Techknow Africa (Network)’s Post

Another great example of EDR agent exploitation and turning that into a weapon! That is an excellent research article be Shmuel Kohen, who proves once more the importance of a holistic approach to security monitoring, which should not be tied to a single solution and one dimensional line of defence. It doesn't matter how mature EDR vendor is, any EDR may have security flaws. https://lnkd.in/dCy4UmQg

All products have vulnerabilities. What matters is how the vendor responds to issues. Sophos demonstrates via its own actions how to transparently address issues and keep customers safe. Today, Sophos released “Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats,” which documents our multi-year battle with Chinese nation-state threat actors who were making every effort to exploit now long-resolved defects in our firewall software in an effort to victimize Sophos, our customers, and uninvolved third parties. Check out our official LinkedIn post which includes a link to the full story here, https://lnkd.in/gSP676Tu. We have scheduled a global webinar for customers and partners to hear first-hand about Sophos’ research and how to defend against modern network device attacks. Ross McKerchar, CISO, and Daniel Cole, senior vice president of Network and Content Security, will deliver these live webinars, which will include details on how Sophos’ counter-intelligence teams turned the tables on these persistent attackers, and how Sophos built more resilience into its firewalls as a result. Special guest speaker Jack Cable, senior technical advisor from CISA, will discuss Secure by Design and how CISA’s initiative can further build resilience against cyberattacks by the People’s Republic of China. Registration link: https://lnkd.in/ge2RQgQy AMER/ EMEA: Monday, Nov. 4 – 11 am ET | 4 pm GMT AMER/ APJ: Thursday, Nov. 7 – 5 pm ET | 9 am AEDT (Nov. 8)

🔐 **Unlocking the Power of Junos: Your Shield Against Network Threats** 🔐 Thrilled to share a valuable guide on enhancing network security with Junos OS screen options for SRX Series Firewalls. This document is a treasure trove for network defenders, providing actionable insights to fortify your digital fortress against a myriad of threats. 🛡️ 📖 Dive into the guide to learn about: - Robust strategies to thwart **SYN floods**, **UDP floods**, and **port scans** - Best practices for setting up screen options to safeguard both internal and external networks - Proactive measures to detect and neutralize threats before they escalate Empower your network with Juniper's cutting-edge security features and ensure uninterrupted business operations. Let's raise the bar for network security together! #JuniperNetworks #NetworkSecurity #CyberDefense #SRXFirewalls #JunosOS #ThreatPrevention #DigitalFortress

The second installment of my "In Firewalls We Trust?" series delves into the concept of defense in depth. In this segment, I explore the intricacies of this strategy. Please feel free to share comments below: https://lnkd.in/gnWCTzxE

🚨 Ports Most Targeted by Attackers: 🥷🏻 Attackers often focus on these ports due to their widespread use and critical role in network communication and administration. ❗It is crucial to implement strong security measures such as disabling unused ports, using firewalls, keeping software up-to-date, and employing strong passwords and encryption to protect these entry points from attacks. 📌 The most commonly targeted ports by attackers in 2024 include a variety of well-known and essential services. Here are some of the key ports frequently attacked: 📌 Save this post for later ! 📝 Designed by: LifestyleTech ✅ Follow: LifestyleTech #ipport #network #Infrastructure #security

