Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Security Dive

New articles!

Articles

January 23, 2024

Analysis of Ivanti 0-days, CVE-2023-46805 and CVE-2024-21887

Landing PageSecurity DiveVulnerabilities

Introduction On January 10, 2024, the cybersecurity organization Volexity reported the active exploitation of two critical zero-day vulnerabilities in Ivanti…

January 11, 2024

From zero to certificate hero. The 5 Steps to a mature Certificate Lifecycle Management

Landing PageSecurity basicsSecurity Dive

Imagine. Your important website/customer portal/service tools/VPN/… goes down unexpectedly. Everyone is running around stressed to the

October 27, 2023

Citrix NetScaler flaw exposing sensitive data

Landing PageSecurity DiveVulnerabilities

Introduction On 10th of October 2023 Citrix Systems released a security bulletin for one critical and one high severity vulnerabilities. Critical vulnerability identified as CVE-2023-4966, was discovered in Citrix

October 26, 2023

Navigating CVE-2023-22515 in Confluence Data Center and Server

Landing PageSecurity DiveVulnerabilities

Introduction This letter serves as an urgent notification regarding a critical vulnerability, CVE-2023-22515, which affects Atlassian Confluence Data Center and Server. Confluence is

October 24, 2023

Using EDR telemetry for offensive research

Landing PageSecurity DiveVulnerabilities

About EDR EDR – Endpoint Detection and Response – is a type of security solution, with agents running on endpoints (workstations, servers, etc.). Its first role is detection of…

September 12, 2023

Storm-0588 Azure AD Token Forging Attack

Landing PageSecurity DiveThreat research

Key Takeaways Azure Active Directory (AAD) Compromise: The incident involves the compromise of OpenID signing keys within the Azure AD environment, indicating a significant security threat to…

September 12, 2023

Downfall Vulnerability (CVE-2022-40982)

Landing PageSecurity DiveVulnerabilities

Key Takeaways Downfall Vulnerability Scope: The Downfall vulnerability, tracked as CVE-2022-40982, affects multiple Intel microprocessor families from Skylake through Ice Lake, enabling attackers to steal sensitive data, including passwords, encryption

July 10, 2023

The escalation of invasive wiretapping in Cyber Warfare

Landing PageSecurity DiveThreat research

Key Takeaways Wiretapping, previously associated primarily with spy cinema, has become a real and evolving threat in today's digital world, with state actors and APT groups…

July 3, 2023

Roaming and racing to get SYSTEM – CVE-2023-37250

Landing PageSecurity DiveVulnerabilities

Introduction In my previous blog post (https://atos.net/en/lp/securitydive/creating-persistent-local-privilege-escalation-with-temporarily-elevated-legitimate-installers) I mentioned potential

June 20, 2023

Outlaw APT group - From initial access to crypto mining

DFIRLanding PageSecurity Dive

Foreword Eviden Digital Security regularly performs incident response and gathers information on various groups of attackers. In the summer 2022, a…

June 15, 2023

Insider Threat – What if the Big Bad Wolf was already in?

Landing PageSecurity DiveThreat research

Insider threat is considered as one of the top-10 concerns in cyberspace in 2023. It is as prominent cause of…

June 6, 2023

CA/Browser Forum S/MIME Certificate Requirements, what is it and what to do about it?

Landing PageSecurity basicsSecurity Dive

Introduction Protecting email is an often overlooked but sometimes necessary feature. Email can be encrypted to prevent…

June 2, 2023

Detailed analysis of the Zero- Day vulnerability in MOVEit transfer

Landing PageSecurity DiveVulnerabilities

Key Takeaways •A common feature among all exploited devices is a webshell named 'human2.aspx' located in the 'C:\MOVEitTransfer\wwwroot' public HTML

May 30, 2023

AIsaac and AWS Security Lake When Data lakes meets AI

Landing PageSecurity and TechSecurity Dive

Navigating the sea of security data: why organizations need data lakes Imagine you're a fisherman, casting your net into the vast ocean in…

