Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Written by: Andrew Oliveau
Over the last several years, the security community has witnessed an uptick in System Center Configuration Manager (SCCM)-related attacks. From extracting network access account (NAA) credentials to deploying malicious applications to targeted devices, SCCM attacks have aided in accomplishing complex objectives and evading existing detections.…
Typically spread through malicious attachments, drive-by downloads, or social engineering, Remcos RAT has been active since 2016. Initially presented by BreakingSecurity, a European company, as a legitimate remote control tool, it has since been exploited by threat actors for nefarious purposes, despite claims of restricted access for lawful use.…
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom.However this is not guaranteed and you should never pay!
GOOD NEWSPrevention is possible. Following simple cyber security advice can help you to avoid becoming a victim of ransomware.…
The encryptor has hit the scene recently, but without any notable leak site from the threat actor or typical ransomware branding. The ransomware note is not unique in the wording used, but it is clear the threat actor is masquerading as a pentester. This tactic has been used by other threat actors in the past and is not going to fool the victim when they come across the ransomware note on an encrypted system.…
Key Points
This report examines the threat posed by Chinese advanced persistent threat (APT) groups on operational technology (OT) by analyzing four key cyber attacks from the past 12 months conducted by threat actors with a China nexus (“APT27,” “APT31,” “BlackTech,” and “Volt Typhoon”). Network defenders may find the detection rules and key recommendations detailed throughout this report useful.…[Update] April 8, 2024: “From ALPHV to RansomHub: Change Healthcare”
A new threat actor has emerged in the ransomware landscape, distinguishing themselves by making claims and backing them up with data leaks. In February 2024, RansomHub posted its first victim, the Brazilian company YKP. Since then, they have made 17 additional claims, although their leak site currently lists only 14 victims.…
Given a diverse customer base, Huntress sees a wide range of activity even when it comes to persistent threat actors. When such a threat actor makes attempts to compromise a customer with both managed EDR and managed anti-virus (MAV) services, it’s often very interesting to observe their playbook.…
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web services such as shopping. This is the case for both individual users and employees conducting business in companies.…
The analysis process of a lnk-based malware is generally based on static and AutoIt deobfuscation. To examine the important fields of the lnk file where the infection chain first starts, let’s look at its headers and commands.
There is a malicious command that looks like an image file, but contains a command that downloads and executes an HTA type file with powershell from a remote server.…
By Securonix Threat Research: D. Iuzvyk, T. Peck, O. Kolesnikov
tldr:The Securonix Threat Research team has uncovered an elaborate multi-stage attack campaign likely associated with the North Korean Kimsuky group.
The Securonix Threat Research (STR) team has been monitoring a new campaign tracked as DEEP#GOSU likely associated with the Kimsuky group, which features some new code/stagers as well as some recycled code and TTPs that were reported in the past.…
Generally, organizations such as institutes and companies use various security products to prevent security threats. For endpoint systems alone, there are not only anti-malware solutions, but also firewalls, APT defense solutions and products such as EDR. Even in general user environments without separate organization responsible for security, most of them have basic security products installed.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection Report.
Released this week, the Report (PDF) is based on the analysis of almost 60,000 threats drawn from 216 petabytes of telemetry from more than 1,000 customers’ endpoints, identities, clouds, and SaaS applications throughout 2023.…
○ Bitcoin price continues its all-time high. Interest…
GhostSec, a significant member of The Five Families, has garnered substantial attention with the latest research, following their recent twin ransomware attack with Stormous –another Five Families affiliated threat group. Researchers and the group itself allege that this group, supposedly initially linked with Anonymous and often identified as vigilante hackers, had taken on the responsibility of combating extremist content and activities on the internet, explicitly targeting ISIS when they first emerged.…
Microsoft 365 (formerly Office 365) is Microsoft’s cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.…
As the U.S. and Canadian tax season approaches, eSentire has observed a substantial increase in malware being delivered through tax-themed phishing emails. Cybercriminals are exploiting the urgency and importance of tax-related communications to trick individuals into opening malicious email links, leading to malware infections.…
Whether it is to support compliance efforts for regulatory mandated logging, to feed daily security operations center (SOC) work, to support threat hunters or bolster incident response capabilities, security telemetry data stands as the lifeblood of a healthy cybersecurity program. But the more security relies on data and analysis to carry out its core missions, the more data it must manage, curate and protect—while keeping data-related costs tightly under control.…
As an MDR provider supporting over 2.7 million endpoints across an extremely diverse customer base, Huntress sees a great deal of both legitimate and malicious activities. In a number of instances, Huntress analysts will observe the malicious use of an application that is otherwise extensively used for legitimate purposes across the customer base, at large.…