Hello All. Interesting post from Help Net Security. Here is an excerpt:
Nearly 80% of the companies had experienced at least one cloud data breach in the past 18 months, and 43% reported 10 or more breaches, a new Ermetic survey reveals.
According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments.
Meanwhile, 80% reported they are unable to identify excessive access to sensitive data in IaaS/PaaS environments. Only hacking ranked higher than misconfiguration errors as a source of data breaches.
Full article can be found at: https://www.helpnetsecurity.com/2020/06/03/cloud-data-breach/
Elastic is working to complete their security portfolio. With the acquisition of Endgame, EDR vendor based on MITRE ATT&CK™ matrix, Elastic now releases their branded Elastic Endpoint Security.
Re-branded Endgame product is said to include ransomware protection, phishing prevention, malware prevention, exploit prevention, fileless attack prevention and the first autonomous prevention and detection engine that issues customized incident response on the endpoint without the need for cloud connectivity.
Looking forward to getting a few mins to have a look at it – have a look https://www.elastic.co/products/endpoint-security
Hello All. Please see the link to the first hearing of the US House Committee on Energy and Commerce – “Keeping The Lights On: Addressing Cyber Threats To The Grid”.
Hello All. As many people who know me can attest, I am a huge fan of Sysmon. I have presented at a lot of cons about it and recommended it many times to customers. As much as I loved Mark Russinovich‘s product before, the following major updates he has made are mind blowing.
- OriginalFileName, which adds the PE Original Filename to EventID 1 and 7
- EventType to Named Pipe events (EventID 17 and 18)
- DNS events (EventID 22)
Looking at the EventLog, the Process Create and Image Load events have the OriginalFileName field added to them, this is derived from the PE header of the file. This will make it a lot harder for malware and/or actors to rename binaries to try and avoid detection based on the original file name / path.
Named Pipe EventType
This now allows for instance filtering on ConnectPipe (18) events to only see the creation, saving a lot of data.
Now, this is the update that I have been so excited about. The addition of EventID 22, or DNS logging – see the example (from medium.com) below:
If course, Sysmon 10, as with the other Sysinternals tools, can be downloaded from Microsoft
SwiftOnSecurity also has an alpha configuration available on his website – download it here
PwC was recognized as a Leader in Global Cybersecurity Consulting Services by Forrester Research. In the Forrester Wave – Global Cybersecurity Consulting Providers, Q2 2019, PwC is ranked above all other market participants in cybersecurity strategy and strength of the offering. PwC has made big investments in amazing people and are a great place to work!