Tag: detection

Application Detection and Response (ADR) Gives the SOC Deep Visibility into the Application Layer – Contrast Security

Feb 13, 2025 7:48 PM

Tags: attack, cloud, detection, endpoint, soc, threat, tool, vulnerability
Cybercriminals Exploit Pyramid Pentesting Tool for Covert C2 Communications

Feb 13, 2025 2:48 PM

Tags: communications, control, cyber, cybercrime, cybersecurity, detection, endpoint, exploit, framework, github, hacker, malicious, open-source, penetration-testing, tool

Cybersecurity analysts have identified that hackers are leveraging the open-source Pyramid pentesting tool to establish stealthy command-and-control (C2) communications. Originally designed as a post-exploitation framework for penetration testers, Pyramid has become an attractive option for malicious actors due to its ability to evade detection by endpoint security tools. The tool, first released on GitHub in…
24% of vulnerabilities are abused before a patch is available

Feb 13, 2025 1:48 PM

Tags: access, attack, breach, credentials, cve, cyber, data-breach, detection, exploit, incident response, intelligence, network, service, social-engineering, software, threat, tool, update, vulnerability, vulnerability-management, zero-trust

Building the case for proactive security: Boris Cipot, senior security engineer at software composition analysis firm Black Duck, said that several factors contribute toward the rise in exploited vulnerabilities, including improvements in monitoring.”The software we use may simply contain more vulnerabilities, or these vulnerabilities are being reported and discovered more effectively,” Cipot said. “Some vulnerabilities…
The Rise of Non-Ransomware Attacks on AWS S3 Data

Feb 13, 2025 1:48 PM

Tags: access, attack, authentication, breach, cloud, communications, compliance, control, cyber, data, data-breach, detection, encryption, exploit, Hardware, iam, lessons-learned, malicious, monitoring, ransom, ransomware, regulation, risk, software, strategy, threat, tool, unauthorized

The Rise of Non-Ransomware Attacks on AWS S3 Data madhav Thu, 02/13/2025 – 04:39 A sophisticated ransomware gang, Codefinger, has a cunning new technique for encrypting data stored in AWS S3 buckets without traditional ransomware tools. Instead, they exploit the AWS server-side encryption with customer-provided keys (SSE-C), extorting payment in exchange for the encryption key.…
Ransomware gangs shifting tactics to evade enterprise defenses

Feb 12, 2025 6:55 PM

Tags: defense, detection, law, ransomware, tactics, threat

Threat actors adapted to improved threat detection, law enforcement actions, new Huntress research finds. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-gangs–tactics-/739937/
The Current AI Revolution Will (Finally) Transform Your SOC

Feb 12, 2025 5:57 PM

Tags: ai, cybersecurity, detection, intelligence, soc

Artificial intelligence (AI) is profoundly transforming cybersecurity, reimagining detection through remediation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/the-current-ai-revolution-will-finally-transform-your-soc/
Getting the Most Value out of the OSCP: Pre-Course Prep

Feb 12, 2025 5:57 PM

Tags: access, antivirus, attack, compliance, control, credentials, cyber, cybersecurity, detection, exploit, finance, framework, guide, hacker, hacking, infosec, infrastructure, jobs, kali, linux, mandiant, metric, microsoft, mitre, network, organized, password, penetration-testing, PurpleTeam, RedTeam, risk, service, skills, software, tactics, technology, tool, training, vulnerability, windows

The first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…
Enhancing Threat Detection With Improved Metadata MITRE ATTCK tags

Feb 12, 2025 4:55 PM

Tags: cyber, cybersecurity, detection, intelligence, mitre, threat, tool, update

The cybersecurity landscape continues to evolve rapidly, demanding more sophisticated tools and methodologies to combat emerging threats. In response, Proofpoint’s Emerging Threats (ET) team has implemented significant updates to its ruleset, enhancing metadata coverage and integrating MITRE ATT&CK tags. These advancements aim to provide security teams with actionable intelligence and improved context for detecting and…
Logpoint und Netheimur verstärken den Unternehmensschutz in Island

Feb 12, 2025 3:55 PM

Tags: cybersecurity, detection, network

Logpoint hat auch sein Produktportfolio erweitert und vor kurzem das dänische Network Detection and Response (NDR)-Unternehmen Muninn übernommen, um Unternehmen dabei zu helfen, ihre Sicherheitsleistung durch verbesserte Cybersecurity-Transparenz zu verbessern. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/logpoint-und-netheimur-verstaerken-den-unternehmensschutz-in-island/a39784/
Security Detection Tech Failing, Say Cyber Leaders in Regulated Industries

