top of page

CYBERSIFT Changelog 11.23

Updated: Nov 30, 2023

As we dive into December, here are the top Cyber news of November 2023. but first,

The Cybersift team has been working hard all November to keep your digital assets safe!

In our ongoing commitment to providing top-tier cybersecurity solutions, we are thrilled to announce several key updates and improvements to the Cerebrum Threat Intelligence Feeds in the November 2023 release. These enhancements are designed to bolster your defense mechanisms and fortify your digital infrastructure against evolving cyber threats.

Key Improvements:

1. Tuning of Office 365 Rules:
“First Seen Sharepoint URL …” Rule
“First Seen User …” Rule

Our team has fine-tuned these Office 365 rules to optimize threat detection capabilities, ensuring a more precise and efficient response to potential security incidents.

2. Tuning of Windows Rules:
“Abnormal File Share …” Rule

Enhancements to this rule aim to provide better insights into potential abnormalities in file sharing activities, allowing for quicker identification and response to suspicious behavior.

3. Tuning and Improvements to Windows Kerbroasting Detection Rules:
We have refined the Windows Kerbroasting detection rules to enhance the accuracy of identifying and mitigating threats related to Kerberoasting attacks.

4. Bugfix:
“Activity from Disabled User” Windows Check

A bug affecting the "Activity from Disabled User" Windows check has been successfully addressed, ensuring the reliability of this crucial security measure.

5. Syslog Logs Enhancement:
Added port_of_interest field

To accommodate variations in syslog logs from different firewall vendors, we have introduced the "port_of_interest" field, particularly beneficial for scenarios where SourcePort and DestinationPort are switched.

6. Network Machine Learning Models:
Our latest update includes improvements to the Network Machine Learning Models, reinforcing your defense mechanisms with cutting-edge technology.

Added Windows “Aggregator Models”

These models issue alerts when a user triggers an unusual number of alerts in quick succession. This enhancement aids in triaging alerts, providing a more accurate and actionable assessment of potential security incidents.

At Cybersift, we understand the ever-evolving nature of cyber threats, and our commitment to continuous improvement reflects our dedication to your organization's security. We encourage you to explore these updates and leverage the enhanced capabilities of Cerebrum Threat Intelligence Feeds to strengthen your defense against cyber threats.

& so ... In November 2023, these were the top Cybersecurity news from around the globe:
• 2.2 million people impacted by McLaren Health Care data breach

• Toyota Financial Services systems forced offline by cyber attack

• Data breach at US nuclear energy firm exposes sensitive employee information

• BlackCat/APLHV ransomware gang reports victim’s “undisclosed” data breach

• Canadian Government data exposed by contractor cyber attack

• LockBit ransomware affiliates actively exploit Citrix Bleed vulnerability

• General Electric investigates claims of cyber attack and data theft


bottom of page