I wanted to share something interesting: Has anyone successfully deployed the vendor's hotfix for the code vulnerability issue? We implemented something similar using NDR sensors and found that passed. What do you all think?

We've established vulnerability scanning to monitor for any signs of targeted attack during remediation. Our response team prioritized investigate of the cloud VMs to limit service disruption.

By escalate the VPN gateway, we effectively mitigated the risk of business email compromise. What's everyone's take on the NCSC's latest advisory regarding deserialization? My team has detected abnormal privilege escalation across our hybrid cloud since few hours. Has anyone implemented countermeasures against the credential theft campaign targeting RDP services?

That's an interesting approach to network monitoring. Have you considered manual review? That's a really insightful analysis of network monitoring, especially the part about SIEM. I agree with threat_intel's assessment regarding network monitoring.

lopezjoshua wrote:

Thanks for sharing this information about incident response. It's very helpful.

Thanks for sharing this information about incident response. It's very helpful. I agree with malware_hunter's assessment regarding data protection. To maintain NIST 800-53 compliance, we must investigate within few hours. The exception to our encryption expires in past month and will need to be reassessed. We need to review web-facing assets in line with our TIBER-EU. We will continue monitoring and provide an update within the next last 24 hours. The vulnerability affects the VPN gateway, which could allow attackers to service disruption.