Cyber Threat Intelligence

In October 2021 I read an article from The Journal of CyberSecurity and Privacy titled:  “An Empirical Assessment of Endpoint Detection and Response Systems against Advanced Persistent Threats Attack Vectors” while writing an article about EDR/XDR solutions and how they have evolved the strategy for threat hunting over traditional methods.  You can read that article here.   I think now is a good time to revisit that research paper and describe what was uncovered. More specifically: what type of TTPs are still able to circumvent top of the line EDR solutions built by the world’s top vendors of security products? One reason for this revisit is because I saw an article by Recorded Future discussing the same paper and wanted to contribute my take on it. The full paper is available for download here: https://arxiv.org/pdf/2108.10422.pdf, and the published version is available by searching Google for the article title “An Empirical…

Read more

The Details The Log4J vulnerability in the Java logging package maintained by Apache made headlines late last week. It was disclosed as a Zero Day bug which is easily exploitable, received a CVSS score of 10/10, and includes remote code execution (RCE) on the target host. Associated CVE-2021-44228 is available on the NIST NVD website which provides more information and references including the CISA advisory. The number of Log4J installations has been described as “hundreds of millions” and “countless”. Virtually all Log4J versions (<= 20.14.1 which was released in early March 2021) are vulnerable. The most recent version of Log4J is now version 20.16.0 since subsequent patched updates were released in quick succession on December 6th and December 13th of 2021. If you want to know whether a 3rd party application is vulnerable to re-assess your risk, review the Software Bill of Materials (SBOM), if one has been provided, it…

Read more

The Recorded Future web-conference today was a great insight into the deep Cyber-Intelligence technology the company has developed and what it offers organizations. On display were both a definitive set of broad trend data combined with deep and granular information on every aspect of the MITRE ATT&CK framework and beyond. Recorded Future’s LinkedIn profile reports the company as having had Series E funding of $25 million dollars, however Crunchbase reports an even higher total investment of over $50 million dollars.  A press report on PRNewswire in October 2021 outlines Recorded Future’s recent investment in CVE intelligence company Cyber Threat Cognitive Intelligence (CTCI)  and describes the Intelligence Fund; Recorded Future’s investment platform. For anyone as passionate about Cyber-Security, predictive forecasting, and Intelligence as I am, there is a ton to be excited about with Recorded Future’s platform and capabilities.  Here’s what I learned from the conference today. Recorded Future aggregates data…

Read more