Art Appraisal Blog

This is a detailed report on the OKTA Lapsus$ hack in January 2022, which has shaken the cyber security community. Continue to read till the end if you want to know how Lapsus$ hackers breached OKTA Networks and its customers, and how the companies responded to the hack along with the timeline of the breach. What is OKTA? Okta is one of the top identity and authentication platforms that provide...

What is Cyber Threat Hunting in Cyber Security? Threat hunting is resource-intensive proactive cyber defense activity with a deep understanding of cyber threats and the tactics, techniques, and procedures (TTP). It is a process to proactively and iteratively detect and isolate threats by searching through networks, endpoints, and datasets for any advanced threats or risky activities that evade existing security solutions of criminal adversaries. Security analysts utilize cyber threat hunting...

What is Cyber Security Visibility, and Why is it Important? Cybersecurity visibility refers to seeing all aspects of an organization’s digital footprint, vulnerabilities, and risks. In addition to the ability to view security controls, security visibility includes areas of vulnerability created by implementing inadequate controls. Cyber security visibility also helps improve cybersecurity performance by recognizing potential threat vectors and ensuring the proper security toolset. Getting the right level of visibility...

What is Computer Forensics? Technological advances have increased the amount of privacy and security concerns in cyberspace. Throughout the past few decades, the role of computers and portable media devices, such as laptops, cellphones, and other devices, in criminal activity has increased significantly. As a result, these devices frequently contain crucial evidence such as user information, logs, location information, emails, images, audio, video recordings, etc., to identify the root cause...

What is an APT? An Advanced Persistent Threat (APT) is a sophisticated cyber threat where an attacker tries to intrude on a target network stealthily and maintain long-term access to the infrastructure inside the target network, exfiltrating crucial information. The main goals of APTs are espionage, hacktivism, financial gains, or destruction. In this blog, you will understand the life cycle of an APT, how APT works, and some examples of...

What is an MDR? MDR stands for Managed Detection and Response. It is a cyber security service offering outsourced to organizations for providing services like 24/7 security monitoring, forensic investigations, threat detection, and incident response. Gartner states that “MDR services provide remotely-delivered modern security operations center capabilities focused on quickly detecting, investigating and actively mitigating incidents.” MDR is a combination of human expertise, threat intelligence feeds, and technology resources to...

What is an EDR? In the cyber security realm, EDR stands for Endpoint Detection and Response. It is also referred to as Endpoint Detection and Threat Response (EDTR) or Endpoint Threat Detection and Response (ETDR). It is one of the types of host security solutions aimed to secure endpoints and workstations in any organization. EDR solution continuously monitors the endpoint machines to detect suspicious or malicious behavior and is considered...

What is Blue Teaming? Blue teams are responsible for assessing organizational security posture and defending the company from cyber threats. They are considered the watchdogs of the organization. Blue Teaming is an activity that involves a blue team and red team where the blue team aims to defend and thwart red team attacks as the red team in an organization plays the role of an attacker by identifying security gaps...

What is Purple Team in Cyber Security? A Purple Teams are a group of cybersecurity experts that take on the roles of both a Blue Team and Red Team to deliver a more tailored, realistic security assessment to the organization being tested.  The purple teaming strategy involves red and blue teams collaborating closely to maximize cyber capabilities through continuous feedback and knowledge transfer. Purple team exercises combine defense and offense,...

Summary A zero-day vulnerability known as Follina (CVE-2022-30190) was identified where it is a Remote Code Execution (RCE) vulnerability found in the Microsoft Windows Support Diagnostic Tool (MSDT). The Chinese government-affiliated TA413 CN APT group was found exploiting this vulnerability since it was discovered, and initial attacks have been observed in the Philippines, Nepal, and India. This MSDT tool is typically used as a troubleshooting wizard (collecting and submitting system information...