Blog

Challenge & Implementation

One of the entity’s departments has already implemented Defensys SOAR and among all other useful features it has the aggregated assets model that SGRC uses via the integration with SOAR. With a rise of the total number of technical equiHaving experience with our software and trusting

Defensys as a reliable vendor, the organization purchased Defensys SGRC for the integration with their internal portal. This portal, created for governmental bodies, is a multifunctional tool for employees of different departments and organizations. Portal allows users to create requests with various purposes. The government entity plays here the managing and approving role.pment within the entity SOAR became increasingly important.

The main function of SGRC in the organization is to automatically fetch all the received requests with the asset model. Thanks to the role model of the SGRC all the necessary asset types can be owned and managed by certain number of employees. Access to a particular asset with all stored requests and created data may be shared between employees of one or several departments.

After receiving and approving portal requests, a new customized entity with a certain status is added to SGRC via API.

More

Cybersecurity news

• Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
• Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality.
• Cybersecurity experts reported the discovery of the Meduza Stealer malware designed for it “Complex data theft”. The virus monitors “User activity on the Internet, extraction of huge amounts of data related to browsers”.
• Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software.
• Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. The malware was deployed in Log4j and phishing attacks, marking its first identification in the cybersecurity landscape.
• A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.

More

We are excited to announce the integration of the Defensys SOAR platform with ChatGPT from OpenAI. This integration brings a change to the way users interact with ChatGPT directly within the SOAR incident chat window. By eliminating the need for separate windows, it significantly reduces the time required to obtain relevant information while maintaining the context of the conversation. But that’s not all. With the integration of ChatGPT, real-time analysis of incoming incidents and their contextual information becomes possible. Leveraging the power of the MITRE ATT&CK framework, ChatGPT can identify attacker tactics, techniques, and sub-techniques. This enhanced visibility enables analysts to understand the current state of the attacker and anticipate the attacker’s next steps. And there’s more. Additionally, the integration empowers effortless generation of incident reports tailored to various stakeholders. Whether it’s a report for managers, directors, or customers, the integration allows for the creation of comprehensive reports in any desired format at the click of a button. By leveraging ChatGPT’s capabilities, analysts can analyze the accuracy and precision of actions performed, receiving valuable recommendations and insights. ChatGPT assists in identifying any overlooked or undocumented details, providing hints to enhance the quality of incident response. With this integration, SOC operators can effectively leverage the expertise of ChatGPT, enhancing incident analysis, reporting, and overall operational efficiency.

More

Defensys has updated the Platform for automation of information security management SGRC. Developer has reviewed the categorization process of сritical assets and taken into consideration new legislation regarding personal data processing.

In the 5.2 version of Defensys SGRC the list of criteria and values for assessing the category of critical assets has been updated. Due to this users now can determine the asset value more precisely and timely notify the regulatory authorities about the categorization.

Personal data processing procedure was also modified by the developer. The Platform enables users both to create and maintain up-to-date lists of information systems, business processes and responsible employees and to consider other assets involved in personal data processing. Users can automate routine tasks, such as notifications regarding personal data changes, damage reevaluation in case of law violations and changes in the composition of technical devices within the company infrastructure.

One more important update to the Platform is the extension of pre-installed methods supplied in the SGRC, which allow users to enter data on current tactics and techniques, as well as define security threat scenarios to form threat models as a part of a risk assessment approach.

The ability to perform supplementary controls over audit process and results by fixing the hash-sum of attached evidences was added to the “Audit” unit.

More

Cybersecurity news

• Millions of GitHub repositories may be vulnerable to dependency repository hijacking, also known as “RepoJacking,” which could help attackers deploy supply chain attacks impacting a large number of users.
• A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service attacks.
• A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 Wi-Fi routers to rope the devices into a distributed denial-of-service botnet.
• CyberCX’s cyber security experts have recently unveiled a way to consistently bypass the security of older Lenovo Laptops with BIOS locked, raising severe security issues among users.
• Microsoft attributed a string of service outages aimed at Azure, Outlook, and OneDrive earlier this month to an uncategorized cluster it tracks under the name Storm-1359.
• Microsoft’s June 2023 Patch Tuesday, with security updates for 78 flaws, including 38 remote code execution vulnerabilities. While thirty-eight RCE bugs were fixed, Microsoft only listed six flaws as ‘Critical,’

More