May 17, 2023

Snake Malware

Landing PageSecurity DiveThreat research

Taken down by the FBI after 20 years of existence   Key Takeaways In a coordinated operation FBI with other organizations took down the Snake malware operational infrastructure. Snake malware has been linked with the…

April 28, 2023

BumbleBee hunting with a Velociraptor

DFIRLanding PageSecurity Dive

BumbleBee, a malware which is mainly abused by threat actors in data exfiltration and ransomware incidents, was recently analyzed by Angelo Violetti of SEC Defence - the Digital Forensics and…

April 13, 2023

CA Browser Forum Code Signing Certificate Requirements

Landing PageSecurity basicsSecurity Dive

As long as computers exist, they needed programming code to run. Almost as long as code is running, people have been trying to change the code in…

April 4, 2023

Cl0p Ransomware Group activity related to data leaks from GoAnywhere MFT

Landing PageSecurity DiveThreat research

The essentials The Threat Actor TA505 is deemed as a trendsetter for its ever-changing tactics, techniques, and procedures (TTPs) It targets…

March 31, 2023

Creating Persistent Local Privilege Escalation with Temporarily Elevated Legitimate Installers

Cyber securitycybersecurityLanding PageSecurity DiveVulnerabilities

The interesting case of WinSCP A couple of months ago, while analyzing one of our environments, we had noticed instances of the LogonUI.exe…

March 21, 2023

SOCCRATES – Automation and Orchestration of Security Operations

Landing PageSecurity and TechSecurity Dive

SOCCRATES (SOC & CSIRT Response to Attacks & Threats) is a EU-funded research and innovation project that brings together some of the best European expertise in the…

March 1, 2023

Are privacy-enhancing technologies the holy grail to privacy?

Landing PageSecurity and TechSecurity Dive

According to Gartner, by 2025, 60% of large organizations will use one or more privacy-enhancing computation techniques in analytics, business intelligence or cloud computing.…

February 15, 2023

How to build an agile SOC?

Landing PageSecurity basicsSecurity Dive

Companies are spending more than ever to protect their digital assets. Gartner predicts that worldwide spending on information security and risk management products and services will hit $188.3 billion…

February 9, 2023

AI-based detections in SOC

Landing PageSecurity and TechSecurity Dive

We are currently experiencing the 4th Industrial Revolution (4IR). If adoption of digital technology was the defining feature of the 3rd Industrial Revolution, then interconnection between these technologies as well…

January 31, 2023

The top five steps to PKI success

Landing PageSecurity basicsSecurity Dive

PKI and Certificate Lifecycle Management aren't the hottest or sexiest topics, but they are a fundamental part of any well-run security program. Below, we will outline five

January 24, 2023

The EU Cyber Resilience Act: Brace for impact

Game rulesLanding PageSecurity Dive

In September 2022, the European Commission presented a proposal for a new Cyber Resilience Act (CRA) to protect consumers and businesses from vulnerable IT products. It…

January 18, 2023

Attacking Local Self-Protection Mechanisms – a case study of CVE-2019-3613 and CVE-2022-3859

Landing PageSecurity DiveVulnerabilities

Introduction to Trellix CVE 2022-3859 On 29th November Trellix (former McAfee) released…

January 3, 2023

CISO’s perspectives - The 4 recommendations to sleep without a worry

Landing PageSecurity basicsSecurity Dive

1. Sleeping-well CISO: myth or reality? Considering the countless cyber threats that go on, what threat keeps you up at…

December 14, 2022

10 security tips to protect your organizations against ransomware

Landing PageSecurity basicsSecurity Dive

The business of Ransomware is flourishing, boosted by anonymity of the attackers, limited number of criminal cases being prosecuted, automation of attack methods and…

December 7, 2022

Cyber insurance: Challenges and reassurances in a maturing market

Game rulesLanding PageSecurity Dive

Over the past twenty years, data has become the new gold, providing valuable insights across IT infra, AI and automation, and support functions. At…

