Loginsoft Blogs
Dissecting “pypiele” – another malicious package hiding in the PyPI space
At Loginsoft, we acknowledge the emerging threats related to supply-chain security and their impact on businesses/organizations and the whole ecosystem. Since open-source package repositories like NPM, PyPi, Nuget, etc., are one of the most targeted ones in such...
Handling Multiline Log formats using Regex and GROK Parser
To effectively analyze logs from multiple products, security operations teams must first comprehend the diverse landscape of log types. We will provide an overview of common log types encountered, such as system logs, application logs, network logs, and security logs....
Loginsoft developed Datadog Cloud SIEM integration for a leading SOAR platform
Datadog is a monitoring and observability platform that helps organizations collect, analyze, and visualize infrastructure and application data. It provides a wide range of features, including: Logs: Datadog collects logs from your infrastructure and applications,...
Empowering CI/CD with Rego Policies
Rego is a policy language used by the Open Policy Agent (OPA), a powerful policy enforcement engine. By integrating Rego OPA with CI/CD pipelines, we can automate policy enforcement, improve code and configuration quality, ensure compliance and reduce the risk of...
Securing the Software Supply Chain with Open Policy Agent: Policies for Pull Requests and Beyond
In the world of supply chain management, it's crucial to ensure that code changes are adequately reviewed and tested before being integrated into the main codebase. Pull requests play a critical role in this process as they allow developers to review and ensure that...
Fortifying Cloud Security Posture Management with Open Policy Agent (OPA)
Ensuring cloud security is a top priority for businesses that use cloud infrastructure. Open Policy Agent (OPA) is a tool that helps achieve this goal by enforcing policies throughout cloud environments. OPA is an open-source policy engine that uses a declarative...
Security Products: Challenge, Accessibility, Approach to test
We are often asked by our clients to setup security firewalls and networking products in a lab environment using popular emulators like EVE-NG or GNS3 etc. It is always not easy to find ways to emulate different security network products, but we are able to find...
Discock Stealer – Another Polymorphic Malware like WASP Stealer
What is the package name: http5 When was it released: Jan 3, 2023 Which version we are talking about: 0.0.1 How many times it was downloaded in 30 days: 61 What the package says it to be: “A small example package” Where we started We first observed a package...
Threat Intelligence Connector for OpenCTI Cyber Threat Intelligence Platform
OpenCTI is an open source threat intelligence platform developed by Filigran in collaboration with French national cybersecurity agency (ANSSI), CERT-EU and Luatix. Organizations can manage threat intelligence knowledge and observables such as TTPs structuring data in...
Open Vulnerability Assessment Language (OVAL) in a Nutshell – Part 2
Introduction This blog post is in continuation to our previous post titled Open Vulnerability Assessment Language in a Nutshell. To further explain about the OVAL, let’s consider the latest CVE (CVE-2022–0540) for the Atlassian Jira Server product. This vulnerability...
Detecting Atlassian Confluence Exploitation – CVE-2022-26134
Context Background Atlassian has published a security advisory CVE-2022-26134 on June 2, for its Confluence Server and Data Center, regarding zero-day vulnerability. Several customer environments were being compromised with the unauthenticated activity and for which...
Cisco Umbrella Reporting Integration with Cortex XSOAR
Security teams are constantly flooded with alerts from multiple systems. Using the Cisco Umbrella Reporting API, security analysts can programmatically pull contextual threat intelligence from the Global Network into their Security Management, Incident, Orchestration...
Open Vulnerability Assessment Language (OVAL) in a Nutshell
Before diving into the OVAL, we shall quickly brief the project from where it has evolved. Overview of SCAP Security Content Automation Protocol (SCAP), a project from NIST is widely adopted by many software and hardware manufacturers as a sophisticated framework of...
Palo Alto Networks Cortex XSOAR Integration
The changing threat landscape in cybersecurity has highlighted the need for a platform that centralizes intelligence from various sources in order to perform an effective security operation and workflow. Cortex XSOAR combines both security orchestration and incident...
Is it time for leading Threat Intelligence Platforms to support custom objects such as Wallet IDs, Cryptocurrency address for Cryptocurrency Threat Intelligence providers?
The Financial Crimes Enforcement Network (FinCEN) has named “Cybercrime, including relevant cybersecurity and virtual currency considerations” a national priority. In June 2021, President Joe Biden issued a directive to federal agencies to prioritize efforts to...
Emerging Threats and Vulnerabilities in Cybersecurity
Loginsoft Research Team has been monitoring several exploits from the dedicated servers that were deployed globally for the purpose of threat discovery. The team analyzes and enriches this data to identify behavior, methods and intent of the Threat actors. The...
Fast Incident Response (FIR) Integration with Threat Intelligence Management Platform (IMP)
Organizations today face a critical Cyber Threat Landscape as more software and hardware systems are becoming vulnerable to cyberattacks. Loginsoft has developed an Integration that ingests Fast Incident Response (FIR) Incidents/Events into the Intelligence Management...
How can you speed up Incident Response on ServiceNow for Automated Enrichment of security incidents using Threat Intelligence ?
Today, most enterprise customers have a manual Swivel-Chair Enrichment processes where Level 1 or Level 2 incident handlers within the security operation center are Swivel-Chairing and logging into external systems. An example is to perform observable look up in...
IBM QRadar Use Cases
What should I build on IBM QRadar to effectively manage and investigate the alerts? The guide for Product Managers to explore Security Use Cases. In an age where cyber threats are widespread, it is important that organizations keep their data secure. The IBM QRadar...
Is Microsoft Azure Sentinel your next Implementation? Learn how Loginsoft integrated Sentinel with data source
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Built on the foundation of Azure Logic Apps, Azure Sentinel's automation and...
Threat Research Blogs
Ransomware Watch Q1 2023 Highlights
June 20, 2023
Over 800 organizations found themselves listed on ransomware sites lurking in the depths of the dark web..
Taming the Storm: Understanding and Mitigating the Consequences of CVE-2023-27350
May 23, 2023
The world of cybersecurity is constantly evolving, with new threats emerging every day. One of the latest threats to emerge is..
IcedID Malware: Traversing Through its Various Incarnations
May 02, 2023
IcedID, the notorious malware, is actively involved in several delivery campaigns, demonstrating versatility and adaptability.
Maximizing Threat Detections of Qakbot with Osquery
April 12, 2023
Initially, Qakbot spreads using malicious email attachments, drive-by-download attacks
Aurora: The Dark Dawn and its Menacing Effects
March 24, 2023
Aurora Stealer a non-friendly program in your neighborhood developed in Go-lang.