Jason Soroko

#CyberAlert | Critical Microsoft SharePoint Server vulnerability On July 19, Microsoft published guidance for a critical SharePoint vulnerability (CVE-2025-53770). The Cyber Centre is aware of exploitation happening in Canada. https://lnkd.in/eXMDC-dU Unauthorised attackers are able to execute code over a network by deserializing untrusted data in on-premises SharePoint Servers. (SharePoint Online in Microsoft 365 is not impacted.) A patch is currently not available but Microsoft is working to release a security update. The Cyber Centre strongly recommends that organizations take the following mitigation steps: - Enable Antimalware Scan Interface (AMSI) integration in SharePoint Server. - Deploy Microsoft Defender Antivirus across all SharePoint servers. - Disconnect the server from the internet if AMSI cannot be enabled. - Deploy Defender for Endpoint to detect and block post-exploit activity. Follow the mitigation and detections from Microsoft and continually monitor for any released patches. In addition, we strongly recommend that organizations review and implement our Top 10 IT Security Actions: https://lnkd.in/dAHDgpTW Should activity matching the content of this alert be discovered, organizations are encouraged to report via the My Cyber Portal (https://lnkd.in/gTtc3W4D) or contact us directly by email (contact@cyber.gc.ca).

117

6 Comments

MITRE ATT&CK v18 lands today with a groundbreaking update to ATT&CK's threat detection taxonomy. This restructuring—announced during ATT&CKcon by MITRE ATT&CK defense lead Lex Crumpton—will help cybersecurity teams better connect the dots across adversary behaviors, enabling more effective and informed defenses. Read more on Inside Cybersecurity: https://spklr.io/6047BzpN3 #ATTACKcon #Cybersecurity #ThreatInformedDefense #MITREattack

327

6 Comments

🚨 CISA confirmed ACTIVE exploitation of new flaws in Dassault Systèmes’ DELMIA Apriso and XWiki. One lets any guest run code. Another gives full admin access. Hackers are already dropping crypto miners. Agencies have until Nov 18 to patch ↓ https://lnkd.in/ggSMxyiw

91

2 Comments

How the NVD funding near-miss exposed the risk of single-source intelligence. The cybersecurity world received an abrupt wake up call to the issue of using single-source vulnerability intelligence last week. This new blog analyzes the cracks exposed and how to prepare for a future when single-source intelligence is now a realistic business risk to organizations. Check out the details: https://bit.ly/3EiG88J #CVE #NVD #vulnerabilityintelligence

35

1 Comment

Kandji is announcing behavioral detections today, a powerful new capability in Kandji Endpoint Detection & Response (EDR) that analyzes process behaviors in real-time. This new approach layers over Kandji EDR’s existing static file analysis and checksum-based detections. By monitoring and analyzing the actual behavior of processes on endpoints, this new feature can identify potential threats—even if they’ve never been seen before. We are excited about this latest release, and will continue to develop new behavioral detection patterns as new threats emerge to help keep you and your users protected. More on behavioral detections here: https://lnkd.in/e7SRTyNs

85

💡 On Nexus, George V. Hulme explains why vulnerability scoring models such as CVSS 3.1 and CVSS 4.0 must evolve to include contextual information that helps network and systems analysts and security teams better prioritize remediation, mitigation, and patching processes. https://hubs.ly/Q03L0SZj0

27

🌟 Introducing AI-Powered Software Graph Visualization from Apiiro 🌟 Continuous, accurate threat modeling is now a reality Tired of looking at static diagrams and basing security decisions on outdated assumptions? Apiiro’s new Software Graph provides a real-time, interactive map of your application architecture, from code to runtime. https://lnkd.in/dh8a7xxT Automatically generated using Deep Code Analysis (DCA) and runtime context, the graph enables teams to: 🔍 Visualize relationships between APIs, services, data models, secrets, and dependencies 🚨 Identify critical risks like sensitive data exposure, internet-exposed APIs, and blast radius of vulnerable components ⚡ Get visual, context-rich answers to targeted security questions in seconds 📊 Prioritize and remediate based on actual business impact, not generic scoring Software Graph gives security teams a live, queryable risk model, fully integrated with your existing security workflows. Say goodbye to manual reviews and hello to real-time, risk-aware visibility. 👉 See it in action – Watch our demo video, and get a live demo tailored to your environment: https://lnkd.in/gDihbKTb #AppSec #ASPM #ThreatModeling #SoftwareArchitecture #Apiiro

52

1 Comment

While defenders rush to contain, adversaries are already moving on, using the noise as air cover for their next attack. Instead of reacting, defenders can turn this moment into an opportunity: - Hide exposed systems with Zero Trust Access - Close doors with intrusion prevention and WAFs - Detect behaviorally with AMSI and advanced endpoint protection - Automate risk reduction through segmentation and smart policy controls This is how defenders take back the advantage. Read about SharePoint vulnerabilities and more in the blog: https://cs.co/6042Axkgg