Feb 12, 2025 1:55 PM

Tags: cyber, detection, threat

A new Everfox survey shows a growing consensus among regulated organizations in favor of a strategic shift away from detecting cyber threats to preventing them First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-detection-tech-failing/
SystemBC RAT Now Targets Linux, Spreading Ransomware and Infostealers

Feb 11, 2025 2:55 PM

Tags: detection, linux, ransomware, rat

SystemBC RAT now targets Linux, enabling ransomware gangs like Ryuk Conti to spread, evade detection, and maintain encrypted C2 traffic for stealthy cyberattacks. First seen on hackread.com Jump to article: hackread.com/systembc-rat-targets-linux-ransomware-infostealers/
EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS

Feb 11, 2025 12:55 PM

Tags: apt, communications, control, cyber, cyberattack, detection, malware, network, tactics, threat

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally. Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods. Their command-and-control (C&C) communications often mimic legitimate web traffic, making detection particularly challenging for traditional Network Intrusion Detection Systems (NIDS). To address…
Top 5 ways attackers use generative AI to exploit your systems

Feb 11, 2025 7:55 AM

Tags: access, ai, attack, authentication, awareness, banking, captcha, chatgpt, china, control, cyber, cybercrime, cybersecurity, defense, detection, exploit, extortion, finance, flaw, fraud, group, hacker, intelligence, LLM, malicious, malware, network, phishing, ransomware, resilience, service, spam, tactics, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: Artificial intelligence can also be used to generate more sophisticated or at least less labour-intensive malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s…
Phishing Season 2025: The Latest Predictions Unveiled

Feb 10, 2025 7:55 PM

Tags: access, ai, attack, authentication, automation, cloud, communications, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, defense, detection, election, email, exploit, finance, google, government, group, infrastructure, intelligence, login, malware, mfa, mobile, network, passkey, phishing, ransomware, risk, service, social-engineering, strategy, tactics, technology, threat, tool, update, voip, vulnerability, zero-trust

Every year, cybercriminals sharpen their tools and refine their tactics to exploit network and security vulnerabilities. Gone are the days of clumsy emails with glaring typos and suspicious attachments. Instead, we face an era of new sophistication. No longer just stealing credentials, attackers are creating intricate digital narratives that make it difficult to distinguish friend…
New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

Feb 10, 2025 6:54 PM

Tags: control, cyber, detection, exploit, malware

A recent analysis of over one million malware samples by Picus Security has revealed a growing trend in the exploitation of application layer protocols for stealthy command-and-control (C2) operations. These findings, detailed in the Red Report 2025, underscore the increasing sophistication of cyber adversaries who leverage widely used protocols to evade detection and maintain persistence…
New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

Feb 10, 2025 2:37 PM

Tags: attack, cyber, cybersecurity, detection, endpoint, exploit

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique known as Bring Your Own Trusted Binary (BYOTB). This method leverages legitimate, trusted binaries to evade detection by advanced security measures such as Endpoint Detection and Response (EDR) systems and firewalls. The findings, presented by cybersecurity researcher David Kennedy of Jumpsec…
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Feb 8, 2025 8:06 AM

Tags: cybersecurity, detection, hacker, malicious, ml

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of “broken” pickle files to evade detection.”The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file,” ReversingLabs researcher Karlo Zanki said in a report shared with The…
Securing Autonomous AI Workflows Through Advanced Single Sign-On

Feb 7, 2025 9:06 PM

Tags: access, ai, detection, least-privilege, threat

Single Sign-On (SSO) is transforming how AI agents authenticate across systems. This article explores SSO’s role in enhancing security, enforcing least-privilege access, and enabling real-time threat detection for autonomous AI workflows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/securing-autonomous-ai-workflows-through-advanced-single-sign-on/
EDR-Killer So lässt sich eine Endpoint-DetectionResponse-Lösung selber schützen

Feb 7, 2025 3:06 PM

Tags: detection, edr, endpoint, ransomware, tool

Die Bedrohungsakteure entwickeln sich in der heutigen Cybersicherheitslandschaft ständig weiter und suchen nach neuen Wegen, um mit immer ausgefeilteren Tools und Techniken in Unternehmen einzudringen. Dieses ständige ‘Katz- und Mausspiel” hat zu Endpoint-Detection and Response (EDR) -Killern geführt, die in Verbindung mit dem Auftauchen neuer Ransomware-Varianten und der Umbenennung älterer Varianten zu einer erheblichen Bedrohung…
EDR Killer: Was sie sind und wie sich Unternehmen schützen