December 5, 2022

Setting hardware Root-of-Trust from Edge to Cloud, and how to use it

Landing PageSecurity and TechSecurity Dive

Atos presented during the European Cyber Week its unique approach to ensure platform firmware resilience in a…

December 1, 2022

The top 3 recommendations to get your incident response team ready for the Holiday season

Landing PageSecurity basicsSecurity Dive

The winter season, with the end-of-year celebrations, is a very specific and sensitive period for

November 28, 2022

MITRE ATTACK Evaluations : malicious activities reported by Atos MDR

Landing PageSecurity and TechSecurity Dive

Since 2018, MITRE Engenuity has been conducting ATT&CK Evaluations focused on evaluating the potential capability of products to detect and protect against known…

November 10, 2022

How to accelerate analysis of Windows Event logs

DFIRLanding PageSecurity Dive

As Windows auditing subsystem is complex, this article focuses on part of it: the Event Logger. In modern Windows systems audit events are saved to files…

November 4, 2022

Taking off with PKI: How to get the basics right

Landing PageSecurity basicsSecurity Dive

Public key infrastructure (PKI) is evolving into one of the most pervasive technologies. It is everywhere around us, often without people even realizing…

September 30, 2022

OSINT of Exchange 0-day campaign

Landing PageSecurity DiveVulnerabilities

Introduction Reports of new 0-day vulnerabilities electrify the Cybersecurity community, especially when they affect commonly used products.  Recent news about the successor of the infamous ProxyShell -CVE-2022-41040, CVE

August 5, 2022

Color teaming 101: understanding Security Teams

Landing PageSecurity basicsSecurity Dive

Cybersecurity is just like a planet in a huge spectrum of cyberspace. Like how we have various planets in space, similarly we have various teams in cyberspace. So, fasten…

July 11, 2022

Deepfake and PII - an Inside Threat concept supported by Artificial Intelligence

Landing PageSecurity DiveThreat research

Executive Summary Deepfake is a photo manipulation technology that has been developed in an open-source model since 2018…

May 31, 2022

New DDoS threats on the rise for emergency calling services

Landing PageSecurity DiveThreat research

Emergency calling services need to offer a 24/7 availability to the citizens. Unfortunately this is not always true due to new cyber threats…

March 31, 2022

Analysis of the most important CWEs for hardware security

Landing PageSecurity DiveVulnerabilities

Over the last few years, technological advances have continued to accelerate exponentially to meet the growing demand for reliable connectivity and robust security. As…

February 28, 2022

Risks from the Cyberattacks in the RU-UA conflict

Landing PageSecurity DiveThreat research

Risks from the Cyberattacks in the RU-UA conflict Executive Summary With the ongoing conflict between Russia and Ukraine escalating, the risk remains high for…

February 15, 2022

Focus on information exchange between DevSecOps

DFIRLanding PageSecurity Dive

Red Team Lessons Learned Series – Episode 3 Focus on information exchange between DevSecOps   Introduction In this series of blog posts I wanted to highlight…

February 8, 2022

Do not neglect security in development systems

DFIRLanding PageSecurity Dive

Red Team Lessons Learned Series – Episode 2 Do not neglect security in development systems   Introduction In this series of blog posts I wanted to highlight…

February 1, 2022

Never feel afraid to report a security incident

DFIRLanding PageSecurity Dive

Red Team Lessons Learned Series – Episode 1 Never feel afraid to report a security incident   Introduction In this series of blog posts I wanted…

January 25, 2022

How to secure your organization against ransomware with EDR or MDR

Landing PageSecurity and TechSecurity Dive

Ransomware is one of the most significant cyber threats to face organizations today. Time and again, threat actors have leveraged known…

January 18, 2022

Misconfigured firebase: A real-time cyber threat

Landing PageSecurity DiveVulnerabilities

Misconfigured firebase: A real-time cyber threat Every day, we hear about customer data being compromised, data posted on the dark web for sale, or a similar cybersecurity…

