New release of the Defensys Endpoint v. 1.8

Defensys company announced the extension of Defensys Endpoint functionalities. New features are aimed at improving corporate network security from current cyber threats and raising efficiency of IT infrastructure monitoring process.

Defensys continues to upgrade the Endpoint technology by adding new functions for a better security level and monitoring of IT systems. In the new release Defensys has significantly upgraded technical audit section. Now users can view expertise results in a more comprehensive way, that makes vulnerabilities analysis easier and enables faster remedial action. Moreover, it’s now possible to add own policies and modify installed checks by adapting audits to particular requirements and company’s tasks.

Integration with the Defensys TDP has been added to the Defensys Endpoint v. 1.8. Due to this, lures which simulate vulnerabilities in the corporate network making it more attractive for hackers, can be placed in one click. For instance, the Defensys Endpoint helps to place such lures as false accounts, saved sessions, and SSH keys. This approach reduces the cost of deploying and updating simulated infrastructure.

Therefore, the Defensys team has also integrated the option of installing and managing Sysmon module for Windows OS into the product. Sysmon is a powerful tool for system event monitoring that can detect suspicious activity on computers and prevent potential threats.


Cybersecurity Digest #86: 12/12/2023 – 26/12/2023

Cybersecurity News

  • Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, with one of the vulnerabilities allowing the intruders to remotely execute commands from the LocalSystem account.
  • VoIP communications company 3CX has warned its customers to disable SQL database integrations due to possible risks associated with what it describes as a potential vulnerability.
  • Akamai has warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recording devices.
  • A four-tier classification has been proposed in China to help with the response to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.
  • 2023 has seen the emergence of ten new Android banking malware families, which collectively target 985 banking and trading apps from financial institutes across 61 countries.
  • As a part of Patch Tuesday, Microsoft has fixed 34 vulnerabilities including one zero-day vulnerability affecting specific AMD processors.
  • A critical vulnerability which can let attackers gain remote code execution to fully compromise vulnerable websites has been discovered in a WordPress plugin.


Case study by Defensys – Retail company


The Сompany’s cyber security specialists have been actively using Threat Intelligence tools in their daily routine for a long time. Nevertheless, the necessity to change the existing solution to another one arose due to new internal policies. Since the specialists had a lot of experience with TI, there were high demands for a new on-premises system.

It was especially important for the client to choose an alternative analogue with functionality and performance that would not be inferior to capabilities of the used platform. The second criterion was the ability to connect previously used feeds and integrate the software into existing systems.

At the same time, the transition had to be implemented without disrupting of the running processes for collecting forensic information, which is then used in incident response and retrospective data analysis.

After a range of demonstrations and a PoC project the Retailer has concluded, that the Defensys TIP platform meets all the requirements.


Defensys’s engineers have connected more than 15 commercial and open-source data sources (feeds) that provide IoCs and additional TI context. One more data source was the vendor’s own Threat Feed, which automatically extracts IoCs and related context from TI reports.


Cybersecurity Digest #85: 28/11/2023 – 12/12/2023

Cybersecurity news

  • WordPress has released version 6.4.2 that addresses a remote code execution vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
  • A critical security vulnerability has been discovered in the system component to the Android OS that could lead to remote code execution. The issue has been assigned CVE-2023-40088.
  • Two vulnerabilities have been discovered in Bluetooth wireless communications technology. These vulnerabilities allow attackers to eavesdrop on and decrypt Bluetooth traffic, as well as inject fake messages into Bluetooth communications.
  • The popular AI chatbot OpenAI has been divulging sensitive information such as people’s names, email addresses and phone numbers from its training data, according to a team of researchers at Google.
  • Zyxel has released patches to address 15 security issues impacting network-attached storage, firewall, and access point devices, including three critical flaws that could lead to authentication bypass and command injection.
  • Researchers at AppOms have discovered a vulnerability in Zoom Room, which allowed threat actors to take over meetings and steal sensitive data.


Application of knowledge base MITRE in Defensys TIP

An important role in data handling for Threat Intelligence plays knowledge for understanding of threats’ context and their interconnections to certain tactics or hacker groups. Therefore, the lack of necessary data leads to an incomplete understanding of different cybercriminals’ approaches for their attacks. Companies need context regarding indicators, interconnections between threats and attacks to easily identify more dangerous threats and prioritize the ways to eliminate them.

The Defensys TIP is integrated with the knowledge base MITRE ATT&CK®. Thanks to this, users can apply the information regarding hackers’ techniques and tactics to determine the possible ways of threats’ development and preventive protection of information infrastructure.

Threat Intelligence with MITRE ATT&CK®

MITRE ATT&CK® (Adversarial Tactics, Techniques & Common Knowledge) is the knowledge base, that describes and classifies attackers’ behavior based on the analysis of their actions during real attacks. This is a structured list of known behavior types, that are united according to tactics and techniques and grouped in several matrices.

The matrix ATT&CK for Enterprise was created to classify attacks on corporate infrastructure and includes techniques and tactics for Windows, Linux and/or MacOS operating systems. The matrix also describes behavior types of cyber criminals while attacks against corporate systems.