April | The Watch: Staying Ahead of New Spring Threats
?? IN THIS ISSUE:
2023 Gartner? Market Guide for MDR
The rate at which new cyberthreats are developed and deployed can leave security experts and analysts feeling overwhelmed, especially as they struggle to maintain complex and expensive in-house SecOps programs.
The 2023 Gartner? Market Guide for Managed Detection and Response (MDR) explains how MDR can help address key cybersecurity pain points even when budgets are limited and total headcount is low.
?? Insights Blog: Hidden Costs of Maintaining a Modern SOC
Written By: Michael Mayes
Building and maintaining an in-house security operations center (SOC) can be a costly and dynamic task, requiring constant improvement to keep up with new threats and data growth.
The necessary funding for a capable team, technology, and up-to-date threat intelligence systems can easily exceed seven figures in salaries alone.
For an efficient and effective SOC, the right people, processes, and technologies are essential.
?? Deepwatch Cyber Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.
?? Early Discovery by Deepwatch ATI Finds Adobe ColdFusion Threats
What Happened?
In early March, the Deepwatch Adversary Tactics and Intelligence (ATI) team responded to a customer incident where an EDR alert triggered on a host running Adobe ColdFusion. The result of the investigation found threat actors utilizing an undisclosed vulnerability in Adobe ColdFusion to gain initial access by sending a specifically crafted GET REQUEST that allows Remote Code Execution. Shortly after Adobe issued a global threat warning and CISA added the vulnerability to its known threat catalog.
?? National Cybersecurity Strategy: What You Need to Know
What You Need to Know
The Biden Administration has released the National Cybersecurity Strategy to enhance collaboration around five key pillars to bolster the nation's cybersecurity. These pillars include defending critical infrastructure, disrupting and dismantling threat actors, shaping the market to improve security and resilience, investing in secure and resilient next-generation technologies and infrastructure, and forging international partnerships.
?
?? AresLoader: A New Loader Masquerading as Legitimate Software
What You Need to Know
Flashpoint recently analyzed a new loader advertised on a Russian-language cybercrime forum and discovered that it is designed to masquerade as legitimate software and load any chosen payload. After registering with the command and control server (C2), the loader downloads and executes the expected legitimate file and creates a Registry AutoRun key for persistence.?
?? Threat Actors Exploited Microsoft Outlook for Windows (CVE-2023-23397) as Early as April 2022
What Happened?
Microsoft recently determined Russian-based threat actors are actively exploiting an elevation of privilege vulnerability in Microsoft Outlook for Windows, tracked as CVE-2023-23397, which allows new technology LAN manager (NTLM) credential hash theft. According to an analysis of .msg files uploaded to VirusTotal that exploit the vulnerability by Deep Instinct, the earliest known attack occurred in April 2022 against the Foreign Ministry of Romania.
领英推荐
Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
?? Join Deepwatch, a Great Place to Work!
We are thrilled to announce that Deepwatch has once again been acknowledged as a Great Place to Work! This globally recognized certification is backed by research and validates our commitment to our employees and customers.?
At Deepwatch, our unique, fully remote work environment is designed with employee needs in mind, giving you the flexibility and benefits to shape your career as you see fit.
If you’re interested in joining a team of passionate professionals driving positive change in the industry, explore our current open opportunities and learn more about what makes Deepwatch a great place to work. Visit our careers page?here .
?? Trending Infosec News
?? Employee Spotlight
We take pride in fostering a positive work culture and empowering our employees to reach their full potential.
Today, we spotlight Ben Nichols, Threat Intelligence Researcher at Deepwatch!?
?? ICYMI...
On-Demand Webinar: Don't Rely on Luck to Build a Thriving Security Program
As economic conditions lead to mounting financial concerns, many security teams with limited resources are sacrificing security initiatives for cost containment. This is all while expanding attack surfaces pull more time and attention than ever before.?
Click here to watch the on-demand webinar and learn strategies for transforming the security department from a cost center to a business enabler. Discover the cost-effective benefits of using managed services such as EDR, MDR, and extended detection to address security gaps and reduce risk while allowing in-house teams to focus on other business objectives.
?? UPCOMING EVENTS...
Deepwatch will be attending RSA 2023!
For more information and to book a meeting with Deepwatch experts, Click Here .
About Deepwatch
Deepwatch is the leader in managed detection and response, protecting organizations from growing cyber threats 24/7/365. Powered by the Deepwatch SecOps Platform, we provide the industry’s fastest, most comprehensive detection and automated response to cyber threats along with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. Visit www.deepwatch.com to learn more.
Sales Associate at American Airlines
1 年Great opportunity
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Well said.