The new software-led solution enables organizations to defend against cybersecurity threats in their operational technology (OT) environments. Read More
Related Posts
AWS Launched New Security Incident Response Service to Boost Enterprise Security
AWS Launched New Security Incident Response Service to Boost Enterprise Security
Amazon Web Services (AWS) unveiled a new service, AWS Security Incident Response, designed to help organizations manage security events efficiently.
As cyber threats become increasingly complex, this service offers a comprehensive solution to prepare for, respond to, and recover from incidents such as account takeovers, data breaches, and ransomware attacks.
What is AWS Security Incident Response?
AWS Security Incident Response enables swift action during critical moments by leveraging automated monitoring and investigation, streamlined communication from Amazon GuardDuty, AWS Security Hub, and third-party tools, and 24/7 access to the AWS Customer Incident Response Team (CIRT).
It helps organizations effectively prepare for, respond to, and recover from security incidents and enhances communication, offers 24/7 access to AWS CIRT experts, and supports all phases of incident response, from preparation to recovery.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
Key Features of AWS Security Incident Response
According to an AWS statement shared with Cyber Security News, “Engineers designed AWS Security Incident Response to tackle the increasing challenges encountered by security teams. It integratesseamlessly with Amazon GuardDuty and third-party threat detection tools via AWS Security Hub, ensuring a streamlined process from detection to resolution. Here are the core capabilities:
- Automated Triage and Investigation: The service automates the identification and prioritization of security incidents, allowing teams to concentrate on critical alerts. By filtering and suppressing findings based on expected behaviors, it enhances focus and efficiency.
- Simplified Communication and Coordination: With preconfigured notification rules and permission settings, the service supports both internal and external collaboration. A centralized console offers integrated features such as messaging, secure data transfers, and video conferencing, accessible through service APIs or the AWS Management Console.
- Access to Expert Support and Self-Service Tools: Customers benefit from around-the-clock support from the AWS Customer Incident Response Team (CIRT) and have access to self-service tools for independent investigations or collaboration with third-party security vendors.
The service also includes a dashboard providing real-time metrics, such as mean time to resolution (MTTR) and the number of active and closed cases, enabling organizations to continuously monitor and improve their incident response performance.
Organizations can quickly onboard the service through AWS Organizations, ensuring coverage across all accounts.
They begin by selecting a central account where security events are managed. The proactive incident response feature allows automatic monitoring and remediation of threats via GuardDuty and third-party tools.
AWS Security Incident Response also provides containment capabilities through specific IAM roles, which help expedite incident response and reduce potential impacts.
AWS Security Incident Response is now available across 12 AWS Regions, including key locations in the United States, Asia Pacific, Canada, and Europe.
This service represents a significant step forward in supporting customers with the tools and expertise needed to navigate and mitigate modern security challenges effectively.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
The post AWS Launched New Security Incident Response Service to Boost Enterprise Security appeared first on Cyber Security News.
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
New Magecart Campaign Alters 404 Error Pages to Steal Shoppers’ Credit Cards
A sophisticated Magecart campaign has been observed manipulating websites’ default 404 error page to conceal malicious code in what’s been described as the latest evolution of the attacks.
The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries.
"In this campaign, all the victim websites we Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Threat Actors Claim to Sell Data Allegedly Stolen from Cisco
Threat Actors Claim to Sell Data Allegedly Stolen from Cisco
A group of threat actors, led by the notorious hacker known as IntelBroker, has claimed responsibility for a significant data breach at Cisco Systems, Inc. The hackers allege they have stolen a vast amount of sensitive information and are now offering it for sale on the dark web.
The breach, reportedly occurring on October 10, 2024, was announced on Breach Forums by IntelBroker, who collaborated with individuals identified as EnergyWeaponUser and zjj.
The compromised data purportedly includes a wide range of sensitive materials such as GitHub and GitLab projects, SonarQube projects, source code, hardcoded credentials, certificates, confidential Cisco documents, Jira tickets, API tokens, AWS private buckets, Docker builds, Azure storage buckets, private and public keys, SSL certificates, and Cisco premium products.
Several high-profile companies are allegedly affected by this breach. The list of impacted firms includes major telecommunications and financial institutions like Verizon, AT&T, Bank of America, Barclays, British Telecom, Microsoft, Vodafone, and Chevron. The hackers have provided samples of the stolen data to substantiate their claims.
Analyse Any Suspicious Files With ANY.RUN: Intergarte With You Security Team -> Try for Free
Cisco has acknowledged the reports and is actively investigating the situation. A spokesperson for the company stated that they are aware of the allegations and have launched an investigation to assess the validity of these claims.
IntelBroker has a history of high-profile breaches. Earlier in 2024, the hacker claimed responsibility for attacks on companies such as Apple and AMD. These incidents highlight a persistent threat to major corporations from well-organized cybercriminal groups.
The stolen data is being offered for sale in exchange for Monero (XMR), a cryptocurrency known for its privacy features. Cybercriminals commonly use this method to maintain anonymity and avoid detection by authorities.
As investigations continue, the cybersecurity community is closely monitoring the situation. The breach underscores the critical need for robust security measures to protect sensitive corporate data from increasingly sophisticated cyber threats.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)
The post Threat Actors Claim to Sell Data Allegedly Stolen from Cisco appeared first on Cyber Security News.