TikTok faces ban in US unless it parts ways with Chinese owner ByteDance

andreasc
-
0
TikTok faces ban in US unless it parts ways with Chinese owner ByteDance
[ad_1]

The House of Representatives has passed a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app.

TikTok is an immensely popular social media platform that allows users to create, share, and discover, short video clips. It’s experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5 billion users, with an estimated 170 million of them in the US.

Since 2020, several governments and organizations have banned, or considered banning, TikTok from their staff’s devices, but a complete ban of an internet app would be a first in the US.

Other countries have done this before. In 2020, India was the first country to ban TikTok, along with around 200 other Chinese apps that were all blocked from operating within the country. The ban cost TikTok some 200 million users.

General Paul Nakasone, Director of the National Security Agency (NSA) certainly fueled the feeling of necessity for such a ban. Speaking at a US Senate hearing in March 2023, the general said “one third of Americans get their news from TikTok”, adding “one sixth of American youth say they’re constantly on TikTok. That’s a loaded gun.”

And a former executive at TikTok’s parent company ByteDance claimed in court documents that the Chinese Communist Party (CCP) had access to TikTok data, despite the data being stored in the US. The allegations were made in a wrongful dismissal lawsuit which was filed in May in the San Francisco Superior Court.

Ever since then, TikTok has been battling to convince politicians that it operates independently of ByteDance, which has deep ties to the CCP. For example, TikTok has repeatedly claimed the Chinese government never demanded access to US data and that TikTok would not comply if it did.

All this, and the fear of foreign influence on the upcoming elections, led to the bipartisan legislation introduced in the House with the expectation to send it to the Senate later this week.

Essentially, the bill says that TikTok has to find a new owner that is not based in a foreign adversarial country within the next 180 days or face a ban until it does comply.

The Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in the US, says it opposes this bill, mainly because it is afraid that TikTok will not be the last app to face this type of ban. It mentions Tencent’s WeChat app as an example of what could be the next target.

A year ago, supporters of digital rights across the country successfully stopped the federal RESTRICT Act aka the “TikTok ban.” The RESTRICT Act was introduced in the United States Senate on March 7, 2023 and requires federal actions to identify and mitigate foreign threats to information and communications technology products and services (e.g., social media applications). It also establishes civil and criminal penalties for violations under the bill.

The EFF argues that the bill will not stop the sharing of data but it will reduce online rights in a way that is unconstitutional. And it says the focus should be on the common practice of data collection in the first place, rather than single out one app.

The point made by the EFF stipulates that data brokers will continue to sell our information to whomever is willing to pay. And the apps providing brokers with data are certainly not limited to those that hail from a foreign adversarial country.

Chinese officials reportedly said the government would “firmly oppose” any forced sale of TikTok because it would “seriously undermine the confidence of investors from various countries, including China, to invest in the United States.”

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using Malwarebytes Identity Theft Protection.


[ad_2]
Source link

YouTube TV revamps the comment section to be unobtrusive

andreasc
-
0
YouTube TV revamps the comment section to be unobtrusive
[ad_1]

Google’s platform, YouTube TV, has just announced a critical design update that aims to improve the viewing experience and add more interactive features for users side-by-side with the content. Amazingly, users spend about a billion hours watching YouTube TV every day. Hence Google wants to simplify how people navigate and interact with YouTube’s content.

Interact with the comment section on YouTube TV without blocking the content viewport

Google’s recent blog post explained why it decided to overhaul the design in a manner that would allow passive viewing and make it possible for videos to be interactive. For this reason, there is now a sidebar on the screen that brings comments, descriptions, and reviews among other elements like shopping links, views and likes into one area called sidebar layout.

Previously, to get further information about something, you had to venture into overlays thus disrupting the content view. Now via sidebar layout, viewers can see additional information as well as interact with videos smoothly without obstructing the main video by simply placing it in a little invisible place on the left side of the screen.

The streamlined design will offer customers a more immersive viewing experience while giving them the ability to access more content and interact with other users through comments and likes. People will surely appreciate this change and receive it well considering almost 1 billion hours of videos watched daily on YouTube’s TV platform.

YouTube viewers on TV will soon witness the refreshed user interface

Google has said that it will be rolling out the updated viewing experience in stages over the coming days, which will enable people across its platform to take advantage of these new developments. Besides, Google wants this re-design also applied on YouTube TV thereby further enhancing the platform’s accessibility and functionality for different types of users.

