Detection Engineering Weekly #70 is live! https://lnkd.in/eQubGHYj I had a copy/paste error (human operator error) in the initial post, so it's now fixed :) In this post: * 💎 by David Burkett on being an analyst vs. an engineer and the gatekeepy-ness security people tend to leverage in this conversation * Microsoft's Ross Bevington unveils a part of their deception infrastructure and how infosec Twitter discovered one of their honeypot domains * Pass/Vail vs A-Grade security projects by Phil Venables <-- this one I copy-pasted content from Notion and the original post in email had the incorrect text. It's now updated! * Truvis T. detection opportunities and leveraging Microsoft Sentinel for Linux auditd * Victor Manuel Alvarez launches YARA-X * The Vertex Project thesilence on threat clustering * Podcasts featuring Jeff Bollinger on how LinkedIn does detection & response, and Mandiant researchers on 0-day and N-day vulnerability and incident response * Daniel Stepanic and samir bousseaden on LATRODECTUS as a drop-in replacement for ICEDID, Volexity unveils some detection opportunities for Palo Alto GlobalProtect devices, Rockwell Automation wants us to pull the plug on their devices connected to the internet, BlackBasta infra hunting and a new Linux backdoor from Kimsuky
Zack Allen’s Post
More Relevant Posts
-
For those of you that are detection engineers, check out the latest Detection Engineering weekly! The Cybersleuth Chronicles #infosec #cybersecurity #detectionengineering #blueteam #shieldsup
Detection Engineering Weekly #70 is live! https://lnkd.in/eQubGHYj I had a copy/paste error (human operator error) in the initial post, so it's now fixed :) In this post: * 💎 by David Burkett on being an analyst vs. an engineer and the gatekeepy-ness security people tend to leverage in this conversation * Microsoft's Ross Bevington unveils a part of their deception infrastructure and how infosec Twitter discovered one of their honeypot domains * Pass/Vail vs A-Grade security projects by Phil Venables <-- this one I copy-pasted content from Notion and the original post in email had the incorrect text. It's now updated! * Truvis T. detection opportunities and leveraging Microsoft Sentinel for Linux auditd * Victor Manuel Alvarez launches YARA-X * The Vertex Project thesilence on threat clustering * Podcasts featuring Jeff Bollinger on how LinkedIn does detection & response, and Mandiant researchers on 0-day and N-day vulnerability and incident response * Daniel Stepanic and samir bousseaden on LATRODECTUS as a drop-in replacement for ICEDID, Volexity unveils some detection opportunities for Palo Alto GlobalProtect devices, Rockwell Automation wants us to pull the plug on their devices connected to the internet, BlackBasta infra hunting and a new Linux backdoor from Kimsuky
Det. Eng. Weekly #70 - It's hot detection summer
detectionengineering.net
To view or add a comment, sign in
-
Microsoft names new CISO in a major security shakeup https://lnkd.in/dRzZWGaB #TechCircleInsights #TechCircle #techcommunity #techleaders #technologists #TechCircleUpdate #ciocommunity #CISOAppointment #CybersecurityLeadership #TechSecurity #CorporateSecurity #SecurityShakeup #TechLeadership #InfoSec #CyberDefense #SecurityNews #MicrosoftUpdates
Microsoft names new CISO in a major security shakeup
techcircle.in
To view or add a comment, sign in
-
Want to save up to 40 percent of your time on core security operations tasks with capabilities such as writing complex queries based only on natural language questions and summarizing security incidents? Need to protect your organization at machine speed and scale that is built on the latest in large language models and harnesses Microsoft’s security expertise and global threat intelligence to help security teams outpace their adversaries?
