Die #DigitalEurope Ausschreibung DIGITAL-ECCC-2022-CYBER-B-03-SOC "Capacity building of Security Operation Centres" läuft noch bis zum 06.07.2023. Es sind Projektanträge 📄 geeignet, die eine bessere Detektion 🔎 und Analyse 💻 von Cyber-Angriffen ermöglichen. Threat-Intelligence inkl. -Sharing Vorhaben kommen ebenfalls infrage.

Ausschreibungsunterlagen im EU Funding & tender opportunities Portal 👇
https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/topic-details/digital-eccc-2022-cyber-b-03-soc

#DigitalEU #SOC #Detection #Analysis #CSIRT #ThreatIntel #CTI

Guía Práctica para CSIRTs

¿Por qué es necesario un #CSIRT?

Español: https://bit.ly/425Qkb5
Inglés: https://bit.ly/3AR0lNu

Vía: Organización de los Estados Americanos (OEA), @cibercrimen

#Ciberseguridad #EstrategiaDigital

One of my brilliant coauthors Megan Roddie did a write up from our SANS #FOR509 #CloudForensics class on how to extract #AWS logs for analysis.

#DFIR #CSIRT #CERT
https://www.sans.org/blog/aws-cloud-log-extraction/

Struggling with the wave of OneNote #phishing documents? Did you know you can block OneNote from launching an embedded file, which prevents the current wave of phishing docs.
#DFIR #CSIRT #MalDoc
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/

That's a wrap - a great event in Kigali, Rwanda.

Min. Paula Ingabire (Minister of Information Communication Technology and Innovation) opened the FIRST, AfricaCERT and National Cyber Security Authority Rwanda symposium. 4 days of excellent content bringing together folks from 48 countries to collaborate, learn, build trust and discuss strategies to shape a secure internet for Africa.

#FIRSTdotOrg #collaboration #BuildingTrust #CSIRT #PSIRT #FIRSTAA23

The #CFP for the Balkan Cybersecurity Days 2023 Symposium is open! May 16-18 in Orhid, North Macedonia. Event overview and CFP guidelines available at https://www.first.org/events/colloquia/ohrid2023/cfp

@firstdotorg @DCAF_Geneva @MkdCirt @aecmk #collaboration #BuildingTrust #PSIRT #CSIRT

The #DNSAbuse #SIG has proudly published its Techniques Matrix and has offered an introduction to the document on the #FIRSTBlog. Check it out at: https://www.first.org/blog/20230228-DNS_Abuse_Techniques_Matrix

#FIRSTdotOrg #collaboration #BuildingTrust #PSIRT #CSIRT

The opening sessions at the FIRST & AfricaCERT Symposium in Kigali, co-hosted by @AfricaCERT and @National Cyber Security Authority Rwanda. 2 days of training followed by a plenary session on Thursday. FIRST doing what FIRST does best - working with great partners to make the internet safer. #FIRSTdotOrg #collaboration #BuildingTrust #PSIRT #CSIRT

L’Italia ha bisogno di un Responsible Disclosure Nazionale: cambiare le normative, innovare e incentivare per proteggere

Recentemente, sui #socialnetwork (sia LinkedIn che Twitter) è #apparso un post dove si portava all’attenzione una #segnalazione di un utente allo #CSIRT Italia.

Nell'articolo spieghiamo che sarebbe necessario un "#responsible #disclosure nazionale", per poter beneficiare dell'aiuto degli hacker etici e alcune idee di realizzazione.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/litalia-ha-bisogno-di-un-responsible-disclosure-nazionale-cambiare-le-normative-innovare-e-incentivare-per-proteggere/

La Bretagne en pointe dans la #cybersecurity .. alors il est où ton #CSIRT ? Parce que c'est prêt ailleurs :-/

This year's Incident Response Hall of Fame call for nominations closes on March 3rd. The IRHF recognizes visionaries, leaders, and luminaries who have significantly contributed to our industry. Find out more here https://t.co/mXC2TGtQw9.

#FIRSTdotOrg #collaboration #BuildingTrust #CSIRT #PSIRT #IRHoF

The 'R' in 'SIEM' stands for 'Response'.

#cybersecurity #security #incidentresponse #csirt #soc #securityoperations #infosec

The 'R' in 'SIEM' stands for 'Response'.

#cybersecurity #security #incidentresponse #csirt #soc #securityoperations

👋 Our new technical analysis is now available!
We have studied a phishing kit targeting Coinbase customers.
🐟 Its particularity: to bypass the MFA! 🤨

https://stalkphish.com/2023/01/25/phishing-kit-coinbase-phishing-kit-with-live-admin-panel-to-bypass-mfa-an-analysis/

#phishing #phishingkit #soc #CSIRT #infosec #cybersecurity #scam #ThreatIntelligence #stalkphish

RT @joshlemon@twitter.com

If you develop your own #Malware #Playbooks or SOPs, this is a really good resource to assist with #Antivirus alerts and log analysis from @cyb3rops@twitter.com.

#DFIR #SOC #CSIRT

https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0/

🐦🔗: https://twitter.com/joshlemon/status/1615176708319236097

If you develop your own #Malware #Playbooks or SOPs, this is a really good resource to assist with #Antivirus alerts and log analysis from @cyb3rops.

#DFIR #SOC #CSIRT

https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0/

There has been a minor update to the 4624 Security.evtx event in Windows 11.Write-up below, plus a direct comparison (link below) if you're impatient like me and want to see the differences.

#DFIR #CSIRT #IncidentResponse

Comparison: https://aboutdfir.com/wp-content/uploads/4624Comparison.html

Full Write-Up: https://aboutdfir.com/dfir-fyi-security4624-has-been-updated-in-windows-11-pro-22h2/

@fugueish Yes, but I think your CSIRP and related processes would need to reference MITRE ATT&CK and require it before it would be widely used.
It can get you started on mapping out any possible threat, risk, or attack you can think of and help you come up with mitigations. But if everybody isn't using it, you'll have references and language that only some teams understand.
In real life, it is nice when our security tools link to MITRE ATT&CK because we can quickly understand what a particular alert is about. But we don't put that on a report that goes to anybody else, because, as of right now, they would have no idea what T1548.002 means.

#mitre #mitreattack #mitreattck #csirp #csirt #infosec

This tool allows you to qualify one or more potential malicious observables of various type (URL, MD5, SHA1, SHA256, SHA512, IPv4, IPv6, domain etc..) using online and onpremise sources:
https://github.com/Maxou56800/BTG

#IOC #Malware #ThreatIntel #SOC #CSIRT #OpenSource

Chekib Gharbi présente le projet de réseau régional du #CSIRT.

Leur objectif est de transformer l'économie en investissant dans les domaines les plus porteurs autour de 3️⃣ priorités :

♻️ L'ecologie
💪 La compétitivité
🤝 Le cohésion

#iotweek #iotweekhdf