🚨 𝗙𝗕𝗜 𝗖𝗮𝗹𝗹𝘀 𝗼𝗻 𝗣𝘂𝗯𝗹𝗶𝗰 𝘁𝗼 𝗛𝗲𝗹𝗽 𝗜𝗱𝗲𝗻𝘁𝗶𝗳𝘆 𝗖𝗵𝗶𝗻𝗲𝘀𝗲 𝗛𝗮𝗰𝗸𝗲𝗿𝘀 𝗕𝗲𝗵𝗶𝗻𝗱 𝗚𝗹𝗼𝗯𝗮𝗹 𝗖𝘆𝗯𝗲𝗿 𝗜𝗻𝘁𝗿𝘂𝘀𝗶𝗼𝗻𝘀 🌐👀 The FBI has issued a public appeal to help identify individuals linked to cyber intrusions targeting both government and private sectors worldwide. This marks a critical effort to address sophisticated attacks that breach edge devices and compromise sensitive data. 🔓🖥️ 𝗛𝗲𝗿𝗲'𝘀 𝘄𝗵𝗮𝘁 𝘄𝗲 𝗸𝗻𝗼𝘄: ↳Suspected Advanced Persistent Threat (APT) groups — including APT31, APT41, and Volt Typhoon — have been exploiting zero-day vulnerabilities in Sophos firewalls and other devices. 🛡️ ↳The malware, like Pygmy Goat and Gh0st RAT, has allowed attackers to infiltrate networks across various sectors: critical infrastructure, healthcare, military, finance, and more. 💼🏥💰 ↳Sophisticated methods, including rootkits and specially crafted ICMP packets, are used to evade detection, reinforcing the need for proactive cyber defense. 🕵️♂️ This call for assistance highlights the global nature of cybersecurity threats and the importance of public cooperation in tackling these challenges. 🔐 Let’s support efforts to secure our networks and protect sensitive information from persistent threats! 🛡️ Read more: https://lnkd.in/gG7wAxfa #CyberSecurity #APT #DataProtection #ThreatIntelligence #GlobalSecurity #FBI

🚨 Cybersecurity Alert: Iranian APT Group UNC1860 Linked to MOIS 🚨 A recent report by Mandiant has uncovered concerning details about the Iranian Advanced Persistent Threat (APT) group UNC1860, also known as Crimson Sandstorm. Key findings: 🔍 UNC1860 is likely operating on behalf of Iran's Ministry of Intelligence and Security (MOIS). 🌐 The group has been active since at least 2020, targeting government and energy sectors. 💻 They use custom malware and open-source tools for cyber espionage operations. Why it matters: • This revelation highlights the ongoing threat of state-sponsored cyber attacks. • Understanding the tactics of APT groups is crucial for improving cybersecurity defenses. • The energy sector remains a prime target for cyber espionage, requiring heightened security measures. What are your thoughts on the increasing sophistication of state-sponsored cyber threats? How can organizations better protect themselves against such targeted attacks? #Cybersecurity #APT ##InfoSec #ISO27001 More info 👉 https://lnkd.in/dpm7f883

The suspected China-based cyber espionage actor has been attributed with a prolonged cyber espionage attack that lasted approximately three years against an unnamed organization based in East Asia, in which the adversary allegedly established persistence using legacy F5 BIG-IP appliances, which served as a command-and-control system for the adversary, to evade defences. As a result of the cyber intrusion in late 2023, cybersecurity company Sygnia has been tracking the activity under Velvet Ant. Based on their observations, Velvet Ant has been characterized by being capable of pivoting and adapting their tactics to counter repeated attempts at eradication. Sygnia researchers explained in a blog post on June 17 that F5 Big-IP load balancer appliances are often placed at the perimeter of a network or between the segments of it, which are often trusted. https://lnkd.in/g7bubYS8

Velvet Ant's silent invasion.: This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks. This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats. #cyber #cybersecurity #cybersecurityjobs #informationsecurity #management #innovation #cyberjobs #technology

In 2023, Barracuda XDR, including its team of SOC analysts on 24-hour watch, cut through nearly two trillion (1,640 billion) IT events to isolate tens of thousands of potentially high-risk security threats. Check out the team’s findings in this blog post by Barracuda’s Director of SOC Offensive Security, Merium Khalid, which examines the most common ways attackers tried — and failed — to gain persistent access to networks through intruder activity, such as business email compromise (#BEC), using malicious code, and exploits: https://lnkd.in/gRz9c6sR #XDR #SOC #threatintelligence