Short Summary: The FBI, CISA, and NSA have assessed that Russian GRU Unit 29155 is responsible for cyber operations targeting global entities for espionage and sabotage since 2020. They have utilized the WhisperGate malware against Ukrainian organizations since January 2022. Organizations are advised to implement security measures to mitigate these threats.…
Read More
Tag: SIEM
Summary: Version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) introduces significant changes aimed at enhancing security in response to evolving technologies and threats, with a focus on vulnerability management and multi-factor authentication. Organizations must prepare for complex new requirements, many of which will take effect by April 2025, necessitating substantial changes in processes and technologies.…
OVERVIEW
Read More
The MITRE ATT&CK framework is a comprehensive matrix of tactics, techniques, and procedures (TTPs) used by cyber adversaries to carry out attacks. It provides a common language and a structured way to describe and categorize cyber adversary behavior. Here’s an overview of the key components of the MITRE ATT&CK framework:
1.…Short Summary:
The “Voice of a Threat Hunter 2024” report reveals that 53% of security practitioners believe their threat hunting programs are very effective, up from 41% in 2023. Key factors for this effectiveness include the right tools, trained analysts, and baseline data. The report also highlights the top objectives, challenges, enhancements, and priorities for threat hunting programs, emphasizing the need for proactive measures and adequate funding.…
Short Summary:
Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware strain active since June 2021, operating under a Ransomware-as-a-Service (RaaS) model. It primarily targets unsecured MS-SQL servers through dictionary attacks, leveraging PowerShell for payload delivery. The group has been expanding its operations by recruiting affiliates and has been observed using various techniques for data exfiltration and lateral movement within networks.…
Summary: Cisco’s planned acquisition of Robust Intelligence aims to enhance the security of AI applications and infrastructure, addressing the complexities of AI risk management. This move underscores the growing importance of AI security in modern IT environments as organizations increasingly adopt AI technologies.
Threat Actor: Cisco | Cisco Victim: Robust Intelligence | Robust Intelligence
Key Point :
Cisco’s acquisition of Robust Intelligence will enhance AI security by safeguarding applications against emerging risks.…Short Summary:
The “Voice of a Threat Hunter 2024” report highlights the need for security teams to evolve their threat hunting strategies to combat the increasing frequency and severity of cyber attacks. While many organizations have implemented threat hunting programs, challenges such as funding, historical data, and talent shortages hinder their effectiveness.…
Short Summary:
This publication outlines best practices for event logging to enhance cyber security and resilience against threats. Developed by the Australian Cyber Security Centre (ACSC) in collaboration with international partners, it emphasizes the importance of effective logging solutions to support incident response, reduce alert noise, and ensure compliance with organizational policies.…
Short Summary:
This article provides a comprehensive overview of threat intelligence services, emphasizing their importance, methodology, benefits, and future in enhancing organizational cybersecurity posture.
Key Points:
Proactive Defense: Anticipating and mitigating attacks before they occur. Informed Decision-making: Prioritizing threats based on potential impact and likelihood. Resource Optimization: Efficient allocation of resources to address significant threats.…Summary: The article discusses the critical role of firewalls in protecting operational technology (OT) networks, emphasizing that while they serve as a perimeter defense, they are not sufficient alone due to challenges like encrypted traffic and lack of visibility. It highlights the importance of communication between OT and IT teams, the need for identity and access management, and the investment in visibility tools to enhance security in OT environments.…
Summary: Sporting events create extensive consumer engagement and interconnected networks that enhance experiences but also introduce significant cybersecurity risks. Businesses and fans must be aware of these vulnerabilities and implement robust strategies to mitigate potential threats during high-activity periods.
Threat Actor: Cybercriminals | cybercriminals Victim: Sporting venues and attendees | sporting venues and attendees
Key Point :
Sporting events are susceptible to various cyber threats, including DDoS attacks, bot attacks on ticketing, and deceptive Wi-Fi hotspots.…Victim: coinbv.nl Country : NL Actor: madliberator Source: http://k67ivvik3dikqi4gy4ua7xa6idijl4si7k5ad5lotbaeirfcsx4sgbid.onion Discovered: 2024-08-02 07:18:37.181962 Published: 2024-08-02 07:18:36.253081 Description : COIN is your hands-on partner for IT Continuity, Disaster & Workplace Recovery, and Cyber Security. The fast increase of, for instance, the volume of cyber / ransomware incidents, power cuts and other disasters, is forcing organisations to closely examine their critical digital company processes, secure their data and ensure the continuous availability of quantitative and qualitative human resources, preferably redundant.Services:Cyber…
A Security Information and Event Management (SIEM) solution acts as the central nervous system of an organization’s security framework. It collects, analyzes, and correlates data from various sources within the IT infrastructure, including network devices, servers, and security systems.
By integrating a SIEM solution in a SOC, organizations can significantly enhance their ability to monitor, assess, and mitigate cybersecurity risks in real-time.…
Summary: The OSC&R report reveals significant challenges in software supply chain security, highlighting the overwhelming volume of alerts faced by AppSec teams and the persistence of high-severity vulnerabilities. Despite advancements in application security practices, the report emphasizes the need for better risk management and the adoption of automated solutions to address alert fatigue and improve security hygiene.…
On July 25, 2024, the United States Federal Bureau of Investigation (FBI), the Cyber National Mission Force (CNMF), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense Cyber Crime Center (DC3), the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the Republic of Korea’s National Police Agency (NPA), and the United Kingdom’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory (CSA) that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.…
[Cyware] How CISOs enable ITDR approach through the principle of least privilege – Help Net Security
Summary: The article discusses the importance of Identity Threat Detection and Response (ITDR) initiatives, emphasizing the principle of least privilege as a critical strategy for reducing the risk of data breaches. It highlights the growing trend of credential theft and the need for organizations to tighten access controls to enhance security.…
Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.
The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…
Cactus is a ransomware strain discovered in March 2023 known for having compromised more than 140 entities as of July 2024.
Cactus typically obtains access to corporate networks by exploiting vulnerabilities in externally facing Virtual Private Network (VPN) software. Once access is secured, the ransomware establishes Command and Control (C2) communications with its operator via Secure Shell (SSH).…
Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…
On May 23, 2023, the U.S., Australia, New Zealand, Canada and the U.K. issued a joint advisory about a suspected Chinese state-sponsored threat actor group that infiltrates firewalls, routers and virtual private networks (VPNs) belonging to critical infrastructure organizations. The group is primarily referred to as Volt Typhoon aka BRONZE SILHOUETTE, Dev-0391, Insidious Taurus, Storm-0391, UNC3236, VANGUARD PANDA, VOLTZITE.…