Blog

Cybersecurity Digest #84: 14/11/2023 – 28/11/2023

Cybersecurity News

  • Lumma Stealer, the stealer malware, now features a new anti-sandbox technique that leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts.
  • The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users.
  • Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative.
  • Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead.
  • The Federal Communications Commission has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud.
  • The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database. Currently, more than 600,000 websites still run a vulnerable version of the plugin and are exposed to potential attacks.
  • Intel has addressed the vulnerability in its current desktop, server, mobile and embedded processors, CPUs, including the microarchitectures Alder Lake, Raptor Lake, and Sapphire Rapids.

More

Case study by Defensys – Mining company

Challenge

Before the project launch, the Company already had its SIEM system and the implemented Defensys SOAR. During this project, our target was to update the system for cybersecurity compliance with the national state standards.

Implementation

The SOAR is used for handling both IT and OT incidents and is integrated with the company’s CMDB.

Following purchasing of the new license, a part of the existing processes had to be reconsidered. According to the new role model, all company’s network segments were divided into critical and non-critical. Depending on the segment status, the responsible department receives an incident notification and gets involved in its processing.

After discussing of the new incident handling policy, Defensys modified asset cards to meet company’s demands and created 60 response instructions. They’re being automatically pulled into the incident card according to the certain incident parameters. Besides, these cards contain necessary fields for the cybersecurity authority notification and allow data mapping, when an incident occurs on the critical network segment.

The rich customization features of the Defensys SOARmade possible the notification of the cybersecurity authority in a report form by pushing a button.

All incidents in the company are categorized based on the state-approved hierarchy.

More

Cybersecurity Digest #83: 31/10/2023 – 14/11/2023

Cybersecurity News

More

Cybersecurity Digest #82: 05/09/2023 – 19/09/2023

Cybersecurity news

More

Defensys Endpoint – supplemented with new features

Defensys has introduced an updated technology of Defensys Endpoint for data collecting, detection and response on endpoints. Among the key changes is the enhanced number of integrations with other Defensys products. The vendor has also improved events collecting and added new response techniques.

The Defensys Endpoint technology expands functionalities of other technologies and offers additional advantages for users. Thanks to the Defensys Endpoint each user is able to conduct detailed asset inventory, detect threats and respond directly on endpoints. Users now can also automatically conduct technical audit of all popular operation systems according to cyber security standards.

Due to these innovations the Defensys Endpoint can be used as a sensor for IoC detection on servers and users workstations in the company’s infrastructure. Now users can receive events independently from configurations of other security systems and also from the node’s location – inside or outside the organization. The feature was supplemented as a result of integration with the Defensys TIP.

Besides, the developer created a new integration with the Defensys SGRC Platform, which allows users to conduct technical audit of the node according to legislation and chosen security level. This way you can check correctness and optimality both of operating system and application software settings and make sure the node complies with the requirements.

More