Summary: This content discusses the XenoRAT malware, its association with a North Korean hacking group, and its targeting of the gaming community.
Threat Actor: North Korean hacking group | Kimsuky …
Tag: HUNT
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Summary: This content discusses the proactive approach taken by Protect AI to identify and address security risks in AI systems, specifically focusing on vulnerabilities in the tools used to build …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Summary: This content discusses a credential stuffing attack that resulted in the theft of genetic data belonging to 6.9 million individuals.
Threat Actor: Unknown | Unknown Victim: 23andMe | 23andMe…
Summary: The content discusses the attack on the Chinese shopping platform Pandabuy, where the threat actor extorted the company after they had already paid a ransom to prevent data from …
Windows operating systems maintain event logs that capture extensive information about the system, users, activities, and applications. These logs primarily help to inform administrators and users, categorized into five levels: …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
5 Reasons why the right tool is important for Success, Morale, and Team Value
Read More
Security Operations Center (SOC) Tier 1 and 2 analysts play a critical role in protecting organizational …
Threat Actor: Sanggiero and IntelBroker | Sanggiero, IntelBroker Victim: Pandabuy | Pandabuy Price: $40,000 Exfiltrated Data Type: UserId, First Name, Last Name, Phone Numbers, Emails, Login IP, Orders_Data, Orders_Id, Home_address, …
Summary: Tenable Holdings has acquired Eureka Security, a company specializing in data security posture management for cloud environments, to enhance its cloud security platform and help customers identify risky cloud …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed “Crimson …
Sophos Managed Detection and Response initiated a threat hunt across all customers after the detection of abuse of a vulnerable legitimate VMware executable (vmnat.exe) to perform dynamic link library (DLL) …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Cloudforce One is publishing the results of our investigation and real-time effort to detect, deny, degrade, disrupt, and delay threat activity by the Russia-aligned threat actor FlyingYeti during their latest …
In this blog, we will learn how to write a YARA Rule to detect different samples from the same families and hunt for them on a scale.
This section defines …
In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We’ve designated this group “Unfading …
Summary: This content discusses the LATRODECTUS malware loader, its similarities to ICEDID, and its capabilities for deploying further payloads and conducting various activities after initial compromise.
Threat Actor: LATRODECTUS | …
Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed …
This post is a continuation of "Malware Unpacking With Hardware Breakpoints".
Here we will be utilising Ghidra to locate the shellcode, analyse the decryption logic and obtain the final decrypted …
Summary: This article discusses Hackbat, an open-source penetration testing tool that is built around a custom PCB and a RP2040 microcontroller from the Raspberry Pi Pico W.
Threat Actor: Hackbat …
Research by: Antonis Terefos
IntroductionPDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform …
Summary: The content discusses the impact of a Chinese hacking operation called Volt Typhoon on the cyberthreat landscape and how it has permanently altered the goals and capabilities of nation-state …
Threat Actor: Embargo extortion group | Embargo extortion group Victim: Firstmac Limited | Firstmac Limited Price: Not mentioned in the article Exfiltrated Data Type: Personal information (name, contact information, date …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Threat Actor: Malware Researchers | Malware Researchers Victim: Individuals and businesses Price: Not specified Exfiltrated Data Type: Various types of data
Additional Information:
Ransomware is a type of malware that…Victim: UK government Country : GB Actor: snatch Source: http://hl66646wtlp2naoqnhattngigjp5palgqmbwixepcjyq5i534acgqyad.onion/news.php?id=9a1a5567-128d-48b2-ac29-a31d6078c7fa Discovered: 2024-05-01 10:34:36.537404 Published: 2024-05-01 02:09:00.000000 Description : More information in our telegram channel https://t.me/snatch_teamRishi Sunak, Prime Minister of the …
In August 2023, we observed an intrusion that started with a phishing campaign using PrometheusTDS to distribute IcedID.
IcedID dropped and executed a Cobalt Strike beacon, which was then used…
Read More
Executive Summary:
Read More
The Black Lotus Labs team at Lumen Technologies is tracking a malware platform we’ve named Cuttlefish, that targets networking equipment, specifically enterprise-grade small office/home office (SOHO) routers. This …
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary
The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety …
The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds.
A group of some of the industry’s most elite threat researchers, the Sysdig …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
We are investigating a ransomware campaign that abuses legitimate Sophos executables and DLLs by modifying their original content, overwriting the entry-point code, and inserting the decrypted payload as a resource …
Summary: Chinese and Russian hackers are increasingly targeting edge devices such as VPN appliances, firewalls, routers, and IoT tools in espionage attacks, according to a report by Google security firm …
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials …
CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi
Initial access to the ESXi infrastructure1 is typically gained…
Read More
Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API …
Identifier: TRR240402.
SummaryWe have been closely monitoring the activities of the Iranian state-sponsored threat actor MuddyWater since the beginning of 2024. Our investigations reveal an active campaign that has …
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials …
Affected platforms: All platforms where PyPI packages can be installedImpacted parties: Any individuals or institutions that have these malicious packages installedImpact: Leak of credentials, sensitive information, etc.Severity level: High
Vigilance …
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your …
Summary: The article discusses the increased operations of the U.S. Cyber Command’s Cyber National Mission Force in 2023, including “hunt forward” campaigns and the release of malware samples for review …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of “Malware Next-Gen,” allowing any organization or person to submit malware samples for analysis.
Threat Actor: …
Must-Read Cybersecurity Blogs [List of Blogs & Websites]
Read More
1. Unsupervised Learning
An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …