LLMs, You Can Evaluate It! Design of Multi-Perspective Report Evaluation for Security Operation Centers

Security operation centers SOCs often produce analysis reports on security incidents, and large language models LLMs will likely be used for this task in the near future. We postulate that a better understanding of how veteran analysts evaluate reports, including their feedback, can help produce...

Linux Distros Unpatched Vulnerability : CVE-2022-49446

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix firmware activation deadlock scenarios Lockdep reports the following deadlock...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...

CVE-2021-47537 octeontx2-af: Fix a memleak bug in rvu_mbox_init()

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvumboxinit In rvumboxinit, mboxregions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto freeregions'...

CVE-2021-47528 usb: cdnsp: Fix a NULL pointer dereference in cdnsp_endpoint_init()

In the Linux kernel, the following vulnerability has been resolved: usb: cdnsp: Fix a NULL pointer dereference in cdnspendpointinit In cdnspendpointinit, cdnspringalloc is assigned to pep-ring and there is a dereference of it in cdnspendpointinit, which could lead to a NULL pointer dereference on...

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts...

Akira Ransomware

Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner working...

Akira Ransomware

Akira Ransomware By Trellix · November 29, 2023 This blog was also written by Alexandre Mundo and Max Kersten First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators t...

The Queen’s Funeral Sets Off the Biggest UK Police Operation Ever

Snipers on buildings. Drone no-fly zones. Temporary CCTV. The security plan is even more complex than it was for the London 2012 Olympics...

Command Execution Vulnerability in Blue Ocean Premier Billing Management System

Blue Ocean Premier Billing Management System is a set of network security operation management system which is based on realizing network operation, centering on enhancing global security, and aiming at improving management efficiency. A command execution vulnerability exists in the Blue Ocean...

LIVE Webinar — The Rabbit Hole of Automation

The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever...

Webinar — Autonomous Breach Protection: The New Security Paradigm Shift

Organizations today struggle with multi-product security stacks, that are expensive to purchase and maintain and also require a highly skilled security team to manually integrate and operate. The current Coronavirus crisis that has imposed a strict quarantine on organizations and security teams...

AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...

EXIST - Web Application For Aggregating And Analyzing Cyber Threat Intelligence

EXIST is a web application for aggregating and analyzing CTI cyber threat intelligence. EXIST is written by the following software. Python 3.5.4 Django 1.11.22 Concept EXIST is a web application for aggregating CTI to help security operators investigate incidents based on related indicators. EXIS...

Why Do SOCs Look Like This?

When you hear the word "SOC," or the phrase "security operations center," what image comes to mind? Do you think of analyst sitting at desks, all facing forward, towards giant screens? Why is this? The following image is from the outstanding movie Apollo 13, a docudrama about the challenged 1970...

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits . And lots of my good fellows. The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a hu...

nfs-utils rpc.gssd privilege escalation

Unsafe PTR DNS record resoulution is used in a security related operation...

Anonymous claims attacking Greek official websites

Anonymous Group taken down several Greek government websites, on the eve of a visit by German Chancellor Angela Merkel. Hackers Hack several sites including those of the Citizens Protection Ministry, the police and the Ministry of Justice. A message appeared saying: "The page cannot be found". In...

security flaw

zendhashdelkeyorindex in zendhash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zendhashdel to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations...