Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Understanding the Ka ...

 Business

A question for many businesses these days isnt Will we get hacked? but rather, Might we have already been hacked unknowingly? The stealthy nature of advanced cyberthreats means that organizations need to be continuously vigilant. To safeguard sensitive data and critical systems, many turn to various cybersecurity   show more ...

services – including compromise assessment services. While compromise assessment may sound similar to incident response, penetration testing, and/or managed detection and response (MDR), it serves a distinct purpose in the realm of cybersecurity. In this post, we explore the concept of a compromise assessment service and show how it differs from these other crucial cybersecurity operations. What is a compromise assessment service? A compromise assessment service is a proactive cybersecurity project-based measure designed to identify signs of compromise within an organizations IT infrastructure. This assessment focuses on detecting threats or suspicious activities that may have gone unnoticed within an organizations environment. The primary objectives of compromise assessment are typically the following: To perform a tool-aided indicator of compromise (IoC) scan of all hosts in the IT infrastructure To analyze network activity, including outgoing connections to potential attackers command and control servers To conduct initial incident investigation to identify tools and techniques used for the attack (if signs of network compromise were found) To reveal suspected sources of an attack and other likely compromised systems To provide recommendations on further remediation actions Whats the difference between compromise assessment (CA) and incident response (IR)? Incident response is a reactive cybersecurity process, which comes into play once a security incident has been detected. IR teams are responsible for investigating the nature and scope of a breach, containing it, eradicating the threat, and restoring normal operations. Incident response aims to minimize the impact of security incidents and prevent their reoccurrence. Both CA and IR share common approaches and methodologies – including collection and analysis of digital forensic artifacts (Prefetch, Amcache, etc.), usage of IoC-scanners to find compromised hosts, and binary reverse engineering to prove the presence of malicious functions in certain programs or scripts. The primary differences between CA and IR are: Aspect Compromise assessment Incident response Primary goal To identify missed/unknown incidents To reduce the impact of an identified security breach or an attack on your IT environment Input data Doesnt require technical data for the input Requires technical data for the input: alert from security control, suspicious file, signal about data leakage, ransom note, etc., which obviously prove that an incident has occurred Timing Periodic assessment project Precedes IR in identifying an incident Can follow IR to make sure of no other compromises Is initiated after security incident detection Follows compromise assessment if a breach is detected Scope Broad scan across entire organizations network to find all signs of compromise Only the network segments affected by the reported incident Whats the difference between compromise assessment and penetration testing? Penetration testing – often referred to as pentesting – is a simulated cyberattack on a system, network, or application to evaluate its security vulnerabilities. The primary goal of a pentest is to identify potential weak points that malicious hackers might exploit, thereby allowing organizations to strengthen their security posture. Both penetration testing and compromise assessment activities require skilled professionals with a deep understanding of cyberthreats and defenses. While they have different primary objectives, both are proactive measures to understand and improve security. The key differences between a penetration test and a compromise assessment. Aspect Penetration testing Compromise assessment Objective To identify vulnerabilities before theyre exploited To identify instances of successful exploitation of vulnerabilities Scope Predefined (e.g., specific systems, applications) Typically, the whole organization Methodology Simulated cyberattacks using tools and manual techniques To examine logs, network traffic, anomalies and system behaviors Whats the difference between compromise assessment and managed detection and response Managed detection and response services involve continuous monitoring, threat detection, and incident response by a third-party provider. MDR combines technology, human expertise, and threat intelligence to identify and respond to security threats in real time. The focus of MDR is on providing a holistic cybersecurity solution that includes both monitoring and response capabilities. Both CA and MDR use a combination of advanced technologies, threat intelligence, and skilled analysts to identify potential security breaches and suspicious activities within an organizations network. The key differences between CA and MDR are as follows: Aspect Compromise Assessment MDR Timing -Periodic assessment project (one-time assessment) no SLA for notifications Continuous 24/7 activity (ongoing service) Strict SLA for notifications Analysis focus Past and current attacks Forensic state analysis Current attacks Behavioral monitoring Sources of data for analysis EDR/NTA SIEM Digital footprint intelligence (darknet) EDR/NTA Conclusion As cyberthreats become increasingly sophisticated, the traditional reactive approach to cybersecurity is no longer sufficient. A compromise assessment service offers a proactive solution, ensuring that organizations arent just waiting for the next breach but actively seeking out and neutralizing latent threats. By conducting such assessments, you can eliminate the residual risk of being breached without notice. A compromise assessment service plays a critical role in proactively identifying potential compromises and security weaknesses within an organizations network. While it may share some similarities with incident response, penetration testing, and managed detection and response services, its a project-flow activity whose primary focus is on proactive identification of unnoticed attacks that bypassed an organizations security systems and processes. Understanding the differences among these cybersecurity practices is crucial for organizations seeking to build a robust defense strategy. Each service has its place in an organizations cybersecurity posture, and they can complement one another to create a comprehensive and effective corporate security framework. You can learn more or contact our Kaspersky Compromise Assessment experts at the service's web page.

