incidentresponse

Disk Image Deception

Cisco’s Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tactics, techniques, and procedures (TTPs) that defenders can monitor for in their environments. Our incident response and security monitoring team’s analysis on a suspicious phishing attack uncovered some helpful improvements in our detection capabilities and timing.

The post Disk Image Deception appeared first on Cisco Blogs.

January 16, 2020
0 comment
Read More >>

SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145

[embedded content] Jeff Costlow is the Head of Security at ExtraHop. Organizations looking to embrace the speed and flexibility of the cloud need to shift gears in security as well, moving towards a cloud-first approach that combines complete visibility with behavioral- and- rule-based threat detection. Learn how the SOC Visibility Triad pairs network detection and response with endpoint detection and response and SIEM tools in order to help you strengthen…

October 1, 2019
0 comment
Read More >>

Threat Hunting, Viavi – ESW #147

[embedded content] Charles Thompson, Sr. Director of Product Management at VIAVI Solutions, has a career spanning 20 years in the IT space specializing in using wire-data to assist SecOps and NetOps teams with management, analysis, and protection of critical applications, services, and data. Full Show Notes: https://wiki.securityweekly.com/ES_Episode147 Visit https://www.securityweekly.com/esw for all the latest episodes! To learn more about our sponsors visit: The Security Weekly Sponsor’s Page Matt Alderman – CEO…

July 31, 2019
0 comment
Read More >>