Through these improvements, YouTube strives to keep evolving its platform to cater to the various needs of its audience by having a more intuitive and engaging viewership for televisions and other connected devices. While waiting for the unveiling of the new design, people are eagerly anticipating improved features and ease of navigation it promises among others.


[ad_2]
Source link

Researchers find that Gemini is smart, but it’s very gullible

andreasc
-
0
Researchers find that Gemini is smart, but it’s very gullible
[ad_1]

Google Gemini is backed by one of the richest companies in the world. So, there’s no doubt that it’s a powerful AI model. However, power isn’t the only important thing about an AI model. Researchers were able to find that, for as powerful as Gemini is, it’s very easily fooled.

We have to give a lot of respect to the researchers out there digging into all of the models we take for granted. They’re able to find out where these models can improve and what we should be worried about. For example, a group of researchers discovered which models are the most susceptible to reproducing copyrighted media.

Researchers find that Gemini is easily fooled

Several researchers have found certain areas where Gemini could be tricked. Using several tactics, it’s possible to get a chatbot to reveal sensitive information against its will. One example shared with The Hacker News was getting Gemini to reveal the system prompts used to steer it. Think of a system prompt as the initial prompt you give a chatbot to steer the conversation in the direction you want it to go. Well, a system prompt may hold sensitive information within it.

Revealing sensitive information

When the researchers asked Gemini to give up the system prompt, it didn’t. However, the researchers then asked Gemini to put the “foundational instructions” in a markdown box. It obliged, and that revealed the system prompt. So, asking Gemini to deliver results in a different way caused it to reveal sensitive information.

This is a tactic called a “synonym attack.” Basically, in order to get the chatbot to respond in the way you want it to, you would reword your prompt. Rewording your prompt and using different versions of Words can actually confuse it into going against its safety guardrails.

Producing misinformation

Researchers also found out how to get Gemini to create misleading information along with potentially dangerous and illegal information. Gemini has a bunch of safety guardrails to keep people from doing such things. However, any chatbot is able to be tricked into ignoring them. Using crafty jailbreaking techniques, the researchers were able to produce some rather egregious content.

For example, researchers were able to get information on how to hotwire a car. This example was achieved by asking the chatbot to enter a fictional state.

Confusing Gemini

Another exploit was discovered by researchers at HiddenLayer. As described by Kenneth Yeung, “By creating a line of nonsensical tokens, we can fool the LLM into believing it is time for it to respond and cause it to output a confirmation message, usually including the information in the prompt.”

This only shows that Google still has a long way to go before Gemini can be considered the perfect AI model. The company has been struggling with Gemini ever since it was called Bard back in the day. Hopefully, Google will fix these issues.


[ad_2]
Source link

Three Motorola Edge 50 Pro launch events to occur in early April

andreasc
-
0
Three Motorola Edge 50 Pro launch events to occur in early April
[ad_1]

Motorola will announce a not-so-mysterious smartphone in India on April 3, it seems. Some of you may think this is the Motorola Edge 50 Pro, the one that we exclusively leaked, and it probably is, but… it’s a bit complicated. Motorola may launch it under a different name in India a day before its global launch.

The details regarding this event were actually shared by GSM Arena, not Motorola itself. Motorola will probably announce it via social media, but it did not do that at the time of writing this article.

The Motorola Edge 50 Pro to see three launch events across two days

That being said, Motorola says that we’ll ‘witness the fusion of art and intelligence’ during the event. This event is scheduled for April 3, while the date on the render we shared was April 4. It doesn’t really add up. As I said, April 4 could be a global launch date. The phone could launch in China and India a day early.

Motorola India event April 3

So, Motorola could announce the Motorola Edge 50 Pro in China and India on Wednesday, and then globally on Thursday. That’s what we believe will happen, at least. We’ll have to wait and see.

We don’t really have an idea what else could the company be cooking up. So, let’s assume this is the Edge 50 Pro and focus on it. You’ve seen the design of the phone already. It will include a curved display with thin bezels and a centered display camera hole.

The Motorola Edge 50 Pro will have three cameras on the back and rather tough competition

Three cameras will be placed on the back of the device, and the main one will offer an f/1.4 aperture. That is quite interesting, and we’re hoping that Motorola is aiming to offer variable aperture here.

In regards to camera details, that is still a mystery. Wide and ultrawide shooters are a given, while the third unit will likely be a telephoto or a periscope telephoto camera. We’re hoping for the latter.

This handset will become Motorola’s new flagship offering, so the company really has to step up its game. We’ve already seen a ton of truly compelling Snapdragon 8 Gen 3-powered flagships in the market. Motorola will not have an easy time competing.


