What do Crowdsourced cybersecurity experts recommend?                                                                                                                                 

Crowdsourced Cybersecurity warned SolarWinds users about SUPERNOVA Malware

Lack of crowdsourced cybersecurity has made SolarWinds Orion vulnerable against a zero-day vulnerability on the authentication bypass section. The vulnerability that may make it possible to deploy the SUPERNOVA malware in target environments. Regardless of the reasons such as lack of crowdsourced cybersecurity contributing to this vulnerability, let us read what exactly Carnegie Mellon University…

Hornet’s Nest: A six-in-one malware

Researchers have revealed a new malware campaign that they dub the Hornet’s Nest. What makes this attack distinguished is the deployment of six different malware variants in one go. These include crypto-miners, info stealers, crypto-stealer, and a backdoor. Though the campaign doesn’t appear as sophisticated compared to say a zero-day, it does, however, deploy six…

Threat Hunting Images: Hunting Spraykatz with Sysmon Detection Rule

keep Your Credentials Safe: Hunting Spraykatz with Sysmon

[vc_row][vc_column][vc_column_text]Hackers use the Spraykatz tool to harvest credentials when they are conducting lateral movements. Lateral movement is when a cyber-attacker moves from one system or network to another to remain undetected, gain access to sensitive and high-value data, or gain escalated privileges. To do so, they require tools to access credentials. Spraykatz is a tool…

F5 BIG-IP critical vulnerability

Detect F5 BIG-IP Critical Vulnerability Exploitation Attempt with Free Sigma Detection Rule

[vc_row][vc_column][vc_column_text]F5 Networks, one of the world’s largest provider of enterprise networking gear and application services, has issued a security advisory this week warning enterprises and governments across the world to immediately patch a critical vulnerability that is very likely to be exploited. With a CVSS score of 10 out of 10, the critical vulnerability, tracked…

block indicators

Detect Indicator Blocking with these free splunk Detection Rules

An adversary may attempt to block indicators or events typically captured by sensors from being gathered and analyzed. This could include maliciously redirecting or even disabling host-based sensors, such as Event Tracing for Windows (ETW), by tampering settings that control the collection and flow of event telemetry.  These settings may be stored on the system in configuration files…