Date Reported: 2024-04-13 Country: USA Victim: DISB | Department of Insurance, Securities and Banking | tylertech.com Additional Information:
The Washington D.C. government agency, DISB, has confirmed that stolen and leaked data by the ransomware group LockBit originated from a third-party technology provider, Tyler Technologies. Tyler Technologies experienced a data breach affecting the cloud storage of client data for DISB’s STAR system.…Tag: CLOUD
Content :
Introduction to SOCWhat is a Use Case in SOC?Use Case Life CycleUse Case ManagementChallenges in Use Case ManagementBest PracticesIntroduction to SOC (Security Operation Center)A Security Operation Center (SOC) is a centralized unit within an organization dedicated to continuously monitoring, detecting, analyzing, and responding to cybersecurity incidents.…
Summary: This article discusses the rise of infostealer malware attacks and how cybercriminals are turning credential stealing into a profitable business. It highlights the increasing value of corporate credentials in the cybercrime market and the impact of these attacks on victims, particularly in the Asia-Pacific and Latin America regions.…
Introduction
Read More While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console sessions differ profoundly across cloud providers in ways that obfuscate the original actions taken by the user.…
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your organization’s environment.
This involves observing both attacker behaviors (e.g., evidence of lateral movement, privilege escalation attempts, anomalous user activity) and indicators (e.g.,…
Summary: Cheap ransomware is being sold on dark web forums, allowing inexperienced individuals to enter the world of cybercrime without the need for affiliates, posing a challenge for defenders.
Threat Actor: Inexperienced freelancers selling cheap ransomware on dark web forums.
Victim: Small companies and individuals who are unlikely to have the resources to defend themselves effectively.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Overview
Read More Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS does not strictly filter user input, unauthenticated attackers can construct special packets to execute arbitrary code on the firewall with root privileges.…
On 15 April 2024, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum identified a vulnerable implementation of DSA for certain elliptic curve configurations in the 0.68 – 0.80 versions of PuTTY SSH libraries. This vulnerability has been assigned CVE-2024-31497.
In this blog, you’ll find:
A list of potentially vulnerable software identified by the Stairwell platform and not mentioned in the NIST advisory Known vulnerable hashes A YARA rule created by Stairwell to aid in the detection of vulnerable binaries A brief overview of this supply chain vulnerabilityAs with the recent xz backdoor, a threat report with the known hashes and a YARA rule has already been added to the Stairwell platform to aid users in detection — enabling them to quickly find software supply chain vulnerabilities and software packages like these across their entire environment or have evidence of their absence.…
Since its discovery in early 2023, Akira ransomware has evolved from a seemingly ordinary addition to the ransomware landscape to a significant threat affecting a wide range of businesses and critical infrastructure entities. This evolution, coupled with its unique aesthetic on its leak site and communications, has drawn attention to its operations.…
Summary: This blog post discusses a threat actor that used malvertising and DNS tunneling to distribute a backdoor named “MadMxShell” to target IT professionals in the IT security and network administration roles. The post provides details on the attack chain, technical analysis of the backdoor, infrastructure details, observed commands, indicators of compromise (IOCs), and coverage by Zscaler’s security platform.…
Summary: Armis has acquired Silk Security, a security prioritization and remediation vendor, to enhance its ability to address vulnerabilities and misconfigurations with AI and automation.
Threat Actor: N/A
Victim: N/A
Key Point :
Armis’ acquisition of Silk Security will help organizations respond to security threats by integrating and managing vast amounts of security data, prioritizing remediation effectively, and automating ticketing processes.…Summary: Hackers who appear to be Chinese are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software, according to Microsoft.
Threat Actor: Chinese hackers | Chinese hackers Victim: OpenMetadata platform running on Kubernetes clusters | OpenMetadata platform
Key Point :
Hackers are exploiting vulnerabilities in the OpenMetadata platform running on Kubernetes clusters to download cryptomining software.…Summary: The U.S. food and agriculture sector experienced 167 ransomware attacks in 2023, making it the seventh most targeted sector in the country. The industry continues to face cyber threats, with 40 attacks reported in the first quarter of 2024.
Threat Actor: Ransomware gangs such as LockBit, BlackCat, Play, 8Base, and Akira have targeted the food and agriculture sector.…
Date Reported: 2024-03-11 Country: Honduras (HND) Victim: Instituto Hondureño del Transporte Terrestre (IHTT) | Honduran Institute of Land Transportation | transporte.gob.hn Additional Information:
The President of the Honduran Institute of Land Transportation (IHTT), Rafael Barahona, has announced that the institution fell victim to a cyberattack over a month ago.…
During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the presence of the malicious code is due to the activity of a rare multi-module virus that’s delivered via the .NET…
Read More Summary: Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber ransomware, taking advantage of a critical security vulnerability in Atlassian Confluence. Financially motivated cybercrime groups have been observed using this attack method to compromise systems and encrypt files.
Threat Actor: Unknown | Atlassian Victim: Atlassian Confluence Data Center and Server | Atlassian Confluence
Key Point :
Threat actors are exploiting a critical security vulnerability (CVE-2023-22518) in Atlassian Confluence to reset Confluence and create an administrator account, allowing them to take over affected systems and deploy the Cerber Linux ransomware.…Summary: Two individuals have been arrested in Australia and the U.S. for their involvement in the development and distribution of a remote access trojan called Hive RAT. The malware allowed the attackers to gain control over victim computers and access their private communications and login credentials.…
Victim: City of St. Cloud, Florida Country : United States of America – Exfiltrated data: yes – Encrypted data: yes Actor: hunters Source: https://hunters55rdxciehoqzwv7vgyv6nt37tbwax2reroyzxhou7my5ejyid.onion/companies/1646187227 Discovered: 2024-04-16 13:55:13.249920 Description:
Country: United States of America Exfiltrated data: yes Encrypted data: yesdata exfiltration, data encryption, United States of America…
Summary
Read More Netskope Threat Labs recently analyzed a new ransomware strain named Evil Ant. Evil Ant ransomware is a Python-based malware compiled using PyInstaller that looks to encrypt all files stored on the victim’s personal folders and external drives. This ransomware strain requires process continuity from encryption until file recovery.…