Security News

Maltego Technologies and Farsight Security announced that Farsight DNSDB Transforms for Maltego, first launched in 2018, have now been updated to include DNSDB Flexible Search. Farsight DNSDB, together with Maltego, with its node-based graph, enables threat hunters, incident responders and other investigators to easily identify patterns and connections associated with cybercrime activities, with more accurate threat intelligence and faster response to today's threats.

CISA has partnered with the Homeland Security Systems Engineering and Development Institute, which worked with the MITRE ATT&CK team, to issue guidance to help cyber threat intelligence analysts make better use of MITRE ATT&CK. MITRE ATT&CK is a knowledge base of adversary information widely used by network defenders as they analyze and report on security threats. A solid understanding of how to apply ATT&CK can be used to develop adversary profiles; conduct activity trend analyses; and be incorporated into reporting for detection, response, and mitigation purposes, the document states.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The MITRE ATT&CK knowledge base of adversary tactics and techniques is widely used by security teams, but recent studies cited by CISA showed that many cybersecurity professionals don't use it to its full potential.

More than 90 percent of CISOs rely on outdated, report-based threat intelligence that is often too old to inform decisions, according to Cybersixgill. The survey of 150 CISOs at firms with at least 10,000 employees or $1 billion in revenue was conducted by Global Surveyz in February and March 2021 to foster a better understanding of the state of threat intelligence, and the focus that today's companies are placing on these vital technologies.

Group-IB has officially announced the opening of its Middle East & Africa Threat Intelligence & Research Center in Dubai. Group-IB's leadership views the opening of its MEA Threat Intelligence & Research Center as a critical milestone toward achieving the strategic goal of building the first ever decentralized global cybersecurity company with fully operational R&D centers in the key financial hubs.

ZeroFOX announced the release of the largest App Library enabling security teams to streamline their response to external threats through effective threat intelligence enrichment, alert orchestration and incident remediation. Enterprise security teams can easily engage with hundreds of platforms including Elastic, Swimlane, D3 Security and Maltego within the ZeroFOX Platform.

In this presentation, Microsoft's John Lambert will talk about how it's more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats. The good news is there are industry frameworks and sharing mechanisms already in place to facilitate actionable threat intelligence and defense collaboration.

To give themselves an edge, many organizations set up threat intelligence programs. "I've seen a lot of threat intelligence programs that are just about pretty reports or some metric [such as] how many attacks we have seen on our website," said Shi.

Machine data solutions firm Splunk announced Tuesday that it has agreed to acquire TruSTAR, a San Francisco-based company that provides a threat intelligence platform designed to integrate various threat data sources and improve detection and response times. Founded in 2014, TruSTAR's platform collects and enriches internal and external data sources to automate the dissemination of intelligence to various tools and teams.

New DNS vulnerabilities have the potential to impact millions of devicesForescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange serversAuthorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. The benefits of cyber threat intelligenceIn this Help Net Security podcast, Maurits Lucas, Director of Intelligence Solutions at Intel 471, discusses the benefits of cyber threat intelligence.