What is Nostr?
BrianKrebs /
npub1vc3…axsh
2024-04-19 21:47:48

BrianKrebs on Nostr: MITRE, a not-for-profit that does important tech research for the U.S. federal ...

MITRE, a not-for-profit that does important tech research for the U.S. federal government, has disclosed a breach involving the exploitation of two recent zero-day flaws in Ivanti devices. Their disclosure is worth reading.

https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

From the recommendations:

-Anomaly Detection: Monitor VPN traffic for unusual patterns, such as spikes in connections (DS0029) or unusual geographic locations.
-Behavior Analysis: Look for deviations in user behavior, such as unusual login times (DS0002 or DS0028) or accessing unfamiliar resources.
-Network Segmentation: Segmenting networks can limit lateral movement (DS0029), making anomalous activities more apparent.
-Threat Intelligence Feeds: Stay updated with threat intelligence feeds to identify known malicious IP addresses (DS0029), domains, or file hashes (DS0022).
-Adversary Engagement: Deploy adversary engagement resources in your environment, such as deception environments and honey tokens that not only trigger detection but provide deeper insights into adversary TTPs.

h/t [@simontsui](https://infosec.exchange/@simontsui)
Author Public Key
npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axsh