Security Validation

VHR20240423 - April 23, 2024 The Mandiant Intelligence Validation Research Team (VRT) has published VHR20240423 - M-Trends 2024, a Security Content Pack focusing on M-Trends 2024. This content pack requires Director version 4.12.1.0-0 or higher. If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director (see The Mandiant Content Service 

The actors are simply a rebuild / reconnect.  PT is a rebuild / reconnect and reimport or the Protected Actor plus re-register of PA. Actors Windows Actors, macOS Actors, and installable Linux Actors can be upgraded to 4.14.0.0 through the standard upgrade procedures for Actors: upgrade the Director to 4.14.0.0, and then upgrade Actors through the Director web interface. See Update Security Validation Components for steps to upgrade your Actors. Appliance Actors on releases prior to 4.14.0.0 should be removed and replaced with equivalent 4.14.0.0 Actor Appliances. These replacement Actors can either be registered as a new Actor with the Director (and the pre-4.14.0.0 Actor removed from the Direct

VHR20240411 - April 11, 2024 The Mandiant Intelligence Validation Research Team (VRT) has published VHR20240411 - Content Expansion, a Security Content Pack focusing on CVE-2024-21893, CVE-2024-25153, Campaign 24-002, and Campaign 24-004. This content pack requires Director version 4.12.1.0-0 or higher. If you’ve enabled the Content Service, this content pack will automatically download and be applied to your Director. Otherwise, you can download the security content pack&nbsp

Just as a heads up - our current OVA’s will be replaced by Rocky Linux in our next release.   Centos 7 is slated to be end of life on June 30, 2024.  Please reach out here with questions.  

Hi everyone this is my first post here and first I want to say that I am happy to be here in the community. I have a personal device Samsung Galaxy s23 ultra 5g with Verizon as carrier and I have been trying to figure out what to do with this issue for too long and I have been troubleshooting and working with my limited access and knowledge of the android 14 OS and the situation is more difficult with the additional One UI 6.0 via Samsung. However, it is a problem with the actual process of using the keys for verification and login. The keys will assign to the accounts either with usb-C or NFC perfectly it seems without a noticeable error or notification or indication of assignment issues and the accounts will finalize everything and then they will never allow the keys to authenticate or verify when the time comes to login or secure the account. I have attempted to use them across the various accounts and platforms that offer fido2 security key authentication and use through an andr

This post is a continuation of Part 1 - Evaluating Security Stack Resilience against Attack use cases - a suggested framework. The following photos will show some of the use cases (or playbooks) that demonstrate how Mandiant Security Validation (MSV) can be utilized to assess and enhance the effectiveness of security controls within an organization.  Note: Unfortunately the full list cannot fit in the post and if you want to get it, please DM me.  Network  Security Stack Use cases    Endpoint Security Stack Use cases These use cases are structured around specific objectives, applicable

We are excited to announce the availability of Google Cloud Security Customer Success subscriptions.   Optimize your Google Cloud Security experience to achieve desired business outcomes together with a team of security experts. Choose the right success offering that best fits your organizational objectives and acquired security subscriptions. Standard: Offers digital and self-service resources, including onboarding, subscription walkthroughs, documentation, and access to knowledge base with product trainings. Expert: Offers a designated Customer Success Manager and Technical Solutions Consultants, providing customized success plans, and strategic guidance. Expert+

The suggest Security Assessment Framework outlined here provides a structured approach to evaluate the resilience of a security stack against various specified attack use cases, such as malware delivery, command and control (CnC) communication, and lateral movement within a network. Each scenario is described with detailed prerequisites, including network configurations and specific technologies involved like NGFW (Next-Generation Firewall), Network Sandbox, SIEM (Security Information and Event Management), and others. The framework focuses on actions within different network environments (e.g., Desktop LAN and later Cloud can be added). It categorizes actions and suggests tags for easier selections of actions. This framework can be an approach to help MSV customers maximizing the utility and effectiveness of Mandiant Security Validation in their security environments. In Part 1 , I will outline the MSV evaluation process and in Part 2 , I will post some of the use cas

I don't know enough to even know where I should post this. I recently opened my google drive. My Name is Aaron. When I clicked on the search bar to look through my drive I saw what appeared to be a user by the name of Brian Hinginns with an unknown file type. I have screen shots. Somebody please help me figure this out. 

Hi everyone,I'm looking for a way to create a custom report that counts the number of prevented or detected actions grouped by Security Technologies.Using the Data Table widget it's not possible to group by Security Technology.An alternative is to create a Single Stat widget for every Security Technology, but it's not very smart in my opinion.Any other ideas?Thank youPaolo

كيف ازيد من الحمايه للسحابه بخلاف جدار الحمايه والتحقيق بخطوتين؟

 We have a webinar, Living on the Edge: Investigating Ivanti Connect Secure VPN Zero-Day Exploits coming up this Thursday January 18, 2024. It is a free webinar. Click here to sign up. 

  Dear Gmail Support Team,   I hope this email finds you well. I am writing to report a severe security breach regarding my Gmail account, <PII Removed by Staff> which occurred on the 7th of December. It has come to my attention that an unauthorized individual has gained access to my account and has maliciously altered the associated phone number and recovery email address. Moreover, this hacker has exploited my personal information to withdraw funds from my bank account, resulting in significant financial loss. Additionally, they have erased all data from my phone, further complicating the situation.   I have exhausted all available methods to regain control of my account but have been unsuccessful thus far. I have followed the recovery steps provided by Gmail's Account Recovery process, but the hacker has preempted my attempts by changing the recovery information. I kindly request your immediate assistance in rec

Are there plans to support the running of the network actor in dockers?

I'm having an issue with "file_transfer definition size too large" when having only one group of Malicious File Transfer action(125 actions).I tried with 70 MFT actions and still have the same issue. When breaking down to 10 actions each group, it worked properly.I would like to know what is the precise limit of file size transfer limit and is there a way to expand the limit?