Feb 7, 2025 9:06 AM

Tags: detection, edr, ransomware, tool

Die Bedrohungsakteure entwickeln sich in der heutigen Cybersicherheitslandschaft ständig weiter und suchen nach neuen Wegen, um mit immer ausgefeilteren Tools und Techniken in Unternehmen einzudringen. Dieses ständige ‘Katz- und Mausspiel” hat zu EDR Killern (Endpoint Detection and Response) geführt, die in Verbindung mit dem Auftauchen neuer Ransomware-Varianten und der Umbenennung älterer Varianten zu einer erheblichen…
Die besten Cyber-Recovery-Lösungen

Feb 7, 2025 5:06 AM

Tags: access, ai, backup, business, cloud, cyber, cyberattack, data, detection, endpoint, Hardware, incident response, mail, malware, microsoft, mitigation, monitoring, ransomware, risk, saas, service, software, threat, tool, update, vulnerability, zero-trust
Hugging Face platform continues to be plagued by vulnerable ‘pickles’

Feb 6, 2025 6:06 PM

Tags: detection, malware, vulnerability

A widely used python module for machine-learning developers can be loaded with malware and bypass detection measures. First seen on cyberscoop.com Jump to article: cyberscoop.com/hugging-face-platform-continues-to-be-plagued-by-vulnerable-pickles/
Qualys TotalAppSec Strengthens Application Risk Management

Feb 6, 2025 5:06 PM

Tags: ai, api, cloud, detection, malware, risk, risk-management

Qualys introduced TotalAppSec, an AI-powered application risk management solution designed to unify API security, web application scanning and web malware detection across on-premises, hybrid and multi-cloud environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/qualys-totalappsec-strengthens-application-risk-management/
MacOS Ferret operators add a deceptive bite to their malware family

Feb 5, 2025 2:12 PM

Tags: apple, apt, attack, backdoor, browser, china, chrome, cyber, detection, espionage, google, group, jobs, korea, macOS, malicious, malware, north-korea, service, software, tactics, threat, update

The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
Why honeypots deserve a spot in your cybersecurity arsenal

Feb 5, 2025 8:12 AM

Tags: access, api, attack, business, cisa, control, credentials, cybersecurity, data, data-breach, defense, detection, endpoint, exploit, github, group, intelligence, Internet, Intruder, leak, malicious, monitoring, network, open-source, password, risk, service, software, supply-chain, technology, threat, tool, unauthorized, update, vulnerability, zero-day

In cybersecurity, we spend a lot of time focusing on preventative controls, patching vulnerabilities, implementing secure configurations, and performing other “best practices” to mitigate risk to our organizations. These are great and necessary, but something must be said about getting an up close and personal look at real-world malicious activities and adversarial behavior.One of the…
AWS tightens default security on Redshift

Feb 5, 2025 5:12 AM

Tags: best-practice, business, cloud, data, defense, detection, intelligence, monitoring, risk, service, technology, threat

Amazon’s security improvements for its AWS Redshift managed data warehouse service are welcome additions, says an expert.Loris Degioanni, chief technology officer at Sysdig, told CSO that AWS’s enhanced security defaults for Amazon Redshift are a “necessary evolution for the accelerated cloud adoption we’ve seen across organizations with varying security expertise. Secure configurations are the first…
7 Tipps zur Verbesserung des ROI für Cybersicherheit

Feb 4, 2025 6:12 PM

Tags: ai, ciso, compliance, cyber, cyberattack, cybersecurity, cyersecurity, detection, gartner, group, infrastructure, network, resilience, risk, service, siem, threat, tool, vulnerability
ANY.RUN Enhances Malware Detection and Performance to Combat 2025 Cyber Threats

Feb 4, 2025 5:12 PM

Tags: cyber, cybersecurity, detection, malware, threat, update

As cyber threats grow more sophisticated, ANY.RUN has unveiled a series of updates aimed at improving malware detection, analysis, and overall performance of its platform. These updates, implemented in January 2025, focus on optimizing the platform’s core functionality, enhancing detection capabilities, and addressing the evolving needs of cybersecurity professionals. System Optimizations Strengthen Performance ANY.RUN has…
Network Detection and Response gegen Cyberrisiken – NDR: 3 Gründe, warum die Visibility nicht vernachlässigt werden darf

Feb 4, 2025 1:12 PM

Tags: detection, network

First seen on security-insider.de Jump to article: www.security-insider.de/effektive-nutzung-von-network-detection-and-response-loesungen-a-ecc7d12bb0689b80318c2deb9a3b3b4c/
FlexibleFerret Malware Attacking macOS Users, Evading XProtect Detections

Feb 4, 2025 11:12 AM

Tags: apple, cyber, detection, jobs, macOS, malware, north-korea, phishing, tool, update

A new macOS malware variant, dubbed >>FlexibleFerret,