Authentication, Data collection and DNS

CloudSorcerer – A new APT targeting Russian government entities

SecureList

JULY 8, 2024

It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Government

Government Malware Data collection DNS

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

Back to the bit about risks impacting data collected by IoT devices and back again to CloudPets, Context Security's piece aligned with my own story about kids' CloudPets messages being left exposed to the internet. For some reason, the Shelly on my garage door is making a DNS request for api.shelly.cloud once every second!

IoT

IoT Firmware Risk Encryption

The Case for Multi-Vendor Security Integrations

Cisco Security

AUGUST 26, 2022

This new integration supports Umbrella proxy, cloud firewall, IP, and DNS logs. This integration enables security analysts to detect threats and visualize Cisco Umbrella data, and also correlate Umbrella events with other data sources including endpoint, cloud, and network. Read more here. Sumo Logic. Read more here.

Firewall

Firewall Authentication Passwords Threat Detection

StripedFly: Perennially flying under the radar

SecureList

OCTOBER 25, 2023

In particular, the system.img file serves as the authentic payload archive used for initial Windows system infections. DNS resolutions for pool servers are cleverly concealed behind DNS over HTTPS requests to the Cloudflare DoH (DNS over HTTPS) service , adding an extra layer of stealth to its operations.

Malware

Malware DNS Encryption Ransomware

Best Network Monitoring Tools for 2022

eSecurity Planet

JANUARY 26, 2022

For larger organizations, the PRTG Enterprise Monitor can monitor thousands of devices for a distributed environment offering auditable data collection and service-based SLA monitoring through the ITOps Board. Catchpoint Features. LogicMonitor Features.

Marketing

Marketing DDOS Threat Detection DNS

ToddyCat is making holes in your infrastructure

SecureList

APRIL 22, 2024

A connection like this created on domain controllers allows attackers to obtain the IP addresses of hosts on the internal network through DNS queries. Data for connecting the remote client to the server and its authentication details are added to the configuration file: AccountName Hostname ha.bbmouseme[.]com

VPN

VPN Passwords Encryption Malware

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

SecureList

JULY 9, 2024

The result is an unranked list of integrated data sources that can be used for developing detection logic, such as: For Command Execution: OS logs, EDR, networked device administration logs and so on; For Process Creation: OS logs, EDR; For Network Traffic Content: WAF, proxy, DNS, VPN and so on; For File Modification: DLP, EDR, OS logs and so on.

Engineering

Engineering DNS Technology Accountability

5 Best Bot Protection Solutions and Software for 2023

eSecurity Planet

APRIL 14, 2023

The company also offers a range of additional cybersecurity solutions, including DDoS protection, web application firewalls, and DNS services. The solution should differentiate between bots and humans accurately and provide mechanisms for users to prove their identity and authenticity quickly.

Software

Software DDOS Accountability Firewall

DCAP Systems: Protecting Your Data with Advanced Technology

SecureWorld News

APRIL 30, 2023

DCAP also covers your network: proxy servers, VPN and DNS, cloud solutions like Microsoft 365 and G Suite, as well as various third-party applications. DCAP systems are especially effective in preventing violations at the stage of establishing persistence, privilege escalation, and data collection.

Technology

Technology Unstructured Data Data breaches Information Security

SW Labs | Review: Bishop Fox CAST

SC Magazine

APRIL 22, 2021

This approach extends far beyond assets with an IP address, however, including everything from certificates to S3 buckets to DNS misconfigurations. The initial setup process is notable, as CAST joins a small club of ASM vendors that not only offer multifactor authentication by default, they require it to be configured on first login.

Penetration Testing

Penetration Testing Technology Marketing Engineering

Mystic Stealer

Security Boulevard

JUNE 15, 2023

In addition, it collects Steam and Telegram credentials as well as data related to installed cryptocurrency wallets. The malware targets more than 70 web browser extensions for cryptocurrency theft and uses the same functionality to target two-factor authentication (2FA) applications. me/+ZjiasReCKmo2N2Rk (Mystic Stealer News).

Cryptocurrency

Cryptocurrency Password Management Malware DNS

SOC 2025: Operationalizing the SOC

Security Boulevard

APRIL 18, 2022

Maybe it’s DNS reputation on a suspicious IP address or an adversary profile based on the command and control traffic. How do you ensure proper authentication and authorization of any commands sent to the devices/services? You want to ensure the analyst has sufficient information to dig into the alert immediately.

Technology

Technology Marketing Phishing DNS

Cyber Security Informer

CloudSorcerer – A new APT targeting Russian government entities

IoT Unravelled Part 3: Security

Trending Sources

The Case for Multi-Vendor Security Integrations

StripedFly: Perennially flying under the radar

Best Network Monitoring Tools for 2022

ToddyCat is making holes in your infrastructure

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

5 Best Bot Protection Solutions and Software for 2023

DCAP Systems: Protecting Your Data with Advanced Technology

SW Labs | Review: Bishop Fox CAST

Mystic Stealer

SOC 2025: Operationalizing the SOC

Stay Connected