Microsoft Security Copilot Early Access Program is now available | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog
To view or add a comment, sign in
-
The 2-year challenge to build AI-powered defense highlights the White House and Defense Advanced Research Projects Agency (DARPA) underscores the vital role that #artificialintelligence will play in mitigating #cyberthreats and #risks to #criticalinfrastructure, demonstrating AI's potential as a force for good, safeguarding basic services to the nation's communities. Pubic/private partnerships within these types of initiatives, that include Google, Microsoft, OpenAI, and Anthropic, brings not only credibility to the challenge, but also ensures that the outcomes are not only innovative but also have real-world applicability. The additional involvement of The Linux Foundation Open Source Security Foundation (OSSF) in an advisory role shows emphases on #opensource solutions, and associated levels of development and security, being very important to #SBOM and software #supplychain considerations. It will be very interesting to track the progress and success of the program, and the opportunity to bolster the Nation's defense of critical infrastructure, utilizing #AI to "...create systems that can automatically defend any kind of software from attack,” #DARPA program manager Perry Adams, who conceived of the AI Cyber Challenge, emphasizing the importance of adaptability and comprehensiveness in #cybersecurity solutions. #informationsecurity #infosec #infosecurity #appsecurity #datasecurity #dataprotection #databreach #security #technology #cyberwarfare #cyberdefense #riskmanagement #riskmitigation #riskassessment #ICSsecurity #OTsecurity #innovation #IndustrialSecurity #Cyberthreats #IndustrialIoT #ControlSystemsSecurity #OperationalTechnology #dataprotection #dataprivacy #appsecurity #cybersecuritysummit #css13
DARPA launches two-year competition to build AI-powered cyber defenses | TechCrunch
https://techcrunch.com
To view or add a comment, sign in
-
Certified Ethical Hacker v12 | CSI Linux Certified Investigator | Cyber Security Trainer & Researcher | Mobile Application Developer | Penetration Tester | Security Analysis | Open for Guest Lectures |
Finding some useful resources from this post.. Do check out if you are in need of these.. #cyber #cybersecurity #hacking #penetrationtesting #hacker #securityawareness
All open source resources •Red Team Ops :- https://lnkd.in/eU7JxcGC •Red Teaming :- https://lnkd.in/eFi-kVA7 •Red Team ToolKit :- https://lnkd.in/eMNNjyWe •Blue Team Ops :- https://lnkd.in/ezwkSS_j •OSINT :- https://lnkd.in/e_sSFijz •DevSecOps :- https://lnkd.in/eK-hBe5k •Pentest :- https://lnkd.in/et4GQWbh •Cloud Pentest :- https://lnkd.in/eiYRWZ-P •Shodan :- https://lnkd.in/e7sjejmT •AWS Security :- https://lnkd.in/ehxfAE5Z •Malware Analysis & Reverse Engineering :- https://lnkd.in/eUU8hh-g •Malware Analysis:- https://lnkd.in/eVVHeuiW •Computer Forensic :- https://lnkd.in/eCN5cn8J •Cloud Security :- https://lnkd.in/eYq5d2ak •Reverse Engineering :- https://lnkd.in/eRy4C7ya •Threat Intelligence :- https://lnkd.in/exwkfDbr •SOC :- https://lnkd.in/ebEn3xcD •Social Engineering :- https://lnkd.in/e5re-wvn •Web Security :- https://lnkd.in/e2NMdr7c •Forensics :- https://lnkd.in/eCN5cn8J •API Security :- https://lnkd.in/efWmX3J8 •WEB3 :- https://lnkd.in/eYBNqvP6 •Incident Response :- https://lnkd.in/eTkEmWAi •Search Engines :- https://lnkd.in/eGtp6EQU •Smart Contract Security:- https://lnkd.in/ewcynqxs •Terraform :- https://lnkd.in/eDtyHbjW •Cloud Pentest :- https://lnkd.in/eiYRWZ-P •Burpsuite Extensions :- https://lnkd.in/eF-S2s2p •IOT :- https://lnkd.in/eMBiMDWy •IOS Security :- https://lnkd.in/ejj3bTEp •Embedded & IOT Security :- https://lnkd.in/euP4WDxe •OSINT Bots :- https://lnkd.in/epRbs7w6 •IOT Hacks :- https://lnkd.in/eHGnF45X •WEB3 Security:- https://lnkd.in/eYBNqvP6 •Security :- https://lnkd.in/eV824HTx •Reversing :- https://lnkd.in/eRy4C7ya •Piracy :- https://lnkd.in/en8gGM9e •Web Hacking :- https://lnkd.in/esbChaef •Memory Forensics :- https://lnkd.in/eEJZU-Vz •OSCP :- https://lnkd.in/ea2MqKD8 •RAT :- https://lnkd.in/eutfG-mY
