Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections.
Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as
The Hacker News – Read More
As a newly independent company, SAGE Cyber will offer a platform that helps CISOs make data-driven decisions and optimize their security defenses.
darkreading – Read More
AI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.
darkreading – Read More
Graph and streaming databases are helping defenders deal with complex, real-time threat and cybersecurity data to find weak points before attackers.
darkreading – Read More
Leading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to advance research and testing of the technology.
The post AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks appeared first on SecurityWeek.
SecurityWeek – Read More
By Waqas
The strange and tricky world of cybercrime and the dark web is getting stranger and trickier!
This is a post from HackRead.com Read the original post: Breach Forums Plans Dark Web Return This Week Despite FBI Crackdown
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Personalized phishing emails with fake collaboration opportunities and compromised video descriptions linking to malware are just some of the new tricks.
darkreading – Read More
Scarred Manticore is the smart, sophisticated one. But when Iran needs something destroyed, it hands the keys over to Void Manticore.
darkreading – Read More
We found the best VPN free trial offers so you can test a VPN’s speed and reliability before you commit.
Latest stories for ZDNET in Security – Read More
For many InfoSec teams, security information and event management (SIEM) is at the heart of what they do. A company’s security depends to a large extent on how well its SIEM system allows experts to focus directly on combating threats and avoid routine tasks. That’s why almost every update of our Kaspersky Unified Monitoring and Analysis Platform is aimed at improving the user interface, automating routine processes and adding features to make the work of security teams easier. Many of the improvements are based on feedback from our customers’ InfoSec experts. In particular, the latest version of the platform (3.0.3) introduces the following features and improvements.
Previously, analysts had to set filters and write correlation rules by clicking the conditions they needed. In this update, the redesigned interface now allows advanced users to write rules and conditions as code. Builder mode remains: filter and selector conditions are automatically translated between builder and code modes.
What’s more, builder mode also lets you write conditions using the keyboard. As soon as you start entering a filter condition, Kaspersky Unified Monitoring and Analysis Platform will suggest suitable options from event fields, dictionaries, active sheets, etc. To narrow down the range of options, simply enter the appropriate prefix. For your convenience, condition types are highlighted in different colors.
Code mode lets you quickly edit correlation rule conditions, as well as select and copy conditions as code and easily transfer them between different rules or different selectors within a rule. The same code blocks can also be moved to filters (a separate system resource), which greatly simplifies their creation.
Kaspersky Unified Monitoring and Analysis Platform retains Common Event Format (CEF) as the basis for the event schema, but we have added the ability to create custom fields, which means you can now implement any taxonomy. No more being limited to vendor-defined fields, you can name event fields anything you want to make it easier to write search queries. Custom fields are typed and must begin with a prefix that determines both its type and the array type. Fields with arrays can only be used in JSON and KV normalizers.
Kaspersky Unified Monitoring and Analysis Platform administrators no longer need to set up a separate collector for each event type or open ports for each collector on the firewall – in the new version we have implemented the ability to collect events of different formats with a single collector. The collector selects the correct normalizer based on the source IP address. Using a chain of normalizers is permitted. For example, the [OOTB] Syslog header normalizer accepts events from multiple servers and allows you to define a DeviceProcessName and direct bind events to the [OOTB] BIND Syslog normalizer and squid events to the [OOTB] Squid access Syslog normalizer.
The following event normalization options are now available:
1 collector – 1 normalizer. We recommend using this method if you have many events of the same type or many IP addresses from which events of the same type may originate. In terms of SIEM performance, configuring a collector with only one normalizer would be optimal.
1 collector – multiple normalizers, based on IP addresses. This method is available for collectors with a UDP, TCP or HTTP connector. If a UDP, TCP or HTTP connector is specified in the collector at the Transport step, then at the Event Parsing step, on the Parsing settings tab, you can specify multiple IP addresses and select which normalizer to use for events arriving from those addresses. The following types of normalizers are available: JSON, CEF, regexp, Syslog, CSV, KV, XML. For Syslog or regexp normalizers, you can specify additional normalization conditions depending on the value of the DeviceProcessName field.
These are by no means the only updates to Kaspersky Unified Monitoring and Analysis Platform. There are also changes related to context tables, simplified binding of rules to correlators and other improvements. All of them are designed to improve the user experience for InfoSec professionals – see the full list here. To learn more about our SIEM system, Kaspersky Unified Monitoring and Analysis Platform, please visit the official product page.
Kaspersky official blog – Read More
