incident response
Experts demand clarity as they struggle with cloud security prioritization
Cloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively …
Ransomware dwell time hits new low
Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks …
UAC: Live response collection script for incident response
Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, …
Citrix ADC zero-day exploitation: CISA releases details about attack on CI organization (CVE-2023-3519)
The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the …
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga …
Data-driven insights help prevent decisions based on fear
Organizations have strengthened security measures and become more resilient, but threat actors are still finding ways through, according to BakerHostetler. “We launched the …
Microsoft unveils AI-powered Security Copilot analysis tool
Microsoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations (SecOps) professionals’ work. …
Microsoft announces Microsoft Incident Response Retainer
Microsoft has introduced Microsoft Incident Response Retainer, allowing customers to pre-pay and count on help from Microsoft incident responders before, during and after a …
CISA releases free tool for detecting malicious activity in Microsoft cloud environments
Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) cloud environments have a new free solution …
DNS abuse: Advice for incident responders
What DNS abuse techniques are employed by cyber adversaries and which organizations can help incident responders and security teams detect, mitigate and prevent them? The DNS …
How to succeed in cyber crisis management and avoid a Tower of Babel
Although cyberattacks have become more common, handling them remains extremely challenging for organizations. Even if things go well on the technical level, incident response …
How to improve your incident response plan for 2023
You may already have an IR plan but regardless of how thorough you might feel it is at this moment, the evolving cyber threat landscape and shifting circumstances within your …