Jump to content

Search the Community

Showing results for tags 'detection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 2 results

  1. Office 365 will help admins find impersonation attack targets Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. Defender for Office 365 (previously known as Office 365 Advanced Threat Protection) protects the emails of Office 365 enterprise accounts from various threats including but not limited to credential phishing and business email compromise. Impersonation happens when a threat actor uses a sender or domain in an email message designed to closely resemble a real sender or domain ([email protected] instead of [email protected] and ćóntoso.com instead of contoso.com). Impersonation attacks take advantage of this tactic with the end goal of deceiving recipients that the email they just read comes from a trusted source. New impersonation detection filters Security admins will be able to use new filters dubbed Impersonated user and Impersonated domain together with the Threat Explorer and real-time detections to detect organization users and domains targeted in impersonation attacks. These filters add to already present capabilities that make it possible to get a list of phishing emails caught by Defender for Office 365's existing impersonation detection filters. "Today we provide filters for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection," Microsoft explains. "We are adding new filters called Impersonated user and Impersonated domain to enable Security Operations teams to explicitly hunt for specific users or domains within their organization that are targets of impersonation attacks." The new information will be available for security team admins via the Impersonation insight pages as well as on a newly added Email Entity page. Microsoft Defender for Office 365 support for hunting impersonated domains and users is still currently in development. However, Microsoft is working on making it generally available worldwide in all environments, to all Microsoft Defender for Office 365 users, by the end of February. Impersonation protection not enabled by default Even though Microsoft Defender for Office 365 comes with built-in anti-phishing protection, impersonation protection is not configured or enabled in the default policy. To take advantage of the new capabilities, admins have to also enable impersonation protection features by modifying the default anti-phishing policies settings. Later this month, Microsoft will also start to notify users of Microsoft Defender for Office 365 of suspected nation-state hacking activity detected within their tenants. The company also added priority protection for accounts of high-profile employees including executive-level managers who are frequently targeted in attacks. Source: Office 365 will help admins find impersonation attack targets
  2. CISA releases new SolarWinds malicious activity detection tool The Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program (CHIRP), the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems. "Similar to Sparrow—which scans for signs of APT compromise within an M365 or Azure environment—CHIRP scans for signs of APT compromise within an on-premises environment," CISA explained. "In this release, CHIRP, by default, searches for IOCs associated with malicious activity detailed in AA20-352A and AA21-008A that has spilled into an on-premises enterprise environment." The two alerts refer to the SolarWinds hackers' compromise of government agencies, critical infrastructure, and private sector organizations using trojanized SolarWinds Orion products and compromised apps the victims' Microsoft 365 (M365)/Azure environment as initial access vectors. How CHIRP works When performing the scan, CHIRP outputs JSON formatted data for further analysis in a SIEM or similar tools. CISA advises organizations to use CHIRP to analyze their environment when they want to: Examine Windows event logs for artifacts associated with this activity; Examine Windows Registry for evidence of intrusion; Query Windows network artifacts; and Apply YARA rules to detect malware, backdoors, or implants. Enterprise admins can use CHIP to look for: The presence of malware identified by security researchers as TEARDROP and RAINDROP; Credential dumping certificate pulls; Certain persistence mechanisms identified as associated with this campaign; System, network, and M365 enumeration; and Known observable indicators of lateral movement. Previously released malicious activity detection tools CISA previously released a PowerShell-based tool dubbed Sparrow that helps detect potentially compromised apps and accounts in Azure/Microsoft 365 environments. Cybersecurity firm CrowdStrike released a similar detection tool named the CrowdStrike Reporting Tool for Azure (CRT) and designed to help admins analyze Azure environments. FireEye also published a free tool dubbed Azure AD Investigator that helps organizations discover artifacts indicating malicious activity by the state-backed threat actor behind the SolarWinds supply-chain attack. The tools were shared after Microsoft disclosed how stolen credentials and access tokens were actively used by threat actors to target Azure customers. The SolarWinds hackers are tracked as UNC2452 (FireEye), StellarParticle (CrowdStrike), SolarStorm (Palo Alto Unit 42), Dark Halo (Volexity), and Nobelium (Microsoft). While their identity remains unknown, a joint statement issued by the FBI, CISA, ODNI, and the NSA says that the APT group behind the SolarWinds attack is likely a Russian-backed hacking group. Source: CISA releases new SolarWinds malicious activity detection tool
  • Create New...