Tag Archive for: teams

Teams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmare

/in


When building Teams security, first determine the level of risk your organization is willing to accept. For example, do you want Teams to be open to anonymous users or limit it strictly to internal users?

To adjust this setting, perform the following steps:

If you decide that guest access is to be allowed on your network, you need to be aware of the potential for Teams to be used as a means for attack. You can improve security by deploying more phishing-resistant authentication methods, such as number matching, rather than merely allowing automatic approval of the prompt.

Next, consider implementing Conditional Access rules. This requires additional licensing to implement but may be wise, as attackers turn more and more to using the cloud as a launching point for attacks.

Conditional access rules will allow you to restrict Microsoft 365 logins by using stronger authentication techniques as well as increasing the various strengths of built-in authentication: Multifactor authentication strength, Passwordless MFA strength, and Phishing-resistant MFA strength.

You may decide to limit your Teams interactions to approved domains rather than leaving it open to new and anonymous users. And of course, educating end users only to accept files from trusted partners is crucial.

Source…

OSINT Platform to SOC & MDR Teams for Malware Analysis

/in


ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis. 

Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks. 

The data from interactive analysis sessions within the ANY.RUN sandbox can further enrich the observations that centralize threat analysis information from various sources for efficient investigation.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

OpenCTI observations with data from ANY.RUN sandbox

OpenCTI, a Threat Intelligence Platform (TIP), ingests threat data from various sources (feeds, sandboxes) using connectors and stores this data as “observations” (indicators like IPs and hashes).

Specifically, OpenCTI offers connectors for:

  • MITRE ATT&CK: facilitates mapping collected data to known attack techniques.
  • ANY.RUN Threat Feeds: imports enriched threat indicators daily.
  • ANY.RUN Sandbox: allows adding details from sandbox analysis (malware family, maliciousness scores) to observations.
OpenCTI interface

ANY.RUN is a cloud-based malware sandbox service that analyzes suspicious files in a safe virtual environment, offers real-time detection using pre-defined rules and allows interactive analysis for in-depth investigation. 

During this analysis, Its enrichment connector for OpenCTI streamlines threat analysis by automatically investigating suspicious files and when enriching an observation (potential threat evidence) in OpenCTI, it can leverage the connector to submit the file to ANY.RUN’s cloud sandbox. 

It creates a safe virtual environment to analyze the file’s behavior and then…

Source…

Veeam’s New ‘Cyber Secure Program’ Teams Tech with Ransomware Response Experts — Virtualization Review

/in


News

Veeam’s New ‘Cyber Secure Program’ Teams Tech with Ransomware Response Experts

Along with purpose-built technology to combat ransomware, Veeam Software’s new Cyber Secure Program also offers up a team of experts to help organizations wield that tech to fight threat actors.

“When there is an attack, customers are connected with Veeam’s dedicated Ransomware Response Team and the program offers post-incident support to enable rapid recovery,” said the specialist in data protection and ransomware recovery.

The three-pronged approach of Veeam Cyber Secure includes the expert help for secure design and implementation along with ransomware recovery support backed up by a recovery warranty for help in all three phases of an attack: pre-incident, during incident and post-incident.

The teams of experts include a dedicated support account manager and “Ransomware SWAT Team” to help with immediate action in case of a cyber incident

The new offering comes in the wake of the company’s 2024 Data Protection Report that revealed ransomware is still plaguing IT as the No 1. cause of server outages.


Causes of Outages
[Click on image for larger view.] Causes of Outages (source: Veeam).

“Consider the past 12 months: 76 percent of organizations have been attacked at least once, with 26 percent reporting being attacked at least four times and only 13 percent believe they can recover successfully after an attack,” Veeam said. “It’s clear that organizations need a comprehensive cyber protection and support program, ultimately ensuring they are well-prepared when cyberattacks occur.”

A Jan. 31 news release further fleshed out the new program’s three key components.

  • Confident Security: Attentive and dedicated design and implementation assistance to ensure Veeam best practices in securely implementing Veeam solutions to the highest security standards. Customers receive advanced seven-phase onboarding support and rigorous quarterly security…

Source…

Hackers using Microsoft Teams for phishing attacks to spread malware: Report

/in


Cybercriminals are leveraging Microsoft Teams for a new malware campaign, using group chat requests to push DarkGate malware paylo…
Read More
Cybercriminals are using Microsoft’s video conferencing platform Teams for a new malware campaign. According to a report by AT&T Cybersecurity research, hackers are using Microsoft Teams group chat requests as new phishing attacks to push malicious attachments that can install DarkGate malware payloads on victims’ systems. Researchers claim that the attackers may have used a compromised Teams user (or domain) to send over 1,000 malicious Teams group chat invites.

How these Microsoft Teams group chat requests can be harmfulThe report claims that once the malware is installed on a victim’s system, it will reach out to its command-and-control server. This server has already been identified as part of DarkGate malware infrastructure by Palo Alto Networks, report Bleeping Computer.

As per the report, the hackers were able to push this phishing campaign as Microsoft allows Teams users to message other users by default.

AT&T Cybersecurity network security engineer Peter Boyle has warned: “Unless absolutely necessary for daily business use, disabling External Access in Microsoft Teams is advisable for most companies, as email is generally a more secure and more closely monitored communication channel. As always, end users should be trained to pay attention to…

Source…