Defensys has announced a new release of the Defensys TIP version 3.24. New functions of the Defensys TIP are aimed at automation of indicators of compromise (IoCs) handling and increase of threat analysis effectiveness.

One of the key changes is the expansion of IoCs export capabilities to security tools. The developer has added the option to create IoCs export rules of IP-address type in OpenIOC format for further transfer to target systems. These improvements expand IoCs export capabilities and make information security processes more effective.

The updated Defensys TIP 3.24 has a modified IoCs search within data flow coming from SIEM systems:

• Information regarding IoCs detection events in CEF format can now be sent back to SIEM systems;

• The filter for events from Apache Kafka has been added. The feature enables events search within the flow in accordance with the defined fields.

Cybersecurity News

• Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting 6+ Million Sites.

• WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks. The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2).

• DrayTek has released patches for several models of its routers, addressing 14 vulnerabilities. One of them is rated as critical (10.0 on the CVSS scale) and allows remote execution of arbitrary code.

• CUPS vulnerabilities could put Linux systems at risk. The vulnerability can lead to the interception of a computer over a network or the Internet during a print job.

Defensys has introduced the new version of the Defensys SOAR. The team of experts has improved the user interface so that SOC analysts can solve their daily tasks more productively. To promote communication among CS specialists, the 5.3 version has a modernized email handling. Moreover, the function for calculating the incidents’ impact on business processes has been added to the Defensys SOAR. It increases transparency of SOC work to assess cyber security state in organizations. New function will accelerate the decision-making process on response prioritization, as well as managerial decisions on building the information protection system.

The key update in the user’s interface is the improved editing mode in incident cards. Now depending on the task SOC analysts can choose either point field editing to make quick corrections or edit mode if multiple changes are required.

Additionally, the version has multiple interface changes that make it more intuitive and the displayed information more readable:

• The “Incidents” section has been redesigned and an action panel has been added;

• The display of incident severity level has been redesigned;

• A setting that allows users to switch to a compact view while working with incident list has been added;

Cybersecurity News

• Hardbit ransomware version 4.0 supports new obfuscation technique.
• Hackers are attacking Windows users with Internet Explorer zero-Day vulnerability.
• Apple warns iPhone users in 98 countries of more spyware attacks.
• Critical Exim bug bypasses security filters on 1.5 million mail servers.
• Latest CapraRAT Android spyware campaign targets gamers and TikTokers.
• Dark Gate malware campaign uses Samba file shares.
• GitLab critical bug lets attackers run pipelines as other users.
• A user has

In order to improve the process of working with incoming cybersecurity events Defensys has expanded functionalities of the Defensys SIEM. The release 1.3 has a range of updates: the developer has increased the number of functions for events collection and handling, implemented new tools for content processing and search, added a report builder and new integrations to external systems. These changes will lead to better security of IT infrastructure and improve efficiency of CS specialists.

Defensys continues developing technologies for data protection and prevention of cyberattacks. New features are included in the event processing pipeline by Defensys’ specialists, updates allow SOC’s analysts to manage data processing collection in the system’s interface. Thus, the Defensys team has added new elements to the already available input and output points, buses and event normalizer, among them are an aggregator, a router and a filter. This allows users to customize event handling at its fullest, that is especially important for a large infrastructure of sources and systems.

Cybersecurity News

• Researchers have spotted exploitation attempts for the critical vulnerability impacting all D-Link DIR-859 WiFi routers.
• Brain Cipher has released decryption keys for free, allowing victims to recover their encrypted data.
• Apple’s CocoaPods platform bugs expose millions of Apps to code injection.
• Ticketmaster has started to notify customers who were impacted by a recent data breach.
• Researchers discovered a new Android malware, “Snowblind”, running active campaigns since early 2024.
• OpenSSH addressed a critical vulnerability, tracked as CVE-2024-6387, that can lead to unauthenticated remote code execution.
• Cisco has patched a

Cybersecurity news

• Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. The high-severity flaw is tracked as CVE-2022-4135 and is a heap buffer overflow in GPU, discovered by Clement Lecigne of Google’s Threat Analysis Group on November 22, 2022.
• Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.
• Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware.

Cybersecurity news

• A threat group tracked as ‘Worok’ hides malware within PNG images to infect victims’ machines with information-stealing malware without raising alarms. This has been confirmed by researchers at Avast, who built upon the findings of ESET, the first to spot and report on Worok’s activity.
• Researchers from cybersecurity firm Avanan, uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims.

Cybersecurity news

• The Cranefly hacking group uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.
• Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware.
• McAfee specialists have removed 16 malicious programs from the Google Play, which were extremely popular among users.

Cybersecurity news

• Computer security experts in Scotland have developed a system that uses thermal imaging and artificial intelligence to guess computer and smartphone passwords in seconds.
• A phishing-as-a-service platform named ‘Caffeine’ makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. Caffeine doesn’t require invites or referrals, nor does it require wannabe threat actors to get approval from an admin on Telegram or a hacking forum. Due to this, it removes much of the friction that characterizes almost all platforms of this kind.
• The Zimbra Collaboration Suite is impacted by a critical remote code execution vulnerability that remains unpatched, despite being exploited in attacks. The issue, tracked as CVE-2022-41352, exists because of the Cpio method that the Zimbra antivirus engine uses when scanning inbound emails.