Blog

Cybersecurity news

• Thousands of Citrix Netscaler ADC and Gateway servers exposed online are vulnerable to attacks exploiting a critical remote code execution (RCE) bug that was previously abused in the wild as a zero-day.
• GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
• Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International.
• Google is running a pilot program to limit employees’ access to the internet in an effort to reduce the risk of cyberattacks. The program allows access to internal pages and some Google domains, such as Gmail and Google Drive.
• A hacker has created his own version of ChatGPT, but with a malicious bent. The developer of WormGPT is selling access to the chatbot, which can help hackers create malware and phishing attacks.
• Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.

More

Threats catalogs

There is a lot of discussion in the professional community about risk assessment methodologies. At the same time, much less attention is paid to a more powerful indicator of the maturity of the process – the process of building threats catalogs.

Let us turn to a typical assessment process:

After a one-time event – the preparation of methodological materials – the assessment cycle begins on a schedule or trigger. The first step is to determine the assessment areas, a step that depends largely on the completeness of the data on the resource-service model. As with audits, it is important here to see the connections between tangible and intangible assets.

The value of the asset, the most difficult step in terms of assessment, was discussed earlier.

The next step, i.e. identification, is the formation of a list of risks for further assessment. And it is this step that often becomes a stumbling block for inexperienced organizations.

Often in the first iterations of the process, this step is implemented creatively: experts analyze the asset on the go, during each assessment, and make a list of possible threats.

More

Challenge & Implementation

One of the entity’s departments has already implemented Defensys SOAR and among all other useful features it has the aggregated assets model that SGRC uses via the integration with SOAR. With a rise of the total number of technical equiHaving experience with our software and trusting

Defensys as a reliable vendor, the organization purchased Defensys SGRC for the integration with their internal portal. This portal, created for governmental bodies, is a multifunctional tool for employees of different departments and organizations. Portal allows users to create requests with various purposes. The government entity plays here the managing and approving role.pment within the entity SOAR became increasingly important.

The main function of SGRC in the organization is to automatically fetch all the received requests with the asset model. Thanks to the role model of the SGRC all the necessary asset types can be owned and managed by certain number of employees. Access to a particular asset with all stored requests and created data may be shared between employees of one or several departments.

After receiving and approving portal requests, a new customized entity with a certain status is added to SGRC via API.

More

Cybersecurity news

• Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
• Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality.
• Cybersecurity experts reported the discovery of the Meduza Stealer malware designed for it “Complex data theft”. The virus monitors “User activity on the Internet, extraction of huge amounts of data related to browsers”.
• Researchers have pulled back the curtain on an updated version of an Apple macOS malware called RustBucket that comes with improved capabilities to establish persistence and avoid detection by security software.
• Researchers discovered an undisclosed malware family named EarlyRat being used by a branch of the North Korea-backed Lazarus Group. The malware was deployed in Log4j and phishing attacks, marking its first identification in the cybersecurity landscape.
• A trojanized installer for the popular Super Mario 3: Mario Forever game for Windows has been infecting unsuspecting players with multiple malware infections.

More

We are excited to announce the integration of the Defensys SOAR platform with ChatGPT from OpenAI. This integration brings a change to the way users interact with ChatGPT directly within the SOAR incident chat window. By eliminating the need for separate windows, it significantly reduces the time required to obtain relevant information while maintaining the context of the conversation. But that’s not all. With the integration of ChatGPT, real-time analysis of incoming incidents and their contextual information becomes possible. Leveraging the power of the MITRE ATT&CK framework, ChatGPT can identify attacker tactics, techniques, and sub-techniques. This enhanced visibility enables analysts to understand the current state of the attacker and anticipate the attacker’s next steps. And there’s more. Additionally, the integration empowers effortless generation of incident reports tailored to various stakeholders. Whether it’s a report for managers, directors, or customers, the integration allows for the creation of comprehensive reports in any desired format at the click of a button. By leveraging ChatGPT’s capabilities, analysts can analyze the accuracy and precision of actions performed, receiving valuable recommendations and insights. ChatGPT assists in identifying any overlooked or undocumented details, providing hints to enhance the quality of incident response. With this integration, SOC operators can effectively leverage the expertise of ChatGPT, enhancing incident analysis, reporting, and overall operational efficiency.

More