Incident Response – Page 3 – PossibleThreat Articles

Token tactics: How to prevent, detect, and respond to cloud token theft

November 16, 2022 0 Comments cloud token theft, cybersecurity, Identity and access management, Incident Response, microsoft detection and response team (dart), Microsoft security intelligence, Threat protection

Credit to Author: Paul Oliveria| Date: Wed, 16 Nov 2022 16:00:00 +0000

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

The post Token tactics: How to prevent, detect, and respond to cloud token theft appeared first on Microsoft Security Blog.

Security Sophos

LastPass source code breach – incident response report released

September 19, 2022 0 Comments data breach, data loss, Incident Response, lastpass, password, password manager, Zero Trust

Credit to Author: Paul Ducklin| Date: Mon, 19 Sep 2022 16:59:05 +0000

Wondering how you’d handle a data breach report if the worst happened to you? Here’s a useful example.

Security Sophos

Rapid Response: The Ngrok Incident Guide

July 14, 2022 0 Comments Incident Response, mtr•rapid response, ngrok, SophosLabs Uncut, threat research

Credit to Author: Angela Gunn| Date: Thu, 14 Jul 2022 08:01:51 +0000

Ngrok is a legitimate remote-access tool. It is regularly abused by attackers, who use its capabilities and reputation to maneuver while bypassing network protections. This incident guide shows Security Operations Centers (SOCs) and response teams how to detect and respond to the suspicious presence or use of ngrok on the network.

Microsoft Security

Ghost in the shell: Investigating web shell attacks

February 5, 2020 0 Comments China Chopper, cybersecurity, Detection and Response Team (DART), Endpoint security, gallium, Incident Response, krypton, Microsoft Defender Advanced Threat Protection, microsoft detection and response team (dart), Microsoft security intelligence, security management, Threat protection, web shell, zinc

Credit to Author: Eric Avena| Date: Tue, 04 Feb 2020 17:30:40 +0000

Web shell attacks allow adversaries to run commands and steal data from an Internet-facing server or use the server as launch pad for further attacks against the affected organization.

The post Ghost in the shell: Investigating web shell attacks appeared first on Microsoft Security .

Microsoft Security

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

December 23, 2019 0 Comments CISO series, Ciso series page, Endpoint security, Incident Response, lessons learned, Microsoft Defender Advanced Threat Protection, Microsoft Defender ATP

Credit to Author: Todd VanderArk| Date: Mon, 23 Dec 2019 17:00:57 +0000

In this next post in our series, we provide insight into a day in the life of our SOC analysts investigating common front door attacks.

The post CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life appeared first on Microsoft Security .

Microsoft Security

Norsk Hydro responds to ransomware attack with transparency

December 17, 2019 0 Comments Incident Response, microsoft detection and response team (dart), security management

Credit to Author: Todd VanderArk| Date: Tue, 17 Dec 2019 21:00:57 +0000

Aluminum supplier Norsk Hydro was attacked by LockerGoga, a form of ransomware. Learn how the company recovered and got back to business as usual.

The post Norsk Hydro responds to ransomware attack with transparency appeared first on Microsoft Security .

Microsoft Security

Ransomware response—to pay or not to pay?

December 16, 2019 0 Comments Detection and Response Team (DART), Incident Response, microsoft detection and response team (dart), phishing

Credit to Author: Todd VanderArk| Date: Mon, 16 Dec 2019 17:00:07 +0000

As part of Microsoft’s Detection and Response Team (DART) Incident Response engagements, we regularly get asked by customers about “paying the ransom” following a ransomware attack.

The post Ransomware response—to pay or not to pay? appeared first on Microsoft Security .

MalwareBytes Security

How security orchestration improves detection and response

October 15, 2019 0 Comments automated threat response, explained, Incident Response, incident response protocols, orchestration, Security, security orchestration, siem, soar

Credit to Author: Pieter Arntz| Date: Wed, 02 Oct 2019 19:20:10 +0000

Security orchestration is a regulator that makes sure security solutions, often from different vendors, work well together to automate response and keep organizations safe.

Categories:

Explained

Tags: automated threat response Incident Response incident response protocols orchestration security security orchestration siem soar

MalwareBytes Security

Explained: how security orchestration improves protection and response

October 9, 2019 0 Comments automated threat response, explained, Incident Response, incident response protocols, orchestration, Security, security orchestration, siem, soar

Credit to Author: Pieter Arntz| Date: Wed, 02 Oct 2019 19:20:10 +0000

Security orchestration is a regulator that makes sure security solutions, often from different vendors, work well together to automate response and keep organizations safe.

Categories:

Explained

Tags: automated threat response Incident Response incident response protocols orchestration security security orchestration siem soar

MalwareBytes Security

Explained: security orchestration

October 2, 2019 0 Comments automated threat response, explained, Incident Response, incident response protocols, orchestration, Security, security orchestration, siem, soar

Credit to Author: Pieter Arntz| Date: Wed, 02 Oct 2019 19:20:10 +0000

Security orchestration is a regulator that makes sure security solutions, often from different vendors, work well together to automate response and keep organizations safe.

Categories:

Explained

Tags: automated threat response Incident Response incident response protocols orchestration security security orchestration siem soar

(Read more…)

The post Explained: security orchestration appeared first on Malwarebytes Labs.