Summary: Mandiant’s “M-Trends 2024 Special Report” reveals that attacker dwell time has decreased, indicating improvements in defensive capabilities, while ransomware attacks and zero-day vulnerabilities continue to pose threats to organizations.

Threat Actor: Various threat actors involved in ransomware attacks and exploitation of zero-day vulnerabilities.

Victim: Organizations targeted by ransomware attacks and zero-day exploits.…

Read More

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as GooseEgg, to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions.…

Read More

Threat Actor: Chinese keyboard apps | Chinese keyboard apps Victim: Users of Baidu, Tencent, iFlytek, Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi | users of Chinese keyboard apps Price: Not specified Exfiltrated Data Type: Keystrokes

Additional Information:

Massive Impact: Up to a billion users could be affected by the security flaws in Chinese keyboard apps from Baidu, Tencent, iFlytek, and popular phone brands used across China (Honor, Huawei, OPPO, Vivo, Samsung, Xiaomi).…
Read More

Summary: Scammers are using a sophisticated tactic to steal Toncoins from Telegram users by enticing them with promises of an “exclusive earning program” and directing them to join an unofficial Telegram bot.

Threat Actor: Scammers | scammers Victim: Telegram users | Telegram users

Key Point:

Scammers are attracting Telegram users through a referral system and directing them to join an unofficial Telegram bot.…
Read More

Summary: Cloud Console Cartographer is an open-source tool that helps security practitioners understand console behavior in their environment by mapping noisy log activity into consolidated events.

Threat Actor: N/A

Victim: N/A

Key Point :

Cloud Console Cartographer is designed to cut through the noise generated in logs by console sessions, providing security professionals with a clear understanding of user activity in the console UI.…
Read More
Key PointsAvast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat actor with possible ties to Kimsuky Two different types of backdoors have been discovered, targeting large corporate networks The final payload distributed by GuptiMiner was also XMRigIntroduction

We’ve been tracking a curious one here.…

Read More

Summary: The majority of companies have experienced cyberattacks that were not fully covered by their cyber insurance policies, leaving significant gaps in coverage and resulting in uncovered losses.

Threat Actor: N/A

Victim: Companies

Key Point :

4 out of 5 companies have suffered a cyberattack that was not fully covered by their cyber insurance policy, leaving significant gaps in coverage.…
Read More

Summary: Researchers at SafeBreach discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files, even after both vendors claim to have patched the problem.

Threat Actor: N/A

Victim: Microsoft and Kaspersky

Key Point:

Researchers found that Microsoft Defender and Kaspersky’s Endpoint Detection and Response (EDR) can be manipulated to detect false positive indicators of malicious files and delete them.…
Read More

Organizations are increasingly turning to cloud computing for IT agility, resilience and scalability. Amazon Web Services (AWS) stands at the forefront of this digital transformation, offering a robust, flexible and cost-effective platform that helps businesses drive growth and innovation. 

However, as organizations migrate to the cloud, they face a complex and growing threat landscape of sophisticated and cloud-conscious threat actors.…

Read More

Summary: Richard Horne has been announced as the next CEO of Britain’s National Cyber Security Centre (NCSC), becoming the agency’s third permanent chief executive and the first person with formal academic training in cybersecurity to lead the NCSC.

Threat Actor: N/A Victim: N/A

Key Point:

Richard Horne, with a PhD in mathematics and cryptography, will become the next CEO of Britain’s NCSC, bringing his experience from PwC UK’s cybersecurity practice and Barclays Bank.…
Read More

Summary: Hackers are targeting messaging apps used by the Ukrainian armed forces in an attempt to plant data-stealing malware, according to a report from CERT-UA.

Threat Actor: UAC-0184 | UAC-0184 Victim: Ukrainian armed forces | Ukrainian armed forces

Key Point :

Hackers identified as UAC-0184 are targeting Ukrainian armed forces’ messaging apps with data-stealing malware.…
Read More

Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.

Threat Actor: Unknown threat actor | Unknown threat actor Victim: E-ZPass customers and users of road toll collection services

Key Point :

Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.…
Read More

Curated bookmark list categorized by area and event monitoring, person of interest search, corporate profiling, mapping, AI, intelligence analysis, reporting tools, collective tools, cryptocurrency, country specific, verification and fact-checking.

They are broken down into appropriate categories such as:

area and event monitoringperson of interest searchcorporate profilingmappingartificial intelligenceintelligence analysisreporting toolscollective toolscryptocurrencycountry specificverification and fact-checking.…
Read More

Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

OpenMetadata is an open-source platform designed to manage metadata across various data sources.…

Read More