threat intelligence

RansomHub threat actors observed using EDR-killing tool

Posted on August 20, 2024August 20, 2024 by Admin

Threat research from Sophos details a recent encounter with the ransomware group known as RansomHub. The research reports that the attack was unsuccessful; however, researchers were able to analyze the attack and discovered the use of an EDR-killing tool. The research has labelled this utility the EDRKillShifter. John Bambenek, President at Bambenek Consulting, comments, “At present, only RansomHub is using the tool. However, as it was sold on the dark web, it is more than likely that…

New honeypot techniques for addressing targeted attacks

Posted on July 22, 2024July 22, 2024 by Admin

Automated at-scale attack campaigns now represent the vast majority of online threats, and are starting to blend together with targeted attacks. As the number of these attacks increases, so does the cyber risk for organizations. Unfortunately, the most common approaches to defense — including vulnerability management, phishing awareness, signature-based network and endpoint detection — are neither effective nor efficient in addressing these kinds of attacks because traditional third-party threat intelligence cannot provide adequate targeted…

Navigating political polarization in the workplace

Posted on June 12, 2024June 12, 2024 by Admin

In this episode of The Security Podcasts featuring Scott McHugh, retired CSO at LyondellBasell Chemical Company and Faculty at Rice University, we discuss the challenges security leaders face when navigating political polarization in the workplace. “This is actually not a new phenomenon,” Scott McHugh says. “It really started in the late ’90s, in the Clinton administration, and it’s just been manifesting itself through the years ever since then. And it’s become much more of a…

Olympics 2024: Cyber Attackers are Targeting Companies Associated With Paris Games

Posted on June 4, 2024June 5, 2024 by Admin

Organisations linked to the Paris Olympics 2024 have an increased risk of cyber attacks, including ransomware, credential leaks and phishing campaigns, a study has found. Insikt Group, the threat research division of security firm Recorded Future, has already observed posts advertising access to Games-related organisations in France and compromised credentials using “paris2024[dot]org” domains on the Dark Web. These findings were published in a new report highlighting high-priority threats to the Games, based on an assessment…

How threat hunting secures organizations: A proactive security strategy

Posted on May 20, 2024May 20, 2024 by Admin

Threat hunting involves actively searching for threats instead of waiting for alerts from defense systems. It is about taking the initiative to find irregularities and deviations in computer systems. Often, there are no alerts to signal an intrusion. Threat hunting targets threats that have already bypassed automated detection systems. It facilitates the identification of attackers who have penetrated the infrastructure and are practically indistinguishable from legitimate users by standard security measures. Threat hunting complements automated…

Cyber attribution: Do you really need to know?

Posted on May 17, 2024May 17, 2024 by Admin

Although Agatha Christie might disagree, sometimes mysteries should remain unsolved — at least in the cyber realm. Cyber attribution — finding exactly who perpetrated a given cyberattack — has seemingly become a cybersecurity goal in and of itself. But do organizations really need to know? Recognizing the “who” behind cyberattacks (not just the “what” and “how”) provides critical insights into the attacker’s objectives, infiltration methods, covert communication channels and more. Effective incident response hinges on…

Navigating the identity security landscape

Posted on March 27, 2024March 27, 2024 by Admin

In this episode of The Security Podcasts featuring Jeff Reich, Executive Director of the Identity Defined Security Alliance, we discuss the challenges security professionals are facing in the evolving landscape of identity security threats. “Something we see often is when we were asking the question, ‘how long do account stay active or in your system after someone leaves your organization?’ And certainly there are a number of organizations that say within two days it’s been…

Sign up for a Tour at the RSA Conference 2024 SOC

Posted on March 18, 2024March 18, 2024 by Admin

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform. Engineers will be using Cisco Security Cloud in the SOC, comprised of Cisco Breach Protection Suite, User Protection Suite, Cloud Protection Suite and Secure Firewall. Incidents are investigated with Threat Intelligence, provided by Cisco Talos, partners Recorded Future, alphaMountain, Pulsedive and community sources. Outside the SOC, you will receive…

Diversifying the security workforce

Posted on February 21, 2024February 21, 2024 by Admin

In this episode of The Security Podcasts featuring Larry Whiteside, Jr., CISO at RegScale and Co-Founder and President at Cyversity, we discusses the importance of diversity within the security workforce, the challenges security leaders face during the hiring process and how critical mentorship is when it comes developing talent. “The reality is threat actors and our adversaries that are out there, and they don’t care about what someone looks like. They don’t care about what…

« 1 2 3 4 … 8 »

RansomHub threat actors observed using EDR-killing tool

New honeypot techniques for addressing targeted attacks

How threat hunting secures organizations: A proactive security strategy

Cyber attribution: Do you really need to know?

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)