Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Kaspersky EDR optimu ...

 Business

Naming products and services – and also their many different functions and features – in the infosec domain is, in a word, tricky. Why? Complexity… Cybersecurity: its not a one-dimensional object like, say, a boat. There are different sized boats, but besides things like that, a boat is mostly always a boat. But   show more ...

in infosec, how can all that a modern system of enterprise cybersecurity does be labeled simply, catchily (if thats at all possible), and so as to be reasonably easy to understand? And how can you differentiate one security system from another? Often its difficult explaining such differences in a long paragraph – while in the name of a product or service? Like I say: tricky. Maybe thats why Kaspersky is still associated by some with antivirus software. But actually, detecting and neutralizing malware based on an antivirus database is today just one of our security technologies: over a quarter century weve added to it a great many others. The word antivirus today is more of a metaphor: its known, understood, and thus is a handy (if not too accurate or up-to-date) label. But what are we supposed to do if we need to tell folks about complex, multifunctional protection for enterprise IT infrastructure? This is when strange sets of words appear. Then there are all the abbreviations that come with them, whose original idea was simplification (of those strange sets of words) but which often just add to the confusion! And with every year the number of terms and abbreviations grows, and memorizing them all becomes increasingly… also tricky. So let me attempt here to take you on a brief excursion of all this gobbledygook these complex but necessary names, terms, descriptions and abbreviations – hopefully to do what the abbreviations struggle with: bring clarity. From EPP to XDR Ok. Back to the boat; rather – antivirus. The more accurate name of this class of products today is Endpoint Protection or Endpoint Security. After all, as stated above, its not only antivirus thats protecting endpoints these days, but a collection of security measures. And sometimes the varied endpoint technologies are given an updated name – including the word platform. Somehow that sounds more appropriate, and more accurately descriptive – it also seems fashionable, as is its abbreviation: EPP (Endpoint Protection Platform). Endpoint Protection Platform is, in essence, a concept that dates back to the 1990s. Its still needed, but for quality protection of distributed infrastructure other methods are required. Data needs to be collected and analyzed from the whole network to detect not only singular incidents, but also whole chains of attacks, which arent limited to a single endpoint. Threats need to be reacted to across the whole network – not just one computer. Fast-forward a decade or so, and in the early 2000s there appears a class of products called SIEM – security information and event management. That is, a tool for the collection and analysis of all infosec telemetry from various devices and applications. And not only for today: a good SIEM can pull off retrospective analysis – comparing events from the past and uncovering attacks lasting many months or even years. So, by this stage (the early 2000s for those at the back not paying attention!) were already working with the whole network. But theres no P for Protection in SIEM. So the protection was provided by the EPP (Endpoint Protection Platform; you at the back – detention after school!). However, EPP doesnt see network events; for example, it could easily miss an APT (advanced persistent threat). Therefore, in the early 2010s, along comes another abbreviation to fill the gap and cover both security functions: EDR (Endpoint Detection and Response). On the one hand, it provides centralized monitoring of the whole IT infrastructure – allowing, for example, to compile traces of attacks from all the hosts. On the other, an EDR-type product uses for detection not only EPP methods, but also more advanced technologies: correlational analysis of events and the picking out anomalies on the basis of machine learning and dynamic analysis of suspicious objects in a sandbox, plus assorted other threat hunting tools to assist investigation and response. And when we do EDR ourselves here at K, of course we need to put our stamp on it, to give us KEDR. So far, so good great. But… theres no limit to perfection! Fast-forwarding again, this time to the early 2020s, and a new abbreviation is introduced and quickly becomes all the rage in the cybersecurity industry: XDR (eXtended detection and response). This, to put it crudely, is EDR on steroids. Such a system analyses data not only from endpoints (workstations), but also from other sources – for example the mail gateways and cloud resources. Which totally makes sense, since attacks on infrastructure can come from any and all kinds of entry points. XDR can be even further enriched in terms of its expertise by further data from: threat-analysis services (ours is called TIP (Threat Intelligence Portal), network-traffic analysis systems (ours – KATA ), security-events monitoring systems. Such data can also come in via similar services provided by third-parties. XDRs response capabilities are also advanced. More and more protective actions are becoming automated, whereas before they were all done manually. Now the security system can itself respond to events based on cunning rules and scenarios input by experts. Complicate or simplify? I hope its clear now that any EDR or XDR represents a large, complex collection of technologies. However, the functionality of different providers EDRs or XDRs can differ greatly. For example, each provider determines what and how much their experts input into an EDR/XDR to better reflect and thus repel modern-day attacks. So, though theyre all called EDR/XDR, theyre by far not all the same. For example, on Kaspersky XDR platform, besides the listed-above XDR capabilities, theres also a module providing interactive training for raising client-companies employee cyber-literacy. And no other XDR does such a thing! Surely thats a good reason to cheer if not boast? Actually, sceptics may not be happy. They might say that if we add simply everything weve got to enterprise protection – kitchen sink and all – wont this simply be too much? A morass that becomes too complex, cumbersome, and hard-to-understand and master. Whatever next? they think: marketing types coming up with YDR next year, then ZDR the year after?! Ok, we get it. And we listened to our customers too. And over the years weve come to realize that in enterprise cybersecurity, by far not all companies need everything plus the kitchen sink. Often, more up their street weve found is a basic set of EDR tools plus clear and convenient instructions on how to use them. This is especially the case for small and medium-sized businesses with small teams of infosec specialists. So what have we done to meet these more essential needs? Weve come up with our new and improved [EDR Optimum] KEDR Optimum [EDR Optimum]: advanced detection, simple investigation and automated response in an easy-to-use package to protect business against the latest threats. For example, in its new alert cards, besides detailed descriptions of suspicious events and threats, theres also now a Guided Response section. This gives step-by-step recommendations for investigation and response regarding discovered threats. Recommendations like this have been prepared based on the decades of dedicated work of our leading experts, and come in the form of links to detailed descriptions of protective procedures. This not only raises reaction speeds, it also allows infosec specialist trainees to boost their skills, for example – with interactive pop-ups: Another thing KEDR Optimum can now do is to keep an eye on infosec specialists possibly inadvertently blocking this or that critical system object. After all, malware can sometimes launch using legitimate operating system files – and blocking such files can hinder the operation of the whole IT infrastructure. With KEDR Optimum – youre covered. And finally, I must mention just one other thing about KEDR Optimum. All the above was written by me – Mr. K. Prefer something more impartial? Be my guest! Head on over to independent testing laboratories to see what they think. For example: IDC, Radicati and SE Lab. There. 100% transparent and fair.

