1 Case / 1 Protection / 1 Threat / 1 KQL
Sergio Albea Case :UB2.C6 -Connect devices to charge stations via USB Protection :UB2.C6.P1 – Add USB condom, Use AC power outlets or External batteries Threat :UB2.C6.T1 Install Malware and/or steal device data…
2024
(UB3.C4.K1) How non-secure ISPs Aid Attackers in Evading Detection
UB3.C4.K1 – Users contract and use non-secure ISP The Internet Service Provider (ISP) our users choose plays a critical role in safeguarding our data and assets. While many people focus…
1 Case / 1 Protection/ 1 Threat / 1 KQL
Case :UB3.C4 -Users use different ISPsUB3.C4.K1 – Users contract and use non-secure ISP Protection: UB3.C4.K1.P1 – Monitor activities from non-secure ISP Threats: UB3.C4.K1.T1 -Sign-in attempts using non-secure ISP KQL: Rating…
(UB1.C5) – Email Sender Lists
Adding a malicious domain or sender to a safe sender list (whitelist) poses significant security risks. Users may mistakenly add these to the allowed list, believing that a legitimate email…
(UB1.C4) – Auto-Reply Messages
Configuring auto-reply messages (usually activated on vacation or absence period), while convenient, can expose users and organizations to several potential threats. Auto-reply messages can unintentionally provide too much information about…
1 Case / 2 KQL’s
Case :UB4.C2.K1 – Use plugins on websites KQL Query :Monitor device service tampering (UB2.C5 -Manage device services)Detect WordPress plugins from HTTP requests (UB4.C2.K1 – Use plugins on websites. )
1 Case / 1 KQL
Case :UB2.C6 -Connect to charge stations KQL Query : Detect Screenshots taken on devices (UB3.C3.T1 -Data leakage of sensitive or critical information)
(UB3) Monitoring Sign-In Attempts from Airport Networks
(UB3.C2.K1 – Sign-in attempts from anywhere) New Threat Detection: Monitoring Sign-In Attempts from Airport Networks As cyber threats continue to evolve, it is crucial to enhance our security posture to…
1 Case / 2 KQL’s
Case :UB6.C5 Authentication appsKQL Query : UB6.C4.K1 Users authenticate with SMSUB5.C2.T2 Plugins and add-ons added into software programs establishing connections or exchanging data to non-allowed countries
1-Case / 1-Protection / 1 -Threats /
Case :UB5.C3 Software configurationsUB5.C3.K1 – Users can add exclusionsProtection : UB5.C3.K1.P1 – Monitor/Restrict allowed exclusions actions Threat : UB5.C3.K1.T1 Users could add exceptions in antivirus, anitmalware or other threat monitoring…