To effectively respond to events and incidents, cybersecurity defenders rely on their knowledge of various topics, e.g., DNS, HTTP, TCP/IP, LoLBINs, Windows services, processes, threads, WMI, Mimikatz, and more. The more a defender understands these technical topics, the more efficient and thorough their investigations will be. During an incident, the ability to contain and eradicate … Continue reading Setting Time Expectations for RFIs
Recent news reminds us that vulnerabilities persist in critical infrastructure platforms targeted by financially motivated and state-sponsored espionage threat actors. We're constantly hearing about the exploitation of old and new vulnerabilities as part of cyberattacks. While vulnerability management may be challenging, we must be vigilant and look for ways to improve our cybersecurity defenses. Implementing … Continue reading External Attack Surface Management and its Integration with Cybersecurity Operations
By Justin C. Klein Keane, Director, MorganFranklin Consulting The promise of cyber threat intelligence (CTI) was always that, as a global community, blue teams could share information about badness that happened instantaneously and proactively utilize indicators of attack (IOAs) or compromise (IOCs) observed by others. IOAs and IOCs are known as tactical CTI.While this was … Continue reading Rethinking Cyber Threat Intelligence
On January 25, 2023, Akamai Security Research released proof-of-concept code that exploits CVE-2022-34689, Windows CryptoAPI Spoofing Vulnerability. The Windows CryptoAPI is the "de facto API in Windows for handling anything related to cryptography.", Akamai researchers explained. This point makes any vulnerability in the Windows CryptoAPI particularly concerning. "According to Microsoft, the vulnerability allows an attacker … Continue reading Quick Take: Proof-of-Concept Exploiting Windows CryptoAPI Spoofing Vulnerability Released
Originally posted August 1, 2022 By ttheveii0x on Security Risk Advisors blog UPDATED: January 24, 2023 Establishing Threat Intelligence Requirements should be one of the first things organizations do when starting a Cyber Threat Intelligence (CTI) program. It is possible to establish CTI requirements with a CTI program already in place. Threat intelligence requirements provide … Continue reading Threat Intelligence Requirements
Cyber Threat Intelligence (CTI) is not a new area of cybersecurity, but uncertainty about what CTI is remains a question throughout the community. If you ask ten people to define CTI, you will likely hear eight to ten (8-10) different definitions. It’s very concerning that this is the current state of understanding. To test the … Continue reading Defining Cyber Threat Intelligence
Unveiled Security 