To view or add a comment, sign in
-
Cybersecurity Expert | Gartner Veteran | GTM Advisor to Startups, Private Equity & Venture Funds | Board Advisor
Open season "Since early October 2023, Microsoft has observed two North Korean nation-state threat actors – Diamond Sleet and Onyx Sleet – exploiting CVE-2023-42793, a remote-code execution vulnerability affecting multiple versions of JetBrains TeamCity server. TeamCity is a continuous integration/continuous deployment (CI/CD) application used by organizations for DevOps and other software development activities. In past operations, Diamond Sleet and other North Korean threat actors have successfully carried out software supply chain attacks by infiltrating build environments. Given this, Microsoft assesses that this activity poses a particularly high risk to organizations who are affected. JetBrains has released an update to address this vulnerability and has developed a mitigation for users who are unable to update to the latest software version. While the two threat actors are exploiting the same vulnerability, Microsoft observed Diamond Sleet and Onyx Sleet utilizing unique sets of tools and techniques following successful exploitation."
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability | Microsoft Security Blog
https://www.microsoft.com/en-us/security/blog
To view or add a comment, sign in
-
Social engineering is a malicious attempt to trick you into giving away sensitive information (like financial data or a password). With a password manager like LastPass, you can generate unique and secure passwords for all your accounts and store them in one central vault that can be accessed wherever and whenever you need it. Learn more tips to help protect yourself in our recent blog. Please spread the word for Password[less]! #lastpass #passtronauts #devops #platformengineering
LastPass Blog: Protect Yourself Against Social Engineering With a Password Manager
blog.lastpass.com
To view or add a comment, sign in
-
There are a couple of important points about this attack. 1. social engineering "The attack started with the attackers doing some social engineering to convince a DevOPS engineer to downgrade to an earlier version of the MinIO software that is impacted by the two vulnerabilities." 2. persistence "Once installed, the hackers exploited CVE-2023-28432 to remotely access the server's environment variables, including the MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD variables. These administrative credentials allow the hackers to access the MinIO admin console using the MinIO client. Using this client, the threat actors modify the software update URL to one they crontrol, to push a malicious update." 3. control "Having breached the object storage system, the attackers establish a communication channel with the command and control (C2) server from where it fetches additional payloads that support post-compromise activity." So far, a couple of considerations on my side. 1. there's no real "air-gap" if your object storage is "vulnerable" by default. You may have a very secure road towards a dead city with ghouls. Not a great holiday. 2. social engineering to DevOps people - unexpected? Be careful: DevOps might not have enough security background to double check any source - I can testify. Principle of least privilege and security controls for any change - major or minor - can help. 3. protocol air gapping is good - I still believe that network air-gapping is better for a bunch of reasons. #secureyourdata #security
Hackers exploit MinIO storage system to breach corporate networks
bleepingcomputer.com
To view or add a comment, sign in
-
Network Automation | Linux | Docker | Ansible | Python | BASH | Git GitHub GitLab | Cisco IOS & Nexus | Palo Alto | DNS | BIND | IPAM | DDI | DHCP | Infoblox | ITOM | ITIL | ServiceNow | AWS | DevOps | SRE | CI/CD
Good links to cyber and tech information!
