In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]
Delaware, USA ā November 9, 2017 ā Cybercriminals from Fancy Bear, also known as APT28, started using DDE techniques in their phishing campaigns. Researchers from McAfee on Tuesday published a report in which they revealed the details of the recent campaign of this hacker group. The primary activity of this group is cyber espionage. On […]
Delaware, USA ā November 8, 2017 ā A month ago, SensePost published an article about the threat of exploiting the Dynamic Data Exchange feature used in Microsoft Office. The usage of DDE allows attackers to execute PowerShell scripts and download malicious files from external servers. A few days after that, Cisco Researchers detected sophisticated APT […]
Delaware, USA ā November 8, 2017 ā ChessMaster is a cyber espionage campaign that has been conducted for several months against organizations, mainly located in Japan. Trend Micro links this campaign with a group of APT 10, also known as Stone Panda. Attackers use a wide range of backdoors and Trojans, and the number of […]
Delaware, USA ā November 7, 2017 ā After a two-year break, attacks using the banking Trojan Corebot are resumed. The campaign against a number of Canadian banks was discovered by researchers from Deep Instinct, who continues to analyze this malware. The attackers changed their tactics and armed the Trojan with tools to avoid detailed analysis […]
Delaware, USA ā November 6, 2017 ā Researchers at the University of Maryland conducted a study on the leveraging of compromised digital certificates for signing malware. They managed to find 111 certificates that are used to bypass antivirus solutions. More than a third of them were issued for front companies that are not related to […]
Delaware, USA ā November 3, 2017 āĀ Adversaries leverage a new technique to infect victims. Researchers from Cisco Talos have discovered a botnet from more than 30 websites used to spread a new version of the Zeus Panda banking Trojan. Hacked sites are quite often used by attackers, for example, as a botnet for cryptocurrency miners […]
In my previous article, I wrote about how to update your IBM QRadar. But the correct operation of any SIEM is not only updating the build, or collection and storage of events from various data sources. The primary task of SIEM is to identify security incidents. The vendor provides preconfigured detection rules for IBM QRadar, […]
Delaware, USA ā November 1, 2017 ā Cybereason shared the results of their current investigation, which reports on the next use of the Ransomware as a Wiper. Unknown threat actors performed attacks on medium and large Japanese organizations since December 2016. Using macros in malicious documents, they installed Ammy Admin RAT and got full access […]
Delaware, USA ā November 1, 2017 ā Researchers from Kaspersky Lab have discovered the new APT attack using Silence Trojan that targets financial institutions in Russia, Armenia and Malaysia. The attack started in July 2017 and continued to this day. Adversaries infiltrate the organizations’ networks through malicious CHM attachments in phishing emails. When victim opened […]