firm offers tooling aligned with the MITRE ATT&CK framework to help organizations automate detection and response while customizing their security programs. Tidal Cyber’s platform includes features … Read more