20

Half of defense contractors are still unprepared for CMMC 2.0. Our 2025 Data Security and Compliance Risk: Annual Survey Report reveals critical governance gaps across the defense industrial base: ✅ Only 56% have fully implemented end-to-end encryption ✅ Just over 50% maintain centralized governance processes ✅ 64% track AI content but only 17% have technical AI governance frameworks ✅ 46% lack visibility into third-party ecosystems creating direct compliance risks As our CISO and SVP of Operations, Frank Balonis, states, “Without proper governance controls in place, organizations cannot demonstrate the comprehensive CUI protection that CMMC requires.” 🔗 Read the full report to see the actions defense contractors must take to achieve CMMC readiness. https://hubs.ly/Q03Hr3dv0 #CMMC #Cybersecurity #DataGovernance #Kiteworks2025AnnualReport

115

19 Comments

Acronis Threat Research Unit's (TRU) Lead Security Researcher Santiago Pontiroli looks back at some of the biggest cybersecurity trends of 2024 and what to expect in 2025. Listen on ChannelBuzz.ca: https://lnkd.in/d6XB5ZYp

23

1 Comment

🧠 Looking to expand your DFIR toolkit? We’re sharing a hand-picked list of blogs and training resources recently highlighted by Dr. Ashar Neyaz—each one packed with practical tips, tools, and investigative insights for digital forensics professionals: 🔹 OneDrive evolution & schema updates https://lnkd.in/edcVqT-c 🔹 Portable forensics with Raspberry Pi https://lnkd.in/eHeAsuzN 🔹 Open-source intelligence tools https://lnkd.in/eGYRQb7P 🔹 Email and mobile forensics blog https://lnkd.in/eiu9uxHx 🔹 Incident response training https://lnkd.in/ekGNi9Ae 🔹 Belkasoft’s digital forensics training https://lnkd.in/ezVV3PSh 🔹 Memory forensics articles and research https://lnkd.in/emSnTK9s 🔹 Timeline analysis in memory forensics https://lnkd.in/epd3M-h3 Explore more on our blog: https://lnkd.in/eCbnniPT 💬 Got a favorite source or blog of your own? Share it in the comments—we’re always on the lookout for new resources to learn from. #DFIR #CyberSecurity #DigitalForensics

44

What happens when you pair the high-level guidance of NIST CSF with the real-world tactics of MITRE ATT&CK? You get a strategy that not only aligns to regulatory frameworks, but actively identifies, responds to, and mitigates OT threats in real time. In this new blog post, we break down how to layer these two models for a more resilient OT security posture, without overcomplicating your operations. Learn more here: https://rok.auto/45Bjeob #OTSecurity #IndustrialCybersecurity #NIST #MITREATTACK

53

2 Comments

The CVE Program — as we know it — just almost expired. MITRE’s contract to run the Common Vulnerabilities and Exposures (CVE) Program was to end April 16, 2025. That’s the system we all rely on to coordinate software vulnerability disclosures. No #CVE means no standardized alerts, no shared language for tracking threats, and a whole lot of chaos for defenders. Over 2,800 CVEs are issued monthly. Without continuity, threat actors get a head start — and defenders are stuck making up names like “That-One-Unpatched-Thing-In-The-Corner.” #CVE #Cybersecurity #OTSecurity #MITRE #CISA #MaxAI #CyberIn60Seconds #Resilience #mikeechols Leslie EcholsChuck BrooksChloe BurkeLes McCollum II, MPS-CRMCalvin Nobles, Ph.D.Danyetta Fleming Magana, CISSP, F. ISRMLaszlo Gonc, CISSP, QTESean C. Robert CraneLester Lewis, MBA#CISAntonio "T" ScurlockRoy White, MBA, PMPHoward TsaiTamika McCree ElhilaliJeffrey M. Vinson, Sr CISSP, CCISO, CIPP, NSA IAM-IEMGuy WaltonGotham ArtistsMatthew DimmickTim CooganJohn B MooreDeborah PageAdam Mohamed#aws #informationsharing #mikeechols

37

3 Comments

What separates high-fidelity detections from the noise?   In this roundtable, our Detection Engineers shared how a threat-informed, attacker-first mindset shapes the way Binary Defense builds, validates, and prioritizes detections.   Learn how we: Evolve alongside adversary tradecraft Define alerts vs detections Boost detection engineering efficiency with AI   Watch now to see how our Threat Informed Detection Engineering (TIDE) approach delivers clarity where it counts. https://lnkd.in/gCNpZMRE

16

Modern enterprises face complex challenges with distributed teams and remote work. Magnet Nexus makes it easier, faster, and more secure to collect forensic data from multiple endpoints, no matter where they are. Nexus offers multi-endpoint collection across #Windows, #macOS, and #Linux, providing cloud-based scalability and fast processing, ensuring efficient operations. Learn more about how Magnet Nexus can revolutionize your #DigitalInvestigations and how you can try it for free: https://ow.ly/EOtw50UL33G #DFIR #Cybersecurity

28

In the latest blog post from the Horizon3.ai Attack Team, they share IOCs for CVE-2025-2825, an authentication bypass affecting #CrushFTP. #NodeZero users: you can now run a Rapid Response test to see if you're exploitable! Learn more and start your free trial at https://lnkd.in/gJgcswqU. #pentesting #infosec

22