 Breaches and Incidents

A new SpyAgent campaign targeting smartphone users in South Korea has infected over 200 devices since early October. The malware is distributed through phishing sites, utilizing malicious Android and iOS apps, with attackers initiating contact via SMS, persuading victims to switch to LINE messenger for further communication.

 Laws, Policy, Regulations

The rule includes exceptions for cases where public disclosure of a cyber incident could pose significant risks to public safety or national security, allowing companies to work with law enforcement agencies to address secret cybersecurity events.

 Trends, Reports, Analysis

Leaked source codes from established ransomware groups like Conti, Lockbit, and Babuk have been utilized by other cybercriminals, leading to the cross-pollination of tactics and tools.

 Incident Response, Learnings

The proposed order by the FTC requires Global Tel*Link to implement a comprehensive data security program, notify customers of future breaches, and minimize the data it collects and retains, among other measures, to prevent further incidents.

 Identity Theft, Fraud, Scams

The attackers posed as a group soliciting donations for children in Palestine, using emotionally charged language and news articles to manipulate recipients. They requested cryptocurrency donations and employed tactics to conceal their identity.

 Feed

Webfwlog is a Web-based firewall log reporting and analysis tool. It allows users to design reports to use on logged firewall data in whatever configuration they desire. Included are sample reports as a starting point. Reports can be sorted with a single click, or "drilled-down" all the way to the packet   show more ...

level, and saved for later use. Supported log formats are netfilter, ipfilter, ipfw, ipchains, and Windows XP. Netfilter support includes ulogd MySQL or PostgreSQL database logs using the iptables ULOG target.

 Feed

Ubuntu Security Notice 6485-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, Tavis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel Processors did not   show more ...

properly handle certain sequences of processor instructions. A local attacker could possibly use this to cause a core hang , gain access to sensitive information or possibly escalate their privileges.

 Feed

Debian Linux Security Advisory 5557-1 - WebKitGTK has vulnerabilities. Junsung Lee discovered that processing web content may lead to a denial-of-service. An anonymous researcher discovered that processing web content may lead to arbitrary code execution.

 Feed

Red Hat Security Advisory 2023-7342-01 - An update for cnf-tests-container, dpdk-base-container and performance-addon-operator-must-gather-rhel8-container is now available for Red Hat OpenShift Container Platform 4.11. Secondary scheduler builds and numaresources-operator are also available for technical preview with this release, however they are not intended for production.

 Feed

Red Hat Security Advisory 2023-7335-01 - An update is now available for Red Hat Process Automation Manager including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

 Feed

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671 (CVSS score: 9.8) -

 Feed

In 2023, the cloud isn't just a technology—it's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone. In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: 'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.' Join us for an

 Feed

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

 Feed

Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER. “The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the

 Feed

The U.S. Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud. “The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to

2023-11
Aggregator history
Friday, November 17
WED
THU
FRI
SAT
SUN
MON
TUE
NovemberDecemberJanuary