[ad_2]
Source link

Rev up your sound system with the Evo 150 DeLorean Edition

andreasc
-
0
Rev up your sound system with the Evo 150 DeLorean Edition
[ad_1]

Gear up for a blast from the past (and a glimpse into the future) with the all-new Cambridge Audio Evo 150 DeLorean Edition! This special edition amplifier and network player is the first to celebrate the iconic partnership between Cambridge Audio and DeLorean, bringing legendary style and high-fidelity sound to your home.

Built for speed (and sound)

Drawing inspiration from the sleek lines and brushed stainless steel of the DeLorean DMC-12, the Evo 150 DeLorean Edition features a stunning, stripped-down design. But the beauty goes beyond skin deep. This powerhouse packs a punch with 150 watts of amplification, ready to drive your favorite tunes to life.

Two looks, one future-proof system

The Evo 150 DeLorean Edition doesn’t just sound amazing, it also lets you personalize your style. With two magnetic side panels included, you can choose between a classic, 80s-inspired design that echoes the DMC-12, or a futuristic look featuring the logo of the upcoming DeLorean electric car.

More than just looks

This isn’t just a pretty face. The Evo 150 DeLorean Edition boasts a comprehensive feature set, offering everything you need for a seamless listening experience. Stream music from your favorite services, connect your turntable or explore internet radio – all with effortless control through the intuitive StreamMagic app.

A sound investment for the future

The Evo 150 DeLorean Edition is more than just a collector’s item. It’s a future-proof investment in your audio setup, with an upcoming OTA update adding VU meters to the entire Evo range.

Ready to take the wheel?

The Evo 150 DeLorean Edition is available now in North America and Asia, and will be cruising into Europe in April 2024. Pair it with the acoustically matched Evo S speakers for a complete, cutting-edge hi-fi system that’s sure to turn heads (and ears).

The Evo 150 DeLorean Edition is priced at $3,199 in the US, €2,499 in Europe, and £2,099 in the UK. The Evo S is priced at $799 in the US, €749 in Europe, and £699 in the UK. Visit cambridgeaudio.com to learn more and place your order today. It’ll also be available via select retailers.


[ad_2]
Source link

Hackers Use Weaponized Lnk File to Deploy AutoIt Malware

andreasc
-
0
Hackers Use Weaponized Lnk File to Deploy AutoIt Malware
[ad_1]

Hackers have been found utilizing weaponized LNK files to deploy a strain of AutoIt malware, raising alarms across the cybersecurity community.

AutoIt Malware
AutoIt Malware

Unpacking the LNK Malware

The infection chain begins with a seemingly innocuous LNK file, which, upon closer inspection, reveals a malicious command disguised as an image file.

This command is designed to download and execute an HTA file using PowerShell from a remote server.

Researchers have taken the initiative to download and scrutinize the contents of this file safely.

Typically, HTA files contain HTML and JavaScript commands. However, this HTA file was packed with binary commands, hinting at an embedded file within.

Upon extraction, an image and an executable file were discovered.

To confirm the legitimacy of the executable, which masqueraded as the official calc.exe, a VirusTotal query was conducted.

Dropped HTA File
Dropped HTA File

Deobfuscating the Malware

To function, the HTA file must contain readable script code. After searching for the term “script,” JavaScript code was found and beautified.

This code contained a string of ASCII characters in decimal format, which appeared to be encoded.

Researchers could automatically deobfuscate the code using the Chrome console, revealing a custom encoding process.

embedded file inside
Embedded file inside

The researchers at Docguard meticulously analyzed the malware, stripping away the layers of obfuscation to understand the full scope of its capabilities.

Decrypting the Layers

The malware’s code was further encrypted with the AES algorithm. Decrypting this layer unveiled Layer 2 PowerShell commands.

To reach the final layer, Layer 3, the encrypted string in the Maf function, considered the main function, had to be decrypted using PowerShell.

without any execute, just execute the decrypt commands
Without any execute, just execute the decrypt commands

The payload, solaris.exe, was downloaded from the remote server and inspected with Detect it Easy, revealing an embedded ZIP file.

After extraction, the first file, named United, contained obfuscated CMD commands.

A custom script was written to parse these commands, making them readable and revealing their functions, which included process checks, file operations, and pinging the local host.

solaris.exe file
solaris.exe file

Cleaning the AutoIt Malware

The AutoIt file contained encoded strings, which were decoded using a function named lambdaok.

