Avertium’s Post

What to Look for in a Network Detection and Response (NDR) Product https://lnkd.in/egT_nP2s

The increase in mass exploitation involving edge services and devices is likely to worsen. The post Edge Devices: The New Frontier for Mass Exploitation Attacks appeared first on SecurityWeek.

Day15 #100daysofskillsforgery A new discovery for my network analysis arsenal: tcpdump. It sounds like a dump of TCP packets, though, but it's not similar. TCP (Transfer Control Protocol) are layer 4 protocol that ensure control and packet errors checks and correction. This help ensure that packets are sent over the network to you without error. In a network SOC, the security team sometimes need to analyze the network queue in order to detect suspicious packets on the network. To do that, wireshark is a good tool for getting the said packets. But what about analyzing their contents. Wireshark is indeed good at it too, but tcpdump offers you a new viewpoint on how to perform the analysis once you can do it all now in the terminal and simplify the visualized data in order to get more relevant and accurate information. The command has many features that allow you to get some useful flags information like the headers flag, the protocol and other information on the application layer. New video airing tomorrow, 👌🏾 where I show some good tips I learned. That's a wrap then, thank you !! #cybersec #networkanalysis #tcpdumping #monitoring #learningjourney #100daysoskillsforgery

Ivanti disclosed a serious vulnerability in the Ivanti Connect Secure and Ivanti Policy Secure products. ❗This is different from the one in January.❗ The issue, #CVE-2024-22024, allows attackers to bypass authentication on the affected device to reach restricted resources. Read our blog to learn more about the vulnerability and how to find instances of it on your network: https://lnkd.in/e3je8dXC

The increase in mass exploitation involving edge services and devices is likely to worsen. The post Edge Devices: The New Frontier for Mass Exploitation Attacks appeared first on SecurityWeek.

Quick Bottom-Line-Up-Front blog on the Raptor Train / Flax Typhoon campaign from the team. Yes, the DDOS capability was neutered by the west, however, these infected devices still present a significant risk on a number of levels, to residential networks, SMB's and enterprises/infra, with remote command execution, persistence, and lateral movement capabilities still in play. Over 65 CVE's were exploited across 40 device vendors. Now that the four year long campaign has been burned, threat actor objectives and tactics may shift and be accelerated. If anyone would like a consolidated list of IPs and domains from several sources, please comment below and send me a private message, or send an email to the one at the bottom of the blog. https://lnkd.in/gk7CTfjs

Our Incident Response team is responding to multiple cases resulting from the exploitation of Ivanti Connect Secure (formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways. If you have these devices in your organization, please IMMEDIATELY review the following resources. CISA Emergency Directive https://lnkd.in/gBgFBCeM Mitigation Information CVE-2023-46805 and CVE-2024-21887 can be mitigated by importing mitigation.release.20240107.1.xml file via the download portal. Ivanti is providing mitigation while a patch is in development. https://lnkd.in/gKiAh8FF Ivanti Integrity Checker https://lnkd.in/gTmf4egr

#TunnelVision : The New #VPN Bypass Technique Exposing Users to Surveillance https://lnkd.in/dQxHc58i

Who's reading your emails right now? 👀 Skilled hackers roam compromised networks for months, undetected. Stealing IP, accessing sensitive data. Legacy security tools promise protection—if you re-engineer everything around them. But the hype rarely matches the result. HiveRadar Network Breach Detection powered by Canary Honeypot Sensors is different. Deploys in minutes, not months. Silent until an attacker appears. Just one alert - when it matters. Stop wasting time and money on security theater. Reach out to us to see how our solution can bolster your security posture! #CyberSecurity #NetworkSecurity {hashtag|\#|BreachDetection} {hashtag|\#|ThinkstCanary} {hashtag|\#|Canary} {hashtag|\#|Honeypot} https://lnkd.in/eMPEDNxP

Edge Devices: The New Frontier for Mass Exploitation Attacks: The increase in mass exploitation involving edge services and devices is likely to worsen. The post Edge Devices: The New Frontier for Mass Exploitation Attacks appeared first on SecurityWeek.