The RansomHub ransomware gang has been found using Kaspersky’s TDSSKiller tool to disable EDR software on target systems, allowing for credential harvesting with LaZagne.
Cyware News – Latest Cyber News – Read More
The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
Security Latest – Read More
A vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
darkreading – Read More
Microsoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.
Cyware News – Latest Cyber News – Read More
On September 8, 2024, a significant exploit chain was discovered, starting from a publicly exposed . git directory, leading to a full server takeover. The vulnerabilities stem from websites exposing their . git folders.
Cyware News – Latest Cyber News – Read More
Lehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach.
The post Healthcare Provider to Pay $65M Settlement Following Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
The ToneShell backdoor, attributed to the Mustang Panda cyber espionage group, has resurfaced in a new attack targeting attendees of the 2024 IISS Defence Summit in Prague.
Cyware News – Latest Cyber News – Read More
We have some thrilling news to share with you today. Our team at ANY.RUN is happy to announce the launch of our new integration with Splunk!
If you’re a Splunk user, you can now leverage ANY.RUN’s Interactive Sandbox and Threat Intelligence Lookup directly from your Splunk SOAR environment.
This means that you can analyze potentially malicious files and URLs in the sandbox and enrich your investigations with threat data from TI Lookup without leaving the familiar Splunk interface.
Our main goal with this integration is to give you more options and help you make the most out of ANY.RUN while working with familiar systems.
The integration supports a wide range of actions, from simple reputation checks to full detonation and analysis of suspicious objects.
The integration allows analysts to query ANY.RUN’s threat intelligence database directly from Splunk SOAR.
One of the most powerful features of this integration is the ability to automatically detonate files and URLs in ANY.RUN’s sandbox.
This process can be triggered as part of a Splunk SOAR playbook, allowing for analysis of attachments in phishing emails or suspicious downloads detected by network monitors. You can also access any analysis session you launch in the sandbox to perform manual actions or gain a deeper understanding of the threat.
The ‘get report’ action retrieves key analysis details, including the verdict on the sample’s threat level. You can also see the rest of the analysis results by navigating to the corresponding part of the interface.
If you have ANY.RUN’s TI License, you can use the ‘get intelligence’ action to perform complex queries against ANY.RUN’s threat intelligence database.
Search for specific file hashes, IP addresses, domains, or even MITRE ATT&CK techniques you uncover in previous analyses.
Consider a scenario where a Splunk SOAR playbook is triggered by a potential phishing email.
The playbook could automatically extract any URLs and attachments from the email, then use the ‘url reputation’ action to check if the URLs have been previously analyzed by ANY.RUN.
For new or suspicious URLs, the playbook could use the ‘detonate url’ action to analyze them in a sandbox environment.
Similarly, for attachments, the ‘detonate file’ action could be used to safely execute and analyze them.
The playbook could then retrieve detailed reports and IOCs using the ‘get report’ and ‘get iocs’ actions.
Finally, it could use the extracted IOCs to automatically update firewall rules, trigger endpoint scans, or create new detection rules in the SIEM.
To leverage this new integration, users will need a Splunk SOAR environment and an ANY.RUN account with API access. Preferably, a ‘Hunter’ or ‘Enterprise’ subscription is recommended for full feature access.
The setup process is straightforward:
Configure a new ANY.RUN asset in Splunk SOAR.
Provide the ANY.RUN base URL (typically https://api.any.run).
Enter the API key from your ANY.RUN profile page.
Set a default timeout for API requests.
Once configured, the ANY.RUN actions will be available for use in Splunk SOAR playbooks and for manual invocation by analysts.
ANY.RUN helps more than 400,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, Yara Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.
Detect malware in seconds
Interact with samples in real time
Save time and money on sandbox setup and maintenance
Record and study all aspects of malware behavior
Collaborate with your team
Scale as you need
The post ANY.RUN Now Integrates with Splunk! appeared first on ANY.RUN’s Cybersecurity Blog.
ANY.RUN’s Cybersecurity Blog – Read More
With an immature codebase and a “rather chaotic encryption scheme” prone to failure, the group targets small businesses with custom malware.
darkreading – Read More
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily.
The enforcement is expected to come into effect starting October 1, 2024.
“Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,” the
The Hacker News – Read More