The new feature of SEKOIA.IO for the month of july

SEKOIA.IO XDR, the eXtended Detection and Response SaaS platform aims to be as close as possible to the users of the platform, meeting their needs in a precise way, while taking into account their approach and user experience.
In this dynamic, the platform continues to reinvent itself and evolve by regularly integrating new features while improving existing features.

30 new detection rules added to the catalog!

Since the previous month, 30 new rules verified by our analysts have been added to the SEKOIA.IO XDR rules catalog. To protect you against the TOP 10 most exploded vulnerabilities of the last two years, we strongly recommend you to activate the following rules:

• CVE-2018-13379 (Fortinet FortiOS)
• CVE-2019-2725 (Oracle WebLogic Server)
• CVE-2019-11510 (Pulse Secure Pulse Connect Secure (PCS))
• CVE-2020-0688 (Microsoft Exchange Server)
• CVE 2018-11776 (Apache Struts 2)

These vulnerabilities are exploited ahead of ransomware attacks but also cyber spying attacks to gain initial access into their victims’ information systems.

Cyber Threat Intelligence

New intelligence source: Hatching Triage ?

Our CTI database includes a new source of technical intelligence with the integration of the European sandbox Hatching Triage. This new source will reinforce our coverage of the most active malware of the moment such as Cobalt Strike, Agent tesla, LokiBot or IcedID. It provides our CTI database with IPs / domain names of Command & Control (C2) and hashes of about twenty malware. A blogpost will very soon give details of this new integration with our partner Hatching Triage, stay tuned!

Tracking of Chinese APT groups

In June, we strengthened our monitoring of C2 malware infrastructures like ShadowPad used by several threat actors attributed to China like APT41 or Winnti Group.

What’s new in the User Center ?

The invitations ✉️

The change of the invitation process makes it easier to :

• Assigning multiple roles to users: Different roles can be assigned at the same time when sending the invitation.
• Adding a user known to SEKOIA.IO: You can add existing users in other communities directly to a new one without going through the email invitation and authentication process.

Your community on SEKOIA.IO

The new “Your community” page now allows you to see with a single click:

• The date of the first log-in for all community members.
• The activation of the double authentication factor for all community members.

On our blog, you can read also:

• Hatching Triage to enhance SEKOIA.IO Cyber Threat Intelligence
• What is cyber ​​threat intelligence (CTI)?
• Walking on APT31 infrastructure footprints
• Playbooks, YARA rules, IoCs… explanation about the news
• Calisto show interests into entities involved in Ukraine war support
• The DPRK delicate sound of cyber
• Command & Control infrastructures tracked by SEKOIA.IO in 2022
• SEKOIA.IO Ransomware Threat Landscape – second-half 2022

Mahamadou Cisse

I decided after a stint in print, radio and TV as a journalist, to specialize in web marketing more specifically in the development of marketing content strategies.