 Malware and Vulnerabilities

The Kinsing operators were found exploiting both old and new security vulnerabilities in WebLogic Servers and Docker Daemon API ports to deploy cryptominers. The successful exploitation of the flaw leads to RCE, allowing various malicious activities on infected systems, such as malware execution, data exposure, and taking over full control of a machine.

 Trends, Reports, Analysis

According to the Hiscox Cyber Readiness Report 2022, IT pros in US businesses are more worried about cyberattacks (46%) than the pandemic (43%) or skills shortages (38%). And the data prove it.

 Malware and Vulnerabilities

Mandiant discovered North Korean hackers using infected versions of the PuTTY and KiTTY SSH clients to release a novel backdoor, AIRDRY, on media companies. The attack begins via initial contact over email, followed by a file being shared on Whatsapp. Organizations are suggested to use behavioral-based detection solutions to identify and mitigate threats.

 Expert Blogs and Opinion

Every service provider that may be a valuable target for attackers needs to take into account how their IT infrastructure may be vulnerable. Modern networks are diverse and uncentralized, opening companies to greater risk along their supply chain.

 Expert Blogs and Opinion

Tokyo needs to establish a cyber ministry to oversee and defend the nation’s cybersecurity infrastructure against threats, says Major General Tanaka Tatsuhiro, a former commanding general of the GSDF’s Signal School.

 Laws, Policy, Regulations

Indonesia finally has passed its personal data protection law which has been in discussions since 2016. The government believes the new Bill will be critical amidst a spate of data security breaches in the country.

 Malware and Vulnerabilities

FortiGuard Labs recently came across an unassuming phishing email that proved to be far more than it initially seemed. Written in Russian, it attempts to lure the recipient into deploying malware on their system.

 Govt., Critical Infrastructure

The Cyberspace Administration of China proposed a set of amendments to the Cybersecurity Law last week that would raise the size of fines for some violations and diversify penalties for infractions committed by operators of critical infrastructure.

 Expert Blogs and Opinion

Ransomware has grown into a major threat to organizations globally. The United States and its partners should work through international institutions to prevent ransomware gangs from expanding into other countries.

 Govt., Critical Infrastructure

Ultimately, U.S. officials decided against an outright ban, Anne Neuberger, deputy national security advisor for cyber and emerging technology on the National Security Council, said earlier this month at the Code Conference.

 Laws, Policy, Regulations

Firms Telekom Deutschland and SpaceNet took action in the German courts challenging the law that obliged telecom companies to retain customers' traffic and location data for several weeks.

 Expert Blogs and Opinion

When it comes to cybersecurity, there are too many variables on both the attack and defense sides to easily calculate the return on investment (ROI) for specific expenditures.

 Trends, Reports, Analysis

Companies are faced with a backlog of 100,000 vulnerabilities within their systems. Not all are exploitable – in fact, 85% cannot or cannot really be exploited. Nevertheless, 15,000 remaining vulnerabilities is a frightening number.

 Feed

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged   show more ...

the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

 Feed

Ubuntu Security Notice 5619-1 - It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only   show more ...

affected Ubuntu 18.04 LTS. It was discovered that LibTIFF was not properly terminating a function execution when processing incorrect data. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS.

 Feed

In the Linux Mali driver, when building with MALI_USE_CSF, the VFS read handler of the main Mali file descriptor (kbase_read()) never looks at its "count" parameter. This means that a simple userspace program that sets up a Mali file descriptor, then calls read(mali_fd, buf, 1), will see read() returning a higher length than requested, and out-of-bounds data in the userspace buffer will be clobbered.

 Feed

The Mali driver frees GPU page tables before removing the higher-level PTEs pointing to those page tables (and, therefore, also before issuing the required flushes). This means a racing memory write instruction on the GPU can write to an attacker-controlled physical address.

 Feed

Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

 Feed

Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is "C:WindowsSystem32" and if not, we   show more ...

grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

 Feed

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators like Datagroup and EuroTransTelecom to deliver payloads such as Colibri loader and Warzone RAT. The

 Feed

Uber on Monday disclosed more details related to the security incident that happened last week, pinning the attack on a threat actor it believes is affiliated to the notorious LAPSUS$ hacking group. "This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, NVIDIA, and Okta, among others," the San Francisco-based

2022-09
Aggregator history
Tuesday, September 20
THU
FRI
SAT
SUN
MON
TUE
WED
SeptemberOctoberNovember