Threat Detection

Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.   To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time,...

DomainTools has announced the availability of DomainTools Iris Detect, an innovative new product designed to discover and monitor domain names spoofing brands, trademarks, or other domains with unprecedented speed, accuracy, and comprehensiveness. Building on the world’s largest databases of domain registration and Domain Name System (DNS) data developed by DomainTools and Farsight Security, the discovery engine underpinning Iris Detect identifies some 350,000 new domains every day—far more than any other technology available. In fact, in a 12-hour period earlier...

Next-Gen SIEM provider, Securonix has announced availability of its SearchMore functionality that helps operations teams better detect and respond to threats that bypass preventative and detection controls. The company states that "SearchMore delivers the industry’s first Community-Powered Threat Hunting capability and provides the ability to search on real-time, streaming data, as well as long-term data." CEO Sachin Nayyar elaborated: “This is a huge step in cybersecurity monitoring. With a combination of cloud-native and big data...

You only have to read the news on this very website to find countless stories of instances where companies have inadvertently left a database exposed on the web - it’s every security professional’s worst nightmare.   Researchers at Comparitech, who will often be the source of finding these misconfigured databases to alert the unsuspecting company, decided to set up a honeypot experiment to see just how little time it would take before such a database...

The success of open source and collaborative projects depends on the community that supports them. The development model is driven solely by a common goal, and has consistently been an invaluable resource for the IT and IT security industries.  Guided by the common goal of making the internet a little more secure and to help users hunt unknown malicious infrastructure, DomainTools has announced that it will integrate its Iris tool with TheHive and Cortex platform....

The NSA recently issued an advisory to enterprises that adopt 'break and inspect' technologies to gain visibility over encrypted traffic, warning them of the potential risks of such an approach. In fact, decrypting and re-encrypting traffic through a proxy device, a firewall, intrusion detection or prevention systems (IDS/IPS) that that doesn't properly validate transport layer security (TLS) certificates, for instance, will weaken the end-to-end protection provided by the TLS encryption to the end-users, drastically increasing...

Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser. Kaspersky has allocated the vulnerability as CVE-2019-13720 and reported it to Google. A patch has been released. Upon review of the PoC provided, Google confirmed that it is a zero-day vulnerability. Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage. The new exploit is used in attacks that leverage a waterhole-style injection in a...

This week’s question: What does automation mean for IT security teams?  What automation primarily means is that teams now have the chance to scale their tasks to meet the needs of the business. Nowadays, given that vulnerabilities are discovered on a daily basis, organisations need tools that can keep track of these weaknesses as these are made public and patches become available.   The great strategic advantage of using an automation tool for vulnerability management is the frequency at which it allows IT...

Companies need to beware of both external cyberattacks and insider threats. Like a classic horror film, both threats come with their own elements of mystery, suspense and fear. Fortunately, it is possible to defend each type of attack vector using a similar cybersecurity strategy for each. More on that later. First, let’s set the scene of the current security landscape.

By Tarik Saleh, Senior Security Engineer at DomainTools Advanced Persistent Threats are long term patterns of network exploitation that go undetected for extended periods of time and are usually aimed at high profile targets such as governments, higher education institutions, political activists, and companies. They are often motivated by economic, political, and financial reasons, and the attacks tend to be highly targeted, resourceful, and risk tolerant.   The typical APT involves several phases:   Infiltration/Initial compromise:  This...