New features of the Defensys SENSE 1.16

Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.

Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.

Defensys’s team continues to improve detection features for a better cyber security posture.


Cybersecurity Digest #89: 06/02/2024 – 20/02/2024

Cybersecurity News

  • Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks.
  • Threat hunters have identified a new variant of Android malware called MoqHao. It automatically executes on infected devices without requiring any user interaction.
  • Fortinet has patched a critical vulnerability that enables unauthenticated remote code execution. The FortiOS and FortiProxy vulnerability tracked as CVE-2024-21762 has a CVSS score of 9.6.
  • LastPass has warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
  • Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
  • The first security vulnerability known as a kernel exploit has been discovered in Apple’s visionOS software. It targets the device’s operating system and could potentially be used to create malware, provide unauthorized access or jailbreak the headset so that anyone could use it.
  • Threat actors are leveraging bogus job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer.


Case study by Defensys – Power Generating Company


The Power generating company hadn’t had any automation programs for their cyber security processes. As the number of branches and employees increased, the Company decided to implement modern software to minimize the manual work and save valuable time.

The Defensys ACP attracted the Company’s attention, because of its automation functions and asset management capabilities from the cyber security perspective.


On the way to the software installation our engineers faced a challenge: the Company has a lot of branches, that makes inventory process in the organization very complicated. The Defensys multi-tenancy option could not be used unless there is a clear understanding about the crossing IP addresses in the whole IT and OT infrastructure.

To keep records of assets in all branches and not to mix them all up the Developer has found a solution – the Defensys ACP could work with the same asset IP addresses from different branches and remote plants due to the ability to label the network when performing the inventory scan. Besides, the Defensys software was integrated with a SIEM system and antivirus solution in each branch.

The Power generating company doesn’t need customized processes or dashboards, because pre-installed options meet Company’s demands.


Cybersecurity Digest #88: 23/01/2024 – 06/02/2024

Cybersecurity News

  • An Android remote access trojan known as VajraSpy has been found in 12 malicious applications. The malicious apps have been removed from Google Play but remain available on third-party app stores, disguised as messaging or news apps.
  • Google-owned Mandiant has identified new malware employed by a China-nexus espionage threat actor known as UNC5221. It allows an unauthenticated threat actor to execute arbitrary commands on the Ivanti VPN appliance with elevated privileges.
  • GitLab has released fixes to address a critical security flaw in its Community Edition and Enterprise Edition that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.
  • A new variant of the Phobos ransomware FAUST has been discovered, one that’s a concern because it can maintain persistence in a network environment and creates multiple threads for efficient execution.
  • A recently uncovered ransomware operation named Kasseika has joined the club of threat actors that employs Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files.


Vulnerability Management: key challenges and practical advice, Part 2

In the article we continue to describe vulnerability management and challenges companies can face when setting this process, as well as share tips on how to overcome them.

Stage 4. Remediation

Remediation means taking of appropriate measures to neutralize detected vulnerabilities. It consists of installing patches/updates, stopping or disabling certain services and protocols, performing compensating measures or taking risks for non-remediation. Decisions made on detected vulnerabilities are usually indicated by appropriate statuses (e.g., compensatory measures, risk accepted or false positive). This is necessary to evaluate further actions on vulnerabilities and control their remediation.

If users decide to remediate the vulnerability, a task for IT department should be automatically created in a Service Desk system and the patch management (process of managing and applying patches, updates and software fixes) should be started.

Challenges and recommendations:

As mentioned above, vulnerabilities can be fixed using updates and patches or by modifying configuration files, but its installing process is often a complicated procedure. This may be caused by incompatibility with other programs, testing necessity, or missing access to the system for updates.

There are definitely assets, software, and services in any organization’s infrastructure that are difficult to patch.