65 matches found
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter...
SIR-Bench: Evaluating Investigation Depth in Security Incident Response Agents
We present SIR-Bench, a benchmark of 794 test cases for evaluating autonomous security incident response agents that distinguishes genuine forensic investigation from alert parroting. Derived from 129 anonymized incident patterns with expert-validated ground truth, SIR-Bench measures not only...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
About This Project This project was developed as part of the...
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...
The remote desktop puzzle. DFIR techniques for dealing with RDP Bitmap Cache
TL;DR How RDP Bitmap Cache can reveal user activity No RDP logs? How can we reconstruct RDP activity? How cached tiles can uncover insider threats Introduction A lot of people are aware of RDP and what its functions are. It’s known for providing remote access and making life easier for...
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS...
BEC-ware the phish (part 1). Investigating incidents in M365
TL;DR Review the key artefacts to ensure the best possible telemetry is available in the case of a Business Email Compromise BEC. Keep an eye on data retention, where necessary export or forward data for investigations longer than 30 days. Verify and enable Unified Audit Logging, its free and giv...
Oracle RMAN Missing Auditing
Title: CVE-2020-2978 - Oracle RMAN Audit table point in time recovery not recorded Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c Risk Level: Medium Score: 4.1 Solution Status: Fixed CVE Reference: CVE-2020-2978 Author of Advisory: Emad...
How an incident response retainer can drive proactive security
Weve written before about the importance of taking a proactive approach to cybersecurity. Whether it be threat hunting, an active defense posture or just improving security instrumentation alerts and logs an organization keeps, its best for every user -- no matter the size -- to be prepared for...
US Marshals Service hit by ransomware and data breach
The US Marshals Service USMS says it's suffered a ransomware attack in which a threat actor managed to get hold of sensitive information about staff and fugitives. On February 17, 2023, the attacker infiltrated a system that held information about ongoing investigations, including personally...
Maternal & Family Health Services discloses ransomware attack months after discovery
Maternal & Family Health Services MFHS, a nonprofit healthcare giant based in Pennsylvania, said in an advisory and press release that it has suffered a ransomware attack which led to the potential exposure of sensitive data of patients, employees, and vendors. That data includes names, addresses...
E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware
Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agen...
Live-Forensicator - Powershell Script To Aid Incidence Response And Live Forensics
Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data...
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
Fortune 500 integrated services firm R.R.Donnelley & Sons RRD is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December. RRD, a global firm with 33,000 employees,...
Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and st...
It’s Cybersecurity Awareness Month and there is still a lot to do
October is National Cyber Security Awareness Month NCSAM. And there is still a lot to do! For the last 17 years, the National Cybersecurity Awareness Month NCSAM campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation...
It’s Cybersecurity Awareness Month and there is still a lot to do
October is National Cyber Security Awareness Month NCSAM. And there is still a lot to do! For the last 17 years, the National Cybersecurity Awareness Month NCSAM campaign, driven by the Department of Homeland Security, has raised awareness about the importance of cyber security across the Nation...
Twitter Hack Update: What We Know (and What We Don't)
UPDATED 7/18 at 12:50 p.m. ET Earlier this week, Twitter locked down thousands of verified accounts, including the accounts of Joe Biden, Bill Gates, Elon Musk, Apple, Uber and others, after it became clear that hackers had been able to compromise them. The tip-off? Suddenly these high-profile...
The Incident Response Challenge 2020 — Results and Solutions Announced
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook...
The Incident Response Challenge 2020 — Results and Solutions Announced
In April 2020, Cynet launched the world's first Incident Response Challenge to test and reward the skills of Incident Response professionals. The Challenge consisted of 25 incidents, in increasing difficulty, all inspired by real-life scenarios that required participants to go beyond the textbook...