All open source resources •Red Team Ops :- https://lnkd.in/eU7JxcGC •Red Teaming :- https://lnkd.in/eFi-kVA7 •Red Team ToolKit :- https://lnkd.in/eMNNjyWe •Blue Team Ops :- https://lnkd.in/ezwkSS_j •OSINT :- https://lnkd.in/e_sSFijz •DevSecOps :- https://lnkd.in/eK-hBe5k •Pentest :- https://lnkd.in/et4GQWbh •Cloud Pentest :- https://lnkd.in/eiYRWZ-P •Shodan :- https://lnkd.in/e7sjejmT •AWS Security :- https://lnkd.in/ehxfAE5Z •Malware Analysis & Reverse Engineering :- https://lnkd.in/eUU8hh-g •Malware Analysis:- https://lnkd.in/eVVHeuiW •Computer Forensic :- https://lnkd.in/eCN5cn8J •Cloud Security :- https://lnkd.in/eYq5d2ak •Reverse Engineering :- https://lnkd.in/eRy4C7ya •Threat Intelligence :- https://lnkd.in/exwkfDbr •SOC :- https://lnkd.in/ebEn3xcD •Social Engineering :- https://lnkd.in/e5re-wvn •Web Security :- https://lnkd.in/e2NMdr7c •Forensics :- https://lnkd.in/eCN5cn8J •API Security :- https://lnkd.in/efWmX3J8 •WEB3 :- https://lnkd.in/eYBNqvP6 •Incident Response :- https://lnkd.in/eTkEmWAi •Search Engines :- https://lnkd.in/eGtp6EQU •Smart Contract Security:- https://lnkd.in/ewcynqxs •Terraform :- https://lnkd.in/eDtyHbjW •Cloud Pentest :- https://lnkd.in/eiYRWZ-P •Burpsuite Extensions :- https://lnkd.in/eF-S2s2p •IOT :- https://lnkd.in/eMBiMDWy •IOS Security :- https://lnkd.in/ejj3bTEp •Embedded & IOT Security :- https://lnkd.in/euP4WDxe •OSINT Bots :- https://lnkd.in/epRbs7w6 •IOT Hacks :- https://lnkd.in/eHGnF45X •WEB3 Security:- https://lnkd.in/eYBNqvP6 •Security :- https://lnkd.in/eV824HTx •Reversing :- https://lnkd.in/eRy4C7ya •Piracy :- https://lnkd.in/en8gGM9e •Web Hacking :- https://lnkd.in/esbChaef •Memory Forensics :- https://lnkd.in/eEJZU-Vz •OSCP :- https://lnkd.in/ea2MqKD8 •RAT :- https://lnkd.in/eutfG-mY
To view or add a comment, sign in
-
Here is some insight into how innovative features like RPP from Cyber Crucible have come into being. Give us a little of your time to see how these new, unique, and successfully working solutions can protect you and give you peace of mind for your security practices.
CEO @ Cyber Crucible, Inc. | Information Security and Privacy | Cyber Operations Automation Expert | Inventor
You are probably going to see some articles, or already have seen some, about an "XZ" backdoor. Let's discuss. Some of my posts are more technical. This is not. So - while I always love feedback from my technical counterparts, brevity for clarity is the goal here. The backdoor enabled an un-managed (aka, secret) encrypted tunnel, or connection, to a third party. So, basically, it opened up an encrypted connection to a hacker, that the company didn't know about nor could they read what was being done. The library involved is a pretty foundational one as far as software engineering goes, and is important to a variety of enterprise software applications. So, the secret connection is a big deal for companies to deal with, given the hacker would have had access to some pretty important stuff. The backdoor was found being worked on for years inside of a public project on the Internet, in a site called GitHub. Think of GitHub like wikipedia for coders - not some dark corner of the Internet. My company will get asked how Cyber Crucible, Inc. works with this, or something like it. I can definitely answer. Would we have blocked it? Sure. Yes. No concern about backing up claims. That's not the real issue though. The real issue is clarity for security and business leaders. Not the "what", but the "why". Also, the "how are they continually getting in, then getting stopped?" Would we have known it was a years-old professional hacking effort to the XZ library automatically, like some type of Minority Report scene? No. Unfortunately, we don't have that level of story-telling automation in place yet. If asked by a client, we would start running around like mad trying to figure out why our automatic attack response was operating on otherwise healthy, known enterprise applications. It does happen from time to time, while we get to the bottom of it (log4j was a good example..."why are we suspending some enterprise web applications?") We're working on auto-identifying compromised embedded libraries as the cause of a response, but that's a different post. #cybersecurity #riskmanagement #threatintelligence #ransomwareprevention #rogueprocessprevention
To view or add a comment, sign in
Thank you for the shout out!