After cleaning the file of unused variables and functions, a reverse search was performed to identify and remove unnecessary commands.

The cleaned script revealed critical commands used by the attackers.

clean version
Clean version

The malware exhibited sophisticated sandbox and EDR (Endpoint Detection and Response) evasion techniques.

The final analysis examined the process tree output from Procmon, which provided insights into the malware’s behavior on an infected system.

Process Tree Output
Process Tree Output

IOC

(MD5)848164d084384c49937f99d5b894253e
(MD5)3d89cbe9713713fc038093637a602b29
(MD5)21a3a0d9aaae768fb4104c053db5ba98
(MD5)848164d084384c49937f99d5b894253e
(MD5)80376f01128e490f9d69dc67c724104f
(MD5)5d9e35b2d9e36e9ba926fd73260feabc
(MD5)8ab6a7b4be9af49dc2af1589644d1380
(MD5)8e6f4ac729932bc4ca1528848ac18f1b
(MD5)c05ecddfe47cf14835932fba0cc1d3e1
(MD5)848164d084384c49937f99d5b894253e
(MD5)1a189425d72fd5d2cb9045ffdfcb7c31
(MD5)7e012cfad9fc2540936792e39cfeb683
(MD5)6cef3ef2026901b5a99b1e19e3c01839
(MD5)034a0c0440743b5596be0c6fe4f6c4e5
(URL)mw-solaris[.]com
(IP)91[.92.251].35

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


[ad_2]
Source link

Microsoft is Opening AI-Powered “Copilot for Security” to Public

andreasc
-
0
Microsoft is Opening AI-Powered “Copilot for Security” to Public
[ad_1]
Microsoft Opens AI-Powered "Copilot for Security" to Public

Microsoft’s innovative security solution, Copilot for Security, will be available to the public from April 1, 2024, marking a significant advancement in the fight against cybercrime.

Microsoft Copilot for Security, initially accessible to select users through an exclusive early access initiative, is an innovative AI-driven tool aimed at fortifying defenders’ capabilities and efficiency in tackling security challenges. The feature is now becoming available to the public, enabling everyone to leverage its benefits.

What is Microsoft Copilot?

Copilot is an industry-first generative AI solution designed to empower security and IT professionals. It leverages the power of artificial intelligence to analyze vast amounts of data and provide crucial insights, allowing security teams to:

  • Catch hidden threats: Copilot’s AI capabilities can uncover subtle anomalies that human analysts might miss, bolstering overall threat detection.
  • Respond faster: By automating routine tasks and offering real-time guidance, Copilot streamlines security operations, enabling a quicker response to security incidents.
  • Boost expertise: The AI assistant serves as a valuable learning tool, helping security professionals stay up-to-date on the latest threats and best practices.

Microsoft Copilot for Security: Tailored for the Modern Defender

This specific feature of Copilot focuses on the unique needs of cybersecurity professionals. It integrates seamlessly with existing security workflows, offering features such as:

  • Natural language interaction: Security personnel can interact with Copilot using plain English, asking questions and receiving clear, actionable responses.
  • Enhanced incident response: Copilot assists in investigations by analyzing data, suggesting potential causes, and recommending next steps.
  • Proactive threat hunting: The AI proactively scans for vulnerabilities and suspicious activity, helping to identify potential threats before they escalate.
  • Improved posture management: Copilot continuously monitors an organization’s security posture, providing valuable insights for strengthening defences.

“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.”

Mario Ferket, Chief Information Security Officer, Dow Inc.

General Availability and Beyond

Microsoft announced the general availability of Copilot for Security on April 1, 2024. This means the solution is now accessible for purchase by any organization seeking to strengthen its cybersecurity efforts.

The future of Copilot appears bright, with Microsoft continuously developing new capabilities. The company emphasizes its commitment to working with security professionals to further refine the solution and ensure it remains a valuable asset in the growing cyber threat landscape.

  1. Microsoft’s new tool detects, reports pedophiles in chats
  2. Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!
  3. Microsoft’s Windows File Recovery tool recovers your lost data
  4. Microsoft launches Linux memory forensics tool to detect malware
  5. McAfee’s Mockingbird AI Tool Detects Deepfake with 90% accuracy

[ad_2]
Source link

A ton of Americans damaged their smartphones in the last year

andreasc
-
0
A ton of Americans damaged their smartphones in the last year
[ad_1]

A rather interesting report was shared by Allstate Protection Plans. The company says that a ton of Americans damaged their smartphones in the last year (both Android & iOS), 78 million of them, to be exact. This survey was conducted in May and December 2023, and it gathered 1,004 responses. Just to be fully transparent.

