Short Summary:

Mallox, also known as TargetCompany, FARGO, and Tohnichi, is a ransomware strain active since June 2021, operating under a Ransomware-as-a-Service (RaaS) model. It primarily targets unsecured MS-SQL servers through dictionary attacks, leveraging PowerShell for payload delivery. The group has been expanding its operations by recruiting affiliates and has been observed using various techniques for data exfiltration and lateral movement within networks.…

Read More

Summary: Cisco’s planned acquisition of Robust Intelligence aims to enhance the security of AI applications and infrastructure, addressing the complexities of AI risk management. This move underscores the growing importance of AI security in modern IT environments as organizations increasingly adopt AI technologies.

Threat Actor: Cisco | Cisco Victim: Robust Intelligence | Robust Intelligence

Key Point :

Cisco’s acquisition of Robust Intelligence will enhance AI security by safeguarding applications against emerging risks.…
Read More

Short Summary:

This publication outlines best practices for event logging to enhance cyber security and resilience against threats. Developed by the Australian Cyber Security Centre (ACSC) in collaboration with international partners, it emphasizes the importance of effective logging solutions to support incident response, reduce alert noise, and ensure compliance with organizational policies.…

Read More

Short Summary:

This article provides a comprehensive overview of threat intelligence services, emphasizing their importance, methodology, benefits, and future in enhancing organizational cybersecurity posture.

Key Points:

Proactive Defense: Anticipating and mitigating attacks before they occur. Informed Decision-making: Prioritizing threats based on potential impact and likelihood. Resource Optimization: Efficient allocation of resources to address significant threats.…
Read More

Summary: The article discusses the critical role of firewalls in protecting operational technology (OT) networks, emphasizing that while they serve as a perimeter defense, they are not sufficient alone due to challenges like encrypted traffic and lack of visibility. It highlights the importance of communication between OT and IT teams, the need for identity and access management, and the investment in visibility tools to enhance security in OT environments.…

Read More

Summary: Sporting events create extensive consumer engagement and interconnected networks that enhance experiences but also introduce significant cybersecurity risks. Businesses and fans must be aware of these vulