Tag: TI and IR posts

Incident response analyst report 2024

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and …

12 March 2025

Babuk, Fortinet, Incident Response, SoC, TI and IR posts
The SOC files: Chasing the web shell

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing …

28 February 2025

Backdoor, Fileless Malware, Malware, SoC, TI and IR posts
Managed detection and response in 2024

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by …

20 February 2025

Cyber Espionage, Incident Response, MDR, SoC, TI and IR posts
One policy to rule them all

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such …

31 January 2025

Compromise assessment, Group policies, Malware Technologies, SoC, TI and IR posts
Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Kaspersky’s GERT experts describe an incident with initial access to enterprise infrastructures through a FortiClient EMS vulnerability …

19 December 2024

Credentials theft, Defense evasion, Fortinet, SoC, TI and IR posts
Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases …

29 October 2024

Compromise assessment, Cybersecurity, Incident Response, SoC, TI and IR posts
Whispers from the Dark Web Cave. Cyberthreats in the Middle East

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, …

14 October 2024

Crimeware, Darknet, Data Leaks, SoC, TI and IR posts
A deep dive into the most interesting incident response cases of last year

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, …

3 September 2024

2fa, Backdoor, Flax Typhoon, SoC, TI and IR posts
Approach to mainframe penetration testing on z/OS

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such …

20 August 2024

Mainframes, Passwords, Pentest, SoC, TI and IR posts
Tusk: unraveling a complex infostealer campaign

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain …

15 August 2024

Clipper, Cryptocurrencies, Dropbox, SoC, TI and IR posts
Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can …

9 July 2024

Cybersecurity, MITRE ATT&CK, Security technology, SoC, TI and IR posts
Trusted relationship attacks: trust, but verify

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors …

28 May 2024

Backdoor, Cyber Espionage, Incident Response, SoC, TI and IR posts

{"loadingDistance":1200,"stickyPosts":[],"nextPageLink":"https://itts.at/archives/tag/ti-and-ir-posts/page/2","queryId":2}

●●●