Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->

Threat Hunting: Going After The Big Game

It's Jian Zhen's turn at the News Desk, as the senior VP of product for Endgame discusses the company's automated hunting platform for detecting and evicting event adversaries. It doesn't require a trip to the jungle: Endgame has added pre-exploit detection, malware scoring, and automated investigation to its services. We also discuss HaaS (Hunting as a Service), which is a managed service for organizations that lack the security talent to detect threats before they happen.

Comment  | 
Print  | 
//Comments
Newest First  |  Oldest First  |  Threaded View
randallsykes
randallsykes,
User Rank: Apprentice
7/19/2017 | 4:03:52 PM
Website Design
Good post/video. I'll be checking out the other content on this site as well, very informative.
Rico777
Rico777,
User Rank: Apprentice
2/21/2017 | 10:05:29 AM
Good video
Very interesting video, thank you so much
SEO Marketing
SEO Marketing,
User Rank: Apprentice
1/12/2017 | 2:48:19 PM
SEO Marketing
I like this site.  You can learn a lot here.  Thanks!
Benefiter
Benefiter,
User Rank: Apprentice
11/12/2016 | 10:06:47 AM
Re:
Fine post. Thanks, I ll follow the next one. Useful and interesting information.  
Lily652
Lily652,
User Rank: Moderator
11/12/2016 | 5:17:00 AM
prayer times
good video, interesting information, I also agree with all
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33991
PUBLISHED: 2022-08-15
dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers.
CVE-2022-33989
PUBLISHED: 2022-08-15
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
CVE-2022-33990
PUBLISHED: 2022-08-15
Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.
CVE-2022-33988
PUBLISHED: 2022-08-15
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
CVE-2022-36262
PUBLISHED: 2022-08-15
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php.