Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications - mainly via ToolShell targeting SharePoint - for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter.
I really need some opinion here since I don't know which one is better or which one I like better (Blue team or Red team) I'm more inclined on taking the Blue team since I'm hoping to take the Incident Response path. Is there any good certification to build up foundation for this path? Our company is giving us free certification but since most of our members are taking Security+ and BTL1, I need to take other certification since they limited people who can take those. By the way I'm a SOC...
For those of you working in incident response and SOC roles what percentage of alerts would you say are false positives? I've been in my current role for about a year now and 100% of the SIEM alerts we've had are false positives and we get almost 10 each day. Usually these alerts get generated after someone from IT does an administrative task and involves me either investigating myself or another team member which feels like 2 steps forward 1 step back in terms of productivity. Everything we do...
submitted by /u/digicat [link] [comments]
I'm a cybersecurity professional with 6 years of experience, responsible for managing enterprise-wide security across endpoints, email systems and critical infrastructure. My work includes configuring and fine-tuning security tools like antivirus and email protection, validating security rules and policies, reviewing vulnerabilities and patching strategies, supporting incident response and providing security approvals for applications and vendor solutions. I also conduct cross-functional...
After years in cybersecurity, I realised how much of our industry's focus goes to tools and exploits - and how rarely we step back to strengthen the principles behind them. That insight led to Hacking Cybersecurity Principles , which launches today. It revisits the fundamentals - confidentiality, integrity, availability, governance, detection, response, and recovery - with a focus on how they guide modern operations and incident response. If you've seen how quickly fundamentals get...
Laura opens up about her journey through various cybersecurity roles, her leap into incident response, and what it feels like to support customers during their toughest moments - including high-stakes situations impacting critical infrastructure.
Re-Writing the Playbook - A detection-driven approach to Incident Response When was the last time you looked at one of your incident response playbooks? "Playbooks" is one of those terms that gets used in a lot of different contexts within cybersecurity. It's an amorphous word that shifts and changes depending on the audience - If you're talking to an engineer, they might think of a SOAR automation. If you talk to a CISO, security manager or cyber insurer, you might think of a 180-page...
Today marks a strategic leap forward in LevelBlue's mission to become the most complete cybersecurity partner on the market. I'm excited to announce that LevelBlue has entered into a definitive agreement to acquire Cybereason, a global leader in Extended Detection and Response (XDR), digital forensics and incident response (DFIR), and elite threat intelligence. Together we'll deliver unified, proactive, and outcome-driven security solutions around the globe. Why Cybereason? Why Now?...
So I work in T1 support as of now, my company offered me a position to move Into MDR analysis, but the catch is that I will have to work on weekends either Sundays or Saturdays, questions here are: Is it really worth it to move there? Could it be considered as a side step more than a promotion? I could be moved into threat hunting or incident response In the future which I really like, but I really hate working on weekends. They will train me for 6 months for, which I also like. Will this...
In 2024, ransomware unique victims on leak sites grew by 25%. How do you stay resilient today? Find 6 steps you need in your cyber incident response plan.