Threat Intel

Welcome to the first instalment of threat week, the concept of threat week is to provide regular updates on threats, vulnerabilities, security news to provide you with a service that cuts through the noise and enables you to improve the security of your organisation.

To give people an idea of the content we will be producing we’ve published the following below. The concept is to tailor the content to your specific organisation as we’ve been doing with our customers. To start this process, after your subscribe one of the team will be in touch to discuss your specific requirements.

Vulnerabilities

Vmware releases patches for ESXi, Fusion and Workstation to remove data leakage vulnerabilities!

https://www.vmware.com/uk/security/advisories/VMSA-2018-0016.html

Hackers are targeting CISCO CVE-2018-0296

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd

Threat Trends

Threat Trend – Ransomware declines whilst Crypto mining malware becomes king of the hill for attackers

http://www.newsweek.com/crypto-mining-malware-outbreak-infected-500000-computers-single-day-836145

Security News

Ticketmaster breach – Most of you will be aware that Ticketmaster was involved in a cyber incident. The NCSC has published guidance for customers who suspect their account have been compromised.

https://www.ncsc.gov.uk/guidance/ncsc-advice-ticketmaster-customers

The UK government has released a new minimum set of cyber security standards, designed for government usage but perfectly adoptable in the private sector. These standards follow the identify, protect, respond, recover phases of NCSC guidance. Well worth a review even if you are on top of your security game to make sure nothing has fallen through the cracks!

https://www.gov.uk/government/publications/the-minimum-cyber-security-standard

X-Lab Research

We run honeypots and perform breach and malware analysis the vulnerable x-lab.

Exposed RDP interfaces

We’ve seen a range of IP addresses conducting brute force on RDP connections this week for IOCs please see our suspicious RDP ‘Bruters’ list on GitHub – https://github.com/Xservus/IOCs/blob/master/RDP%20bruters

Threat Week News

Endpoint Security Assessment – How strong are your defences?

We’ve created a survey to get you thinking about your security organisation and how strong your endpoint defences are. It’s in beta at present so please submit any feedback or suggestions.

Endpoint Assessment (Beta)

Xservus achieves Cyber Essential and IASME Governance Certification renewal

  • For the third year running Xservus has demonstrated it meets requirements not only for Cyber Essentials but also the fare more stringent IASME governance standards. This year the standard has been upgraded to measure GDPR compliance, so we were very pleased to have achieved this without breaking a sweat.

Review all the things!

We are busy in the X-lab reviewing the latest and greatest security products and services. Currently in the lab we have the following products being tested:

  • CISCO Umbrella
  • DarkTrace
  • Sophos Endpoint Protection + Intercept X
  • Windows 10 Defender (with ransomware and cloud submission enabled)

Keep an eye out on our blog site for reviews and our views on the industry:

https://www.xservus.com/blog

Free Resources

Don’t forget to check out our newly updated endpoint security controls assessment on our GitHub

https://github.com/Xservus/Assessments

suspected malicious IP addresses

https://github.com/Xservus/IOCs/blob/master/malicious_ips

and our other script resources

https://github.com/Xservus/P0w3rSh3ll

To unsubscribe and stop receiving threat intelligence updates please email “Unsubscribe” in your subject to [email protected]

Leave a Reply