Top 6 Cybersecurity best practices to protect business networks:

1️⃣ Adopt zero trust to limit breach impact 🔐
2️⃣ Keep systems patched & updated 🛠️
3️⃣ Layered security: VPN, EDR/MDR, antivirus 🖥️
4️⃣ MFA for all accounts 🔑
5️⃣ Robust backup & disaster recovery ☁️
6️⃣ Continuous staff training 🎓

🔗 https://proton.me/blog/network-security-best-practices

#TechNews #CyberSecurity #Privacy #DataProtection #InfoSec #NetworkSecurity #BusinessSecurity #MFA #VPN #EDR #Backup #OpenSource #ITSecurity #DigitalSafety #SecurityAwareness

New GhostLocker Tool that Uses Windows AppLocker to Neutralize and Control EDR
https://cybersecuritynews.com/ghostlocker-tool/

#Infosec #Security #Cybersecurity #CeptBiro #GhostLockerTool #WindowsAppLocker #NeutralizeAndControl #EDR

Evasive SideWinder APT Campaign Detected

A sophisticated espionage campaign targeting Indian entities has been identified, masquerading as the Income Tax Department of India. The activity is associated with the SideWinder APT group, which has evolved its toolkit to evade detection by mimicking Chinese enterprise software. The campaign uses DLL side-loading techniques with legitimate Microsoft Defender binaries to bypass EDR, and utilizes public cloud storage and URL shorteners to evade reputation-based detections. The threat actors employ geofencing behavior, focusing on systems in South Asian timezones. The attack chain includes phishing emails, fraudulent websites, and malicious payloads delivered through file-sharing services. The final stage involves a resident agent that beacons to a command-and-control server, mimicking Chinese endpoint tool protocols.

Pulse ID: 6946da89fb6334ddbb8e3f5c
Pulse Link: https://otx.alienvault.com/pulse/6946da89fb6334ddbb8e3f5c
Pulse Author: AlienVault
Created: 2025-12-20 17:19:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #Chinese #Cloud #CyberSecurity #EDR #Email #Endpoint #Espionage #FileSharing #India #InfoSec #Microsoft #MicrosoftDefender #Mimic #OTX #OpenThreatExchange #Phishing #Sidewinder #SouthAsia #bot #AlienVault

Endpoint protection isn’t just EDR. Strong security needs Endpoint Privilege Management + Application Control to block unauthorised actions before they become incidents.

#EndpointSecurity #EPM #EDR #CyberDefence #InfosecK2K

What Is EDR in Cyber Security? Overview, Benefits & Core Capabilities

Learn what EDR in cyber security is, how it works, its benefits, core capabilities, and top tools in 2025 to protect your business from modern threats.

👉 Read more: https://www.ecsinfotech.com/what-is-edr-in-cyber-security-overview-benefits-core-capabilities/

#CyberSecurity #EDR #EndpointSecurity #ThreatDetection #DataProtection #CyberDefense #ITSecurity #DigitalSecurity #CyberThreats #ECSInfotech #ECS

Пара реальных историй из жизни аналитиков SOC

Своевременное выявление инцидентов ИБ позволяет минимизировать возможный ущерб в случае реализации связанных с ними рисков. Security Operations Center (SOC) — это центр мониторинга информационной безопасности, структурное подразделение организации, отвечающее за оперативный мониторинг IT-среды и предотвращение киберинцидентов. Специалисты SOC собирают и анализируют данные с различных объектов инфраструктуры организации и при обнаружении подозрительной активности принимают меры для предотвращения атаки и именно от них зависит, насколько быстро будет обнаружена та или иная атака. В этой статье мы рассмотрим пару реальных случаев расследования инцидентов аналитиками SOC. Но для начала давайте разберемся с тем, как построено взаимодействие специалистов в Security Operations Center. Как работает SOC

https://habr.com/ru/companies/otus/articles/972158/

#soc #siem #edr #мониторинг_безопасности #реагирование_на_инциденты #расследование_инцидентов #фишинговая_атака #кибератаки

#Ransomware #IAB abuses #EDR for stealthy #malware execution

https://www.bleepingcomputer.com/news/security/ransomware-iab-abuses-edr-for-stealthy-malware-execution/

#cybersecurity

Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation

Pulse ID: 693a4866260a4aa086aeb335
Pulse Link: https://otx.alienvault.com/pulse/693a4866260a4aa086aeb335
Pulse Author: Tr1sa111
Created: 2025-12-11 04:28:22

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #Phishing #bot #Tr1sa111

#Ransomware gangs turn to #ShanyaEXE packer to hide #EDR killers

https://www.bleepingcomputer.com/news/security/ransomware-gangs-turn-to-shanya-exe-packer-to-hide-edr-killers/

#cybersecurity #cybercrime

DeadLock ransomware now uses a new BYOVD loader exploiting Baidu driver CVE-2024-51324 to terminate EDR processes at the kernel level. Pre-encryption PowerShell scripting disables defenses and wipes shadow copies before deploying custom time-based encryption.
https://www.technadu.com/deadlock-ransomware-uses-new-byovd-loader-exploiting-driver-vulnerability-to-disable-edr/615498/

#Cybersecurity #Ransomware #BYOVD #DeadLock #EDR #ThreatIntel