20 matches found
Lexi DiScola’s guide to global teamwork and overflowing TBRs
Welcome back to Humans of Talos. This month, Amy chats with Senior Cyber Threat Analyst Lexi DiScola from the Strategic Analysis team. Lexi's journey into cybersecurity is anything but traditional -- she brings a background in political science and French to her work tracking global cyber threats...
LegionITS: A Federated Intrusion-Tolerant System Architecture
The growing sophistication, frequency, and diversity of cyberattacks increasingly exceed the capacity of individual entities to fully understand and counter them. While existing solutions, such as Security Information and Event Management SIEM systems, Security Orchestration, Automation, and...
Grid-STIX: A STIX 2.1-Compliant Cyber-Physical Security Ontology for Power Grid
Modern electrical power grids represent complex cyber-physical systems requiring specialized cybersecurity frameworks beyond traditional IT security models. Existing threat intelligence standards such as STIX 2.1 and MITRE ATT&CK lack coverage for grid-specific assets, operational technology...
China, Russia, Iran, and North Korea Intelligence Sharing
Former CISA Director Jen Easterly writes about a new international intelligence sharing co-op: Historically, China, Russia, Iran & North Korea have cooperated to some extent on military and intelligence matters, but differences in language, culture, politics & technological sophistication have...
Android apps with millions of downloads exposed to high-severity vulnerabilities
Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration DEA says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment...
Get To Know John Fokker
Meet John Fokker Head of Cyber Investigations for Trellix Threat Labs By Michael Alicea · April 28, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with John Fokker, Head of Cyber Investigations for Trellix Threat Labs and one of the leading cybersecurity experts in t...
Get To Know John Fokker
Meet John Fokker Head of Cyber Investigations for Trellix Threat Labs By Trellix · April 28, 2022 This blog was written by Michael Alicea At Trellix, we celebrate and champion our people. This week, I sat down with John Fokker, Head of Cyber Investigations for Trellix Threat Labs and one of the...
A deep-dive into the SolarWinds Serv-U SSH vulnerability
Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center MSTIC attributed the attack with high confidence to DEV-0322, a group operating out of Chin...
Indictments, Attribution Unlikely to Deter Chinese Hacking
The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity. On Monday,...
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...
VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection
VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and...
Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online
A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States. Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains...
Open-sourcing new COVID-19 threat intelligence
A global threat requires a global response. While the world faces the common threat of COVID-19, defenders are working overtime to protect users all over the globe from cybercriminals using COVID-19 as a lure to mount attacks. As a security intelligence community, we are stronger when we share...
Partner Perspectives: The Power of Shared Intelligence: Juniper Sky ATP and Cb Response
Scott Emo is the Director of Field Readiness, Security, for Juniper Networks. Uncover and Mitigate the Most Sophisticated Cyber Attacks The rapid growth of emerging technologies, combined with an increasing number of connected devices running business-critical applications in highly distributed...
After Section 702 Reauthorization
For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U...
Anup Ghosh on Cyberespionage, Attribution and APTs
Dennis Fisher talks with Anup Ghosh of Invincea about the recent wave of companies admitting to being hacked by APT groups, the difference between cyberespionage and cyberwar, what the government can do to encourage more intelligence sharing and whether compromised companies are spending enough...
Twitter Denies Hacktivists Behind Severe Outage
Twitter officials say it was a “cascading bug” and not the handiwork of hacktivists that brought down the microblogging site today in two separate outages. “This wasn’t due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today,” Mazen Rawashdeh, the company’s vice...
Coviello: '2012 Will Be the Year of Resiliency'
I just came back from a five-week trip of meeting with customers around the world and never in my entire career have CEOs and corporate boards been as interested in security as they are now. The common theme throughout these conversations was that we are facing a new reality – one of persistent,...