A lot of Americans damaged their smartphones in the last year

While this number is quite high, it’s lower than in 2020. Back then, 87 million Americans damaged their smartphones. Since then, however, the prices of smartphones have increased, and Allstate notes that the environmental impact also played a role in pushing people to be more careful. Also, more of them could be using cases these days.

What’s interesting is that 53% of smartphone owners from this survey said that the environmental impact is important to them. That percentage stood at 37% back in 2020.

They spend more time on their phones than a year ago

Some other, interesting findings were published by Allstate Protection Plans. 49% of Americans said that they spend more time on their phones than a year ago. The amount of money spent on screen repairs also surged to $8.3 billion in 2023. That is triple the amount from 2018 ($3.4 billion).

45% of smartphone owners who were a part of this survey spend five or more hours a day on their phones. 82% of them say that their phone replaced their digital camera. 39% of them say that they take six or more photos per day, while 31% capture more than six videos per day.

Many of them watch videos, TV shows, and movies on their phones instead of TVs

What’s also interesting is that over half (54%) of people who participated said that they’re watching more videos, TV shows, and movies on their phones than on their TVs.

This is not the end, more findings were unveiled. 31% of smartphone owners have damaged their smartphones in the past year, while 8% of them lost their devices. 5% of people who were questioned said that their phones got stolen.

Here are the most common accidents & malfunctions

In terms of accidents and malfunctions of devices, here are the most frequent ones: Damaged screens (67%), Wi-Fi or connectivity issues (28%), touchscreen problems (24%), loose or damaged charging port (22%), water damage (21%), battery not working properly (21%), and so on.

There are ton more statistics shared in AllState Protection Plans’ full report, which you can access here. There are also a bunch of infographics available in the gallery below.


[ad_2]
Source link

Amazon’s AI could craft your seller page with just a link

andreasc
-
0
Amazon’s AI could craft your seller page with just a link
[ad_1]

If you are hosting and selling your own products online, chances are that you’re willing to wait before selling them on Amazon. Well, if you’ve decided to make the jump to Amazon, and you already sell your products on another page, then the company has an AI tool that you might like. Using AI, Amazon will let you create a seller page from a link.

Amazon has been implementing generative AI into the seller experience for months. At the moment, people can create seller pages using a quick description of the product they’re trying to sell. Also, the company unveiled a tool that will create seller pages for a product using just an image of the product. So, it’s clear that Amazon has gone all in on generative AI.

Amazon will let you create a seller page using nothing more than a link

Creating a seller page on Amazon will be extremely simple, as the company unveiled a tool that will actually use generative AI to create a full seller page using the link from an existing product page.

So, if you’re already selling your product on another website, you can simply paste the link to that product’s page on your website into the text field. Amazon will use generative AI to create a unique seller page for that product. The generated page will come with a proper title, description, and other information about the product.

A few things to keep in mind

This is a great feature and all, but there are a few things to remember when using it. Firstly, this is a generative AI we’re talking about. This means that there’s always a chance that the results aren’t 100% accurate. As such, before you publish your seller page, it’s important that you review every detail of what Amazon creates. Read the description of your product and make sure that everything is on the up and up.

Also, if you’re planning on listing products that are not your own, you may want to reconsider that. As pointed out by The Verge, if Amazon finds that you are listening that is not yours, it will take legal action. You do not want to be sued by a multi-trillion-dollar company, so it’s best to err on the side of safety.

Amazon is in the process of launching this feature, so there’s a chance that you will not see it just yet.


[ad_2]
Source link

Combining Threat Intelligence Platforms & Sandboxes

andreasc
-
0
Combining Threat Intelligence Platforms & Sandboxes
[ad_1]

Organizations have many tools when investigating cyber threats, but two stand out: Threat Intelligence Platforms (TIPs) and sandboxes.

Each solution provides distinct advantages, yet combining their capabilities can lead to a more practical approach to detecting, analyzing, and responding to threats that can save resources and improve operations.

Let’s look at the key benefits of integrating TIPs and sandboxes for organizations. 

What Are Sandboxes? 

Sandboxes offer virtual environments intended for isolated malware analysis. Analysts use them to execute potentially malicious software without exposing their systems to the risk of infection.

Sandbox analysis aims to study malware’s operation and understand its tactics, techniques, and procedures (TTPs), which is essential for developing effective countermeasures.  

