SamSam Vertical Market Ransomware

In our newest threat advisory, we explore the process of detection and mitigation of SamSam.

JASK Sponsors Bryson DeChambeau, A professional golfer

Recently, JASK announced a sponsorship of Bryson DeChambeau, a professional golfer who in just his 2nd year on tour has won two tournaments.

Applied Machine Learning in Security Part 2: The yawning chasm between image recognition and threat detection

This the second post in a multi-part series about employing “real” machine learning in network security. The remainder of the series will follow with more details to come.

Artificial Intelligence vs Machine Learning

In order to provide clarity and perspective, this blog will define AI and machine learning and their respective relationship.

The Trickle Down of Supply Chain Attacks

Under the cover of reputable and trusted software vendors, many enterprises have unknowingly given away access and privileges to malicious actors.

Beyond SIEM, Beyond Orchestration

Users can now leverage Demisto’s security orchestration and automation capabilities with JASK’s AI-driven, autonomous security operations capabilities for efficient and accelerated incident……

DoublePulsar exploit targeting Windows Embedded devices

SpecOps Threat Update: This new modification of DoublePulsar adds capability to potentially exploit a significant number of previously untargetable Windows IoT devices.

DDoS Will Never Die

Malicious actors will research, probe and exploit every possible internet-exposed device (among other things) because DDoS can be very profitable, even more profitable if combined with crypto mining.…

How to Keep Your Security Analysts

The same questions keep lingering: why is keeping security analysts so difficult, and what do analysts want from their position?

NoSQL-based stacks exposed to the Internet actively exploited

The popularity of these frameworks makes them attractive for exploitation as malicious actors are constantly seeking resources for crime-driven operations such as spam, piracy, DDoS and profit-driven…

Browser extensions: Hidden behind good, can be very bad

As these extensions have become popular so has the attention of malicious actors shifted towards them, in many cases providing an effective mean to compromise very large number of victims.

Beyond SIEM: Evolving Correlation

Some correlations engines are more powerful than others, but most of the time they all still provide the same level of functionality in one way or another. These events usually get triaged by an…

Dynamic Asset Discovery

A large number of data breaches occur as a result of weak or inefficient perimeter protection. With the ever-increasing diversity among the devices being connected to a network and the…

From Russia with Love?

Alarm bells went off last week as the United States Department of Justice (DOJ) reported that a large number of small office home office (SOHO) routers and storage devices were being actively…

Cryptocurrency & the Underground Economy

For years the underground economy of cybercrime has been financially motivated to constantly evolve and adopt new tactics, tools and procedures (TTPs).  Nowhere is this more evident than in…

All your passwords are belong to us

There are a number of password alternatives or complements that can improve security from using passwords as the only authentication/authorization method.

How botnets are built on mass CMS exploitation

It is calculated that the internet has about 2 billion websites, and there are plenty that are built using CMS (content management frameworks).

Weaponizing Oracle WebLogic Vulnerabilities

Recent Oracle WebLogic vulnerabilities CVE-2017-10271 and CVE-2018-2628 are just another chapter in this story, as bots have already been observed attempting weaponize these vulns.

Applied Machine Learning in Security Part 1: The Introduction for Skeptics

This the first post in a multi-part series about employing “real” machine learning in network security. The remainder of the series will follow with more details to come.

Trickbot ‘Son of Dyre’

Each day, security operation centers and researchers alike wage battle against incoming waves of scanning, brute force attempts, and malicious email.

Rig Exploit Kit delivering ransomware via Adobe Flash exploit (CVE-2018-4878)

Exploit kits are very efficient tools used in the cybercrime underground. These frameworks are packed with a number of exploits and mechanisms to detect vulnerabilities in systems/applications and…

What Data Types to Prioritize to Shine the Light on Blind Spots in Your SIEM

More log data equals more money and, as a result, enterprises have to make a difficult choice around what log sources and data are what they guess is the most important. 

Drupalgeddon2

A new vulnerability affecting the popular content management system (CMS) framework Drupal has been announced. This vulnerability is said to affect over 1 Million websites.

Future SOC: The Universal Analyst

Backed by government funding and Silicon Valley VCs, technologists are working furiously to innovate technologies like machine learning and AI and leverage them to force-multiply SOC analyst…

New Samba Vulnerabilities

A new set of vulnerabilities found in the SAMBA service protocol highlight the need for approaches that go beyond the simple use of static signature defense technologies. These two vulnerabilities…

Four “Red Flag” SOC Phrases

Security is a hot-button issue in businesses today to a degree we haven’t seen before. For the C-suite and other business leaders that begin paying more attention to what’s going on in the SOC, it…

Domain Hijacking Impersonation Campaigns

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII…

Cryptocoin Mining Attack Vectors Reshaping the Threatscape

The rise in value of cryptocurrencies is driving malicious actors to implement payloads that allow the use of CPU/GPU of compromised hosts in order to mine cryptocurrency.  The process of mining is…

Building Lightweight Streaming Time Series Models

With modern technology today, almost all personal devices participate in a highly connected interweb and leave a footprint of our digital behaviors. The power of analytic modeling can help us…

Connecting the Dots

As a technology marketer, I have spent 20 years working with technical teams to identify ways to articulate how and why solutions work the way they do. While I have worked in many complex industries,…

Love The Vendor That Loves You Back

The sales machine is a complex beast and many may misinterpret who a good sales team is ultimately meant to serve. When salespeople want you as a customer, it’s their goal to bring you into the fold…

Introducing CHIRON: A Case for Home Network Monitoring and Defense

Nowadays, all our homes have become microenvironments for complex networking, composed of almost every single home appliance with added processing and networking capabilities. Examples of these home…

Keeping the “Science” in “Data Science”: Calibrating Algorithms for Threat Detection

As attack payloads and methods have become more easily adaptable and customizable to individual campaigns and targets (e.g. polymorphic malware, customized payloads, credential theft, etc.), threat…

READ MORE