January 13, 2022

Poorly configured S3 Buckets – A hacker’s delight

Landing PageSecurity DiveVulnerabilities

Poorly configured S3 Buckets A hacker’s delight In today’s technological climate, finding the best way to store, share, and manage ever-increasing data sets is a

December 16, 2021

Surge in malware loaders activity, a dangerous trend before the Christmas Holidays

Landing PageSecurity DiveThreat research

Surge in malware loaders activity A dangerous trend before the Christmas Holidays The Christmas Holidays are almost upon as. We…

December 13, 2021

Log4Shell - Unauthenticated RCE 0-day exploit

Landing PageThreat research

Log4Shell – Unauthenticated RCE 0-day exploit (CVE-2021-44228) In this blog, we provide background on Log4Shell vulnerability (CVE-2021-44228), detection guidance and we recommend mitigations. Vulnerability

December 7, 2021

External remote services attacks

Landing PageSecurity DiveThreat research

External remote services attacks How to stop one of today’s most common intrusion methods? Cybersecurity incidents are on the rise. 64% of companies have suffered at least one incident. Ransomware grew by…

December 2, 2021

Public to public credential access

DFIRLanding PageSecurity Dive

Introduction The goal of this post is to draw some attention to a couple of very simple and effective attack vectors that let our team stealthily compromise an entire shared…

November 15, 2021

Offensive Linux tricks every defender should know about

Landing PageSecurity basicsSecurity Dive

Offensive Linux tricks every defender should know about Everyone doing a proper job of administrating nix-like systems should know these scenarios. The list below was put together

November 4, 2021

BlackMatter ransomware

Landing PageSecurity DiveThreat research

Introduction Atos Digital Security regularly performs incident response and gathers information on various groups of attackers. Among them, BlackMatter stands out for its remarkably rapid rise despite its recent inception. This new group of attackers…

October 29, 2021

Cloud attacks: How to secure a growing threat vector

Landing PageThreat research

Cloud attacks: How to secure a growing threat vector   The cloud is a double-edged sword. On the one hand, organizations have used the…

October 26, 2021

Vertical specialized attacks- industry

Landing PageSecurity DiveThreat research

Vertical-specialized attacks: how to stay safe when your industry is under attack Cybersecurity has always been complex. These unique security challenges come from many places — your products, your digital…

September 30, 2021

Discovering Potentially Abusable Binaries with streamlined PE Import Table searching

Landing PageSecurity DiveThreat research

Introduction I decided to put this blog post together only to share a simple idea which could potentially be useful or inspirational to…

September 17, 2021

Phishing campaign using HTML Smuggling to get your Office365 credentials

Landing PageSecurity DiveThreat research

Threat Actors constantly evolve in their campaigns to be more successful as security tools are getting better and well-trained employees are more vigilant…

September 7, 2021

IOC Diversification as an Approach to Eradication Avoidance

DFIRLanding PageSecurity Dive

A while ago, during my first Red Team engagement with Atos, I came up with a tactical anti-eradication approach, which was directly inspired by my former…

September 1, 2021

Server-Side Template Injection

Landing PageSecurity DiveVulnerabilities

Templates are pre-formatted documents, which already contain certain information. A template engine is a specific kind of template processing module that exhibits all major features of a modern programming language. The developers…

June 7, 2021

Avaddon Ransomware Analysis

Landing PageSecurity DiveThreat research

Atos Digital Security regularly performs incident response and gather information on various attacker groups. Among them, Avaddon stands out for its modus operandi and its rise.

February 14, 2021

Critical Exchange Vulnerability: Quick Grab on Detection & Mitigation

Landing PageSecurity DiveVulnerabilities

Microsoft has detected multiple zero-day exploits on the on-premises version of the Microsoft Exchange Server (2013,2016, and 2019). Microsoft attributes this campaign with

Digital Security magazine

Cybersecurity solutions

Atos CyberSecurity solutions