One example of such a service is ANY.RUN’s cloud-based sandbox. It allows users to upload and analyze suspicious files and URLs in fully interactive Windows and Linux virtual machines (VMs).

Analyzers can gain a complete view of malware behavior, including network traffic, system changes, and exploited vulnerabilities, and collect indicators of compromise (IOCs). 

What are Threat Intelligence Platforms? 

Threat Intelligence Platforms are searchable platforms that contain processed threat data from various sources.

By aggregating information from open-source feeds, commercial threat intelligence providers, and internal security tools, TIPs grant security teams access to insights into current cyber threats’ nature, origin, and potential impact.

The goal of using a TIP is to find additional context information on threats using existing artifacts or indicators.  

For instance, Threat Intelligence Lookup is a TIP that runs on the data collected from millions of public malware analysis sessions launched by users of the ANY.RUN sandbox.

Thanks to this, in addition to the standard indicators, such as domains and file names, the platform provides users with advanced search capabilities, enabling them to search for information across command lines, network and registry events, processes, triggered Suricata rules, etc. 

Document

ANY.RUN Threat Intelligence Lookup

Get a personalized demo of Threat Intelligence Lookup and ANY.RUN sandbox by scheduling a call 

Threat Intelligence Lookup centralized repository of millions of IOCs extracted from ANY.RUN’s extensive database of interactive malware analysis sessions..

Combining TIPs and Sandboxes for Maximized Security Efficiency 

Integrating Threat Intelligence Platforms and Sandboxes creates a robust security framework that offers several advantages: 

A Better Understanding of the Threat Landscape 

TIPs provide security teams with a wealth of information on known and emerging threats, while sandboxes offer deeper insights into malware behavior and tactics.

Thus, organizations can gain a holistic view of threats currently presenting a risk and address potential vulnerabilities. 

Faster Response to Incidents 

Sandboxes can extract IOCs that can then be correlated with a TIP’s threat intelligence database. A search can yield valuable context on the threat in the form of extra indicators and samples. In turn, this can speed up incident response, allowing security teams to set their priorities more accurately and minimize the potential damage caused by attacks. 

Ability to Proactively Hunt for Emerging Threats 

The combination of TIPs and sandboxes enables security teams to engage in proactive threat hunting, using the intelligence provided by TIPs to create customized sandbox environments to analyze potential threats. Organizations can stay one step ahead of attackers by studying the potential vulnerabilities targeted by new threats. 

Better Resource Management  

Combining TIPs and sandboxes lets organizations make more informed decisions about resource allocation, prioritizing their efforts based on the most pressing threats.

With this approach, security teams can maximize the impact of their resources, ensuring that they are deployed where they can have the most significant effect on an organization’s security posture. 

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Using a TIP and Sandbox to Identify and Analyze Remcos 

Let’s imagine you, as a cybersecurity professional, receive an alert about a suspicious network connection coming from one of the devices in your organization’s network. 

You decide to employ a threat intelligence platform to investigate it further and determine whether this situation poses any risk to the company.  

You begin your investigation by entering the currently available information about the incident, the IP address and the destination port, and configure the search to cover a period of the last seven days. 

The search query entered into Threat Intelligence Lookup  

Thus, you put together the query presented in the image above. 

Search results provided by Threat Intelligence Lookup 

The platform returns a wealth of information related to the provided indicators, including a domain which is marked as malicious by the platform, as well as additional IPs, events, and files. 

Sandbox tasks found by Threat Intelligence Lookup 

Most importantly, the platform provides 95 malware analysis sessions (tasks) from the ANY.RUN sandbox where the IP and port were used, all of which have the Remcos tag that indicates the known remote access trojan (RAT). 

A Remcos analysis session opened in the ANY.RUN sandbox 

Thanks to the direct integration of the platform with the sandbox, you can explore any of these tasks further and study the execution process of Remcos, view details such as the TTPs used by attackers, network and registry activity, processes, and even the configuration of the malware. 

As a result, you successfully and quickly identify the malware family present on your organization’s network and collect extensive information on it by using the combination of the two tools, facilitating further response. 

Try Threat Intelligence Lookup and ANY.RUN Sandbox 

Threat investigations and malware analysis can be fast, simple, and affordable. Just let ANY.RUN show you how. 

Test all features of Threat Intelligence Lookup and ANY.RUN’s interactive sandbox as part of a personalized demo for your SOC/DFIR team.  You can schedule a call. 


[ad_2]
Source link
1...318319320...1,474Page 319 of 1,474