Incident Response

How Isolation Changes Incident Response

| | api, Incident Response, Isolation, logging, Phishing
Large Groups of Isolated Users Shrink Your Exposure Surface Enterprises frequently acquire an isolation solution (with Menlo for remote browser isolation) for groups of users, such as VIPs, rather than their entire ...
Menlo Security Blog
crisis

Survey Finds Lag in Crisis Response Planning

| | crisis planning, Incident Response, security
A recent survey from security firm Immersive Labs found that many organizations don’t hold crisis simulations more than once a year, and the majority of organizations when holding such exercises only do ...
Security Boulevard
GRU

Drovorub: Russia Pushing Invisible Malware, say NSA and FBI

| | APT28, Drovorub, Fancy Bear, Russia, SB Blogwatch
Fancy Bear is at it again. This time, it’s said to be infecting Linux machines with Drovorub—rootkit malware that’s very hard to detect ...
Security Boulevard
Intel

Intel Leak: 20GB of Secrets Just the Start, Says Perp

| | Data breach, Intel, SB Blogwatch, Tillie Kottmann
A large cache of confidential documents has been exfiltrated from Intel and leaked ...
Security Boulevard
cybersecurity

How Cybersecurity Will Change Post-Pandemic

| | Cybersecurity, Pandemic, remote workers
The business impact of COVID-19 has been felt in many different industries. Cybersecurity is one industry that has seen a huge impact, with the increase of hacks, malware and phishing attempts popping ...
Security Boulevard

Hunting injected processes by the modules they keep

| | analysis, digital investigations, Incident Detection, Incident Response, IR, Kansa, Kansa collector command line arguments, Kansa collectors, Triage, Windows
A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our ...
trustedsignal -- blog
Garmin

Garmin Pays Ransom to Evil Corp – Despite Russian Sanctions

| | Evil Corp., Garmin, Ransomware, SB Blogwatch, WastedLocker
It’s emerged that Garmin caved into pressure and paid several million dollars’ ransom to WastedLocker-wielding criminals ...
Security Boulevard
Avon Cosmetics Leaks 7GB of Personal and Technical Information from Unsecured Server

Avon Cosmetics Leaks 7GB of Personal and Technical Information from Unsecured Server

| | Avon, Avon Products, Data breach, Data leak, Digital Privacy, Industry News, personal data exposure, Security Incident
Last month, SafetyDetectives researchers discovered an unsecured database belonging to the popular Avon beauty company. The server, which lacked basic security measures, was easily accessible by investigators, who found a trove of ...
HOTforSecurity

Reimagining the SOC for the Future of Work

| | Cyber Attack Risk, Dynamic Workforce Risk, Incident Response, Security Operations Center
Amy Blackshaw and Michael Adler talk with ITPSmagazine about ways to enable a successful virtual SOC and what organizations need to do to manage the growing threat of dynamic workforce risks ...
RSA Blog

Analyzing an Instance of Meterpreter’s Shellcode

| | analysis, DFIR, Digital Forensics, digital investigations, forensics, Incident Response, IR, Malware, Triage
In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
trustedsignal -- blog
Load more