Art Appraisal Blog

What is Blue Teaming? Blue teams are responsible for assessing organizational security posture and defending the company from cyber threats. They are considered the watchdogs of the organization. Blue Teaming is an activity that involves a blue team and red team where the blue team aims to defend and thwart red team attacks as the red team in an organization plays the role of an attacker by identifying security gaps...

What is Purple Team in Cyber Security? A Purple Teams are a group of cybersecurity experts that take on the roles of both a Blue Team and Red Team to deliver a more tailored, realistic security assessment to the organization being tested.  The purple teaming strategy involves red and blue teams collaborating closely to maximize cyber capabilities through continuous feedback and knowledge transfer. Purple team exercises combine defense and offense,...

Summary A zero-day vulnerability known as Follina (CVE-2022-30190) was identified where it is a Remote Code Execution (RCE) vulnerability found in the Microsoft Windows Support Diagnostic Tool (MSDT). The Chinese government-affiliated TA413 CN APT group was found exploiting this vulnerability since it was discovered, and initial attacks have been observed in the Philippines, Nepal, and India. This MSDT tool is typically used as a troubleshooting wizard (collecting and submitting system information...

Summary: WannaCry is a ransomware worm that exploits SMB V1 vulnerability (CVE-2017-0144) and caused a worldwide cyberattack by encrypting data and demanding ransom payments in Bitcoins from computers running Microsoft Windows. In May 2017, WannaCry made headlines when it infected the National Health Service (NHS) and other organizations across the globe, including government institutions in China, Russia, the United States, and most of Europe. The WannaCry worm has been referred...

Summary: As an upgrade to LockBit, LockBit 2.0 first appeared in June 2021 as a ransomware service (RaaS). In the third quarter of the calendar year 2021, the LockBit 2.0 RaaS became particularly prolific, attracting affiliates via recruitment campaigns in underground forums. The LockBit 2.0 operators claimed that their encryption software was the fastest of any active ransomware strain as of June 2021, stating that this increased its effectiveness and...

What is a Red Team in Cyber Security? The term “Red Team” derives from the military practice of using war games to challenge operational plans by testing how defenses perform when faced with a brilliant adversary. A “Red Team” refers to an enemy team that has to overcome the defenses of the “Blue Team,” the home team. Red teams in cybersecurity play the role of attackers in this simulation; they...

What is Security Operations Center? A Security Operations Center (SOC) is a team of cybersecurity specialists who monitor and analyze an organization’s security while responding to possible breaches. This team is responsible for scanning all security systems in real time. First-line defense systems continuously protect an organization’s security infrastructure against potential cyber-attacks. The SOC team protects the organization by monitoring, detecting, analyzing, and investigating cyber threats. Cyber security incidents are...

Summary: During the SolarWinds hack (CVE-2020-10148), thousands of organizations, including the U.S. government, were affected, not only because a single company was breached but because it triggered a broader supply chain incident. There was a supply chain breach involving the SolarWinds Orion system, commonly called the SolarWinds hack. The Orion network management system is used by more than 30,000 public and private organizations, including local, state, and federal government agencies....

What is Fileless Malware? The phrase “fileless malware” refers to a type of malware that does not require a file to be used to execute the code; instead, it leverages the resources already present on the file system of the endpoint. It is typically injected into some running process and executes only in RAM. Since there are no files to scan and the footprint is small, traditional antivirus software has...

What is MedusaLocker Ransomware? MedusaLocker is a RaaS (Ransomware as a Service) variant that was first discovered in 2019 and has taken over the world. To increase the effectiveness of the encryption, MedusaLocker ransomware removes volume shadow copies and disables system services to encrypt data using AES-256 encryption. The MedusaLocker ransomware is typical ransomware that encrypts its victim’s data and demands ransom for the decryption key. The MedusaLocker malware threat...