For the latest discoveries in cyber research for the week of 18th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Ukraine’s largest mobile operator, Kyivstar, was hit by …
Author: admin
Four new unauthenticated remotely exploitable security vulnerabilities discovered in the popular source code management platform Perforce Helix Core Server have been remediated after being responsibly disclosed by Microsoft. Perforce Server …
Microsoft Threat Intelligence presents cases of threat actors misusing OAuth applications as automation tools in financially motivated attacks. The post Threat actors misuse OAuth applications to automate financially driven attacks …
The Microsoft Incident Response team shares a downloadable, interactive, people-centric, guide to effective incident response. The post New Microsoft Incident Response team guide shares best practices for security teams and …
For the latest discoveries in cyber research for the week of 11th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The American Greater Richmond Transit Company (GRTC), which …
Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard, who has improved their detection evasion capabilities since 2022 …
In real-world customer engagements, Microsoft IR sees combinations of issues and misconfigurations that could lead to attacker access to customers’ Microsoft Entra ID tenants. Reducing risk and exposure of your …
Our fourth installation in the Cyberattack Series examines a smishing and social engineering attack and outlines the steps organizations can take to help minimize the risk and prepare for the …
For the latest discoveries in cyber research for the week of 4th December, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point Research provides highlights about Cyber Av3ngers …
For the latest discoveries in cyber research for the week of 27th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Nevada-based medical transcription company, Perry Johnson & Associates …
Microsoft has uncovered a supply chain attack by the threat actor Diamond Sleet (ZINC) involving a malicious variant of an application developed by CyberLink Corp. This malicious file is a …
By Dylan Duncan
A malware phishing campaign that began spreading DarkGate malware in September of this year has evolved to become one of the most advanced phishing campaigns active in …
Microsoft has observed ongoing activity from mobile banking trojan campaigns targeting users in India with social media messages and malicious applications designed to impersonate legitimate organizations and steal users’ information …
For the latest discoveries in cyber research for the week of 20th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Russia-affiliated military intelligence group SandWorm is reportedly responsible …
For the latest discoveries in cyber research for the week of 13th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES US unit of China’s largest bank, the Industrial …
In early 2023, Secureworks® Counter Threat Unit™ (CTU) researchers discovered how to manipulate the consenting process of a legitimate verified publisher application to implant malicious unverified applications within a Microsoft Entra ID (formerly known as Azure …
For the latest discoveries in cyber research for the week of 6th November, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Boeing has acknowledged that a cyber-attack had affected …
Microsoft Incident Response and PwC have announced a new global alliance to expand their joint Incident Response and Recovery capability. In this partnership, Microsoft IR will begin the initial containment …
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries. The post Octo …
By: Robert O’Callaghan
A method of communication that remains important in our modern world is that of the voice message. The PDC recently observed a phishing campaign where threat actors …
By: Nathaniel Raymond
In 2022, the Cofense Phishing Defense Center (PDC) detected phishing campaigns that used LinkedIn links called Smart Links or “slink” to bypass security email gateway or SEG …
Secureworks® Counter Threat Unit™ (CTU) analysis indicates that the GOLD MELODY threat group acts as an initial access broker (IAB) that sells access to compromised organizations for other cybercriminals to exploit. …
JPCERT/CC has confirmed that a new technique was used in an attack that occurred in July, which bypasses detection by embedding a malicious Word file into a PDF file. This …
Microsoft Incident Response is a global team comprised of cybersecurity experts with deep, highly specialized knowledge in breach detection, response, and recovery. The post How the Microsoft Incident Response team …
As attacks become more fileless and malware gets more obfuscated, it is getting more difficult to determine whether there is a malicious intent from a file by itself. For this …
At the end of May 2023, JPCERT/CC confirmed an attack targeting developers of cryptocurrency exchange businesses, and it is considered to be related to the targeted attack group DangerousPassword [1], …
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to …
WhiteSnake Stealer first appeared on hacking forums at the beginning of February 2022.
The stealer collects data from various browsers such as Firefox, Chrome, Chromium, Edge, Brave, Vivaldi, …
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment. The post Patch me if you can: …
Meduza Stealer … Yes, you read it right, I did not misspelled it, is a new stealer that appeared on Russian-speaking forums at the beginning of June 2023. …
Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response. The post Why a proactive detection and incident response plan is crucial …
It has been observed that ELF malware removes symbol information during its build. This creates extra work in malware analysis to identify each function name because you do not know …
JPCERT/CC has observed attacks on cryptocurrency exchanges believed to be related to DangerousPassword attack campaign (also known as CryptoMimic or SnatchCrypto) continuously since June 2019. For many years, attackers have …
Around February 2023, JPCERT/CC identified an attack that attempted to infect a crypto asset exchanger with the Parallax RAT malware. This attack attempted to infect employees of the crypto asset …
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions …
After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google’s efforts, the blockchain-enabled botnet could …
JPCERT/CC is continuously investigating the activities by Lazarus. In 2021, JPCERT/CC presented on its attack activities at CODE BLUE and HITCON.
https://github.com/JPCERTCC/Lazarus-research/
The YamaBot malware shared in the above research …
By Jake Longden, Cofense Phishing Defense Center
Microsoft Power BI, a popular data-visualization tool, is designed to help users wrangle their data in multiple and more human-friendly formats. As a …
By Adam Martin, Cofense Phishing Defense Center
Recently, the Phishing Defense Center (PDC) has observed a trend relative to a phishing tactic involving missed voicemail messages. As illustrated below in figure 1, the …
By Max Gannon
For what seems like years now, ransomware has captured headlines due to its sensationally disruptive and costly nature. And over these years, phishing has been used to …
By Tej Tulachan, Cofense Phishing Defense Center
The Cofense Phishing Defense Center (PDC) has intercepted a new phishing technique that uses information technology (IT) support-themed emails to get users to …
Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents on the victim’s device, archives them and passes them back …
The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of …
Start with open https://siteconfig.fivefilters.org/
Enter a URL to the article for which you’d like custom extraction rules applied.
Select a block which appears to contain only the article content (or …
Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian …
In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection …
Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies …
Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system, which allows attackers to download and execute any Python code on the user’s device. …
Attackers hacked into the website of Arbitration court of Chelyabinsk( a federal subject of Russia, on the border of Europe and Asia) and infected the server with a data encrypting …