Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
Summary: CyberArk, a cybersecurity company, is acquiring Venafi, a specialist in machine identity, for $1.54 billion in order to expand its capabilities in managing machine identities in the cloud.
Threat Actor: N/A Victim: N/A
Key Point :
CyberArk is acquiring Venafi for $1.54 billion, with $1 billion in cash and approximately $540 million in shares.…Summary: Intel has disclosed a maximum severity vulnerability in its Intel Neural Compressor software for AI model compression, which allows an unauthenticated attacker to execute arbitrary code on affected systems.
Threat Actor: Unauthenticated attacker | unauthenticated attacker Victim: Intel | Intel
Key Point :
The vulnerability, designated as CVE-2024-22476, is the most serious among the 41 security advisories disclosed by Intel.…Summary: The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks.
Threat Actor: N/A Victim: N/A
Key Point :
The Norwegian NCSC advises organizations to transition from SSLVPN/WebVPN solutions to IPsec with IKEv2 by 2025.…Published On : 2024-05-20
EXECUTIVE SUMMARYAt CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team recently identified a binary in the wild, identified as an information stealer; “SamsStealer”. It is a 32-bit Windows executable designed to stealthily extract sensitive information from victims’ systems.…
This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun’s arsenal — operate, based on a campaign from 2024.
SummaryEarth Hundun is known for targeting the Asia-Pacific and now employs updated tactics for infection spread and communication. This report details how Waterbear and Deuterbear operate, including the stages of infection, command and control (C&C) interaction, and malware component behavior.…Summary: This report examines the threat posed by Russia-linked advanced persistent threat (APT) groups on operational technology (OT) by analyzing key cyber attacks from the past 12 months, providing detection rules and recommendations for network defenders.
Threat Actor: Russia-linked APT groups | Russia-linked APT groups Victim: Various industries and specifically a manufacturing industry customer | manufacturing industry
Key Points:
This report analyzes cyber attacks conducted by Russia-linked APT groups on operational technology (OT) in the past year, providing useful detection rules and recommendations for network defenders.…Summary: The US Cybersecurity and Infrastructure Security Agency (CISA) has released a guide to help civil society organizations mitigate cyber threats, particularly those posed by state-sponsored actors from nations like Russia, China, Iran, and North Korea.
Threat Actor: State-sponsored actors | state-sponsored actors Victim: Civil society organizations | civil society organizations
Key Point :
The guide, titled “Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society,” provides actionable steps for civil society organizations to enhance their cybersecurity defenses.…Summary: This content discusses the latest Microsoft Patch Tuesday, which includes over 60 CVEs to address, including three zero-day vulnerabilities, two of which have been actively exploited in the wild.
Threat Actor: QuakBot | QuakBot Victim: System administrators | system administrators
Key Point :
The latest Microsoft Patch Tuesday includes over 60 CVEs to address, with three zero-day vulnerabilities.…This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises honeypots in different locations around the world to identify potential exploitations.
Table of contentsIntroductionRecently, our team observed an incident involving our MS-SQL (Microsoft SQL) honeypot.…
This blog focuses on the exploitation of the ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 and CVE-2024-1709) and Darktrace’s coverage of affected customer networks in early 2024.
IntroductionAcross an ever changing cyber landscape, it is common place for threat actors to actively identify and exploit newly discovered vulnerabilities within commonly utilized services and applications.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.
Threat Actor Card of APT31
This group is believed to operate primarily on behalf of the Chinese government, engaging in cyber espionage and targeted attacks to gather intelligence and support strategic objectives aligned with China’s national interests.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Summary: The article discusses the financial and reputational costs of cyber-attacks and highlights the unplanned expenses incurred by organizations as a result of these attacks.
Threat Actor: N/A Victim: N/A
Key Point :
79% of organizations detected a serious cyber-attack in the previous 12 months, with 20% losing competitive advantage, 16% experiencing a decrease in company valuation, 13% facing lawsuits, 14% experiencing customer churn, and 13% undergoing a change in senior leadership.…On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host’s resources for the gain of its young. …
Summary: The content discusses the most active ransomware groups in Q1 2024, with a focus on LockBit and its setback due to law enforcement actions.
Threat Actor: LockBit | LockBit Victim: N/A
Key Point :
LockBit, Black Basta, and Play were the most active ransomware groups in Q1 2024, with Black Basta experiencing a significant increase in activity.…Verizon’s 17th annual Data Breach Investigations Report (DBIR) for 2024 offers an in-depth look at the latest trends in data breaches and cyber security incidents. Analyzing data from over 30,458 incidents and 10,626 confirmed breaches between November 2022 and October 2023, Verizon DBIR 2024 provides crucial insights into the evolving threat landscape.…