Summary: This content discusses how cyberespionage groups are using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal …
Tag: ACTIVE DIRECTORY
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
Tenable Identity Exposure allows you to secure your infrastructure by anticipating threats, detecting breaches, and responding to incidents and attacks. Using an intuitive dashboard to monitor your Active Directory in …
Summary: Semperis, a startup focused on Active Directory (AD) protection, has raised $125 million in funding to further develop its AD protection tools and expand its business.
Threat Actor: N/A…
Summary: This blog post discusses a malvertising campaign that tricks users into downloading malicious installers for popular software, which then drop a backdoor known as Oyster or Broomstick. The post …
⚠️This is only a small excerpt from the original report, which can be found in the corresponding section, the report has been created thanks to the collaboration of Josh Penny …
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev.
Executive SummaryRapid7 has observed a recent malvertising campaign that lures users …
Last updated at Tue, 18 Jun 2024 16:24:59 GMT
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev.
Executive SummaryRapid7 …
Summary: The Scattered Spider gang has shifted their focus to stealing data from software-as-a-service (SaaS) applications and creating new virtual machines for persistence.
Threat Actor: Scattered Spider | Scattered Spider …
UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of “0ktapus,” “Octo Tempest,” “Scatter Swine,” and “Scattered Spider,” and has been observed adapting its …
This blog is part of my Tracking Adversaries blog series, whereby I perform a summary analysis of a particular adversary that has caught my attention and made me feel like …
Threat Actor: Unknown | Unknown Victim: American Manufacturing Company | American Manufacturing Company Price: $25,000 (open to negotiation) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is allegedly…Windows operating systems maintain event logs that capture extensive information about the system, users, activities, and applications. These logs primarily help to inform administrators and users, categorized into five levels: …
In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed “Crimson …
Summary: Chinese state-aligned threat clusters collaborated to steal sensitive military and political secrets from a high-profile government organization in Southeast Asia.
Threat Actor: Chinese state-aligned threat clusters | Chinese state-aligned …
Summary: Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, urging developers to transition to more secure alternatives like Kerberos or Negotiation authentication.
Threat Actor: N/A
Victim: N/A…
Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) …
IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics
Targeted attacks Operation Triangulation: the final mysteryLast June, we published …
Update 31.05.2024: Added clarification on severity of the vulnerability, recommendations and mitigations. A Proof of Concept (POC) to exploit the vulnerability is now publicly available. CVSS score has been increased …
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile …
Summary: The BlackSuit ransomware gang has leaked stolen data from attacks against 53 organizations over the course of a year.
Threat Actor: BlackSuit ransomware gang | BlackSuit ransomware gang Victim: …
By Anna Bennett, Nicole Hoffman, Asheer Malhotra, Sean Taylor and Brandon White.
Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to…In the constantly changing landscape of cyber threats, ransomware groups adapt their tactics to outmaneuver defenses. Everest Ransomware recently attracted attention in May 2024 for its notable targets. Since its …
On February 22, 2025, the Critical Infrastructure and Security Agency (CISA) issued a #StopRansomware: ALPHV Blackcat ransomware alert. This alert builds upon earlier Federal Bureau of Investigation (FBI) work and …
Threat Actor: Hacker | hacker Victim: Organizations using SonicWALL SSL-VPN systems | SonicWALL SSL-VPN Price: $1000 Exfiltrated Data Type: User cookies, login credentials, passwords, domain information, details related to Active …
Summary: This content discusses the risks associated with authentication tokens and their importance in cybersecurity.
Threat Actor: N/A
Victim: N/A
Key Point :
Authentication tokens, also known as session tokens,…Summary: This article discusses the FIDO2 authentication method, its purpose, and how it protects against various attacks. It also explores the vulnerability of FIDO2 to man-in-the-middle attacks and provides mitigation …
This blog contains an excerpt of our new paper that unveils a previously unpublished multi-year operation using Domain Name System (DNS) queries, open DNS resolvers, and China’s Great Firewall. We …
This cyber security advisory is intended for IT professionals and managers within government and all sectors.
Effective DateThis publication takes effect on April 24, 2024
Revision History First…Threat Actor: Unknown | Unknown Victim: Italian Red Cross | Italian Red Cross Price: Not specified Exfiltrated Data Type: Internal source codes, databases, backups, and more
Additional Information:
The breach…On April 18, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory …
Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and …
As the digital landscape continues to evolve, the United States finds itself at the forefront of emerging cybersecurity challenges. With its critical infrastructure, extensive government networks, and vibrant economy, the …
In late 2023, BlackBerry analysts identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 identified employees at the …
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These …
Summary: Threat actors are exploiting a zero-day flaw in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on the firewall.
Threat Actor: Operation MidnightEclipse | Operation …
This video demonstrates a detailed hacking scenario where the presenter exploits Azure Managed Identities to gain unauthorized access to cloud resources. Here are the critical points covered in the video:…
Volexity would like to thank Palo Alto Networks for their partnership, cooperation, and rapid response to this critical issue. Their research can be found here.
On April 10, 2024, Volexity …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
This blog post discusses the IDAT Loader malware and its unique method of retrieving data from PNG files. It also explores the attack chain observed in two separate incidents involving …
Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies.
When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers …
This document will help and guide you to start your first threat hunting based on MITRE ATT&CK Tactics.
Reconnaissance Objective:Identify potential reconnaissance activity on the network
Description:Reconnaissance …
Windows Event Logs mindmap provides a simplified view of Windows Event logs and their capacities that enables defenders to enhance visibility for different purposes:
Log collection (eg: into a SIEM)…Cleartext credentials are commonly targeted in a penetration test and used to move laterally to other systems, obtain sensitive information, or even further elevate privileges. While this is a low …
This post is also available in: 日本語 (Japanese)
Executive SummaryThis article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 …
Experience Level required: Intermediate
In this report, we will analyze the CryptNet Ransomware, starting with deobfuscating the sample and proceeding through the ransomware’s techniques:
Obfuscated strings encrypted strings AES &…Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this …