Date Reported: 2024-04-13 Country: USA Victim: DISB | Department of Insurance, Securities and Banking | tylertech.com Additional Information:

The Washington D.C. government agency, DISB, has confirmed that stolen and leaked data by the ransomware group LockBit originated from a third-party technology provider, Tyler Technologies. Tyler Technologies experienced a data breach affecting the cloud storage of client data for DISB’s STAR system.…
Read More

Content :

Introduction to SOCWhat is a Use Case in SOC?Use Case Life CycleUse Case ManagementChallenges in Use Case ManagementBest PracticesIntroduction to SOC (Security Operation Center)

A Security Operation Center (SOC) is a centralized unit within an organization dedicated to continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents.…

Read More
Introduction

While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console sessions differ profoundly across cloud providers in ways that obfuscate the original actions taken by the user.…

Read More

At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your organization’s environment.

This involves observing both attacker behaviors (e.g., evidence of lateral movement, privilege escalation attempts, anomalous user activity) and indicators (e.g.,…

Read More

Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders.

Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums.

Victim: Small companies and individuals who are unlikely to have the resources to defend themselves effectively.…

Read More
SUMMARY

Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…

Read More
Overview

Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges.…

Read More

On 15 April 2024, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum identified a vulnerable implementation of DSA for certain elliptic curve configurations in the 0.68 – 0.80 versions of PuTTY SSH libraries. This vulnerability has been assigned CVE-2024-31497.

In this blog, you’ll find:

A list of potentially vulnerable software identified by the Stairwell platform and not mentioned in the NIST advisory Known vulnerable hashes A YARA rule created by Stairwell to aid in the detection of vulnerable binaries A brief overview of this supply chain vulnerability

As with the recent xz backdoor, a threat report with the known hashes and a YARA rule has already been added to the Stairwell platform to aid users in detection — enabling them to quickly find software supply chain vulnerabilities and software packages like these across their entire environment or have evidence of their absence.…

Read More

Summary: This blog post discusses a threat actor that used malvertising and DNS tunneling to distribute a backdoor named “MadMxShell” to target IT professionals in the IT security and network administration roles. The post provides details on the attack chain, technical analysis of the backdoor, infrastructure details, observed commands, indicators of compromise (IOCs), and coverage by Zscaler’s security platform.…

Read More

Summary: Armis has acquired Silk Security, a security prioritization and remediation vendor, to enhance its ability to address vulnerabilities and misconfigurations with AI and automation.

Threat Actor: N/A

Victim: N/A

Key Point :

Armis’ acquisition of Silk Security will help organizations respond to security threats by integrating and managing vast amounts of security data, prioritizing remediation effectively, and automating ticketing processes.…
Read More

Summary: Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software, according to Microsoft.

Threat Actor: Chinese hackers | Chinese hackers Victim: OpenMetadata platform running on Kubernetes clusters | OpenMetadata platform

Key Point :

Hackers are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software.…
Read More

Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024.

Threat Actor: Ransomware gangs such as LockBit, BlackCat, Play, 8Base, and Akira have targeted the food and agriculture sector.…

Read More

Date Reported: 2024-03-11 Country: Honduras (HND) Victim: Instituto Hondureño del Transporte Terrestre (IHTT) | Honduran Institute of Land Transportation | transporte.gob.hn Additional Information:

The President of the Honduran Institute of Land Transportation (IHTT), Rafael Barahona, has announced that the institution fell victim to a cyberattack over a month ago.…
Read More
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the presence of the malicious code is due to the activity of a rare multi-module virus that’s delivered via the .NET…
Read More

Summary: Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber ransomware, taking advantage of a critical security vulnerability in Atlassian Confluence. Financially motivated cybercrime groups have been observed using this attack method to compromise systems and encrypt files.

Threat Actor: Unknown | Atlassian Victim: Atlassian Confluence Data Center and Server | Atlassian Confluence

Key Point :

Threat actors are exploiting a critical security vulnerability (CVE-2023-22518) in Atlassian Confluence to reset Confluence and create an administrator account, allowing them to take over affected systems and deploy the Cerber Linux ransomware.…
Read More

Victim: City of St. Cloud, Florida Country : United States of America – Exfiltrated data: yes – Encrypted data: yes Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/1646187227 Discovered: 2024-04-16 13:55:13.249920 Description:

Country: United States of America Exfiltrated data: yes Encrypted data: yes

data exfiltration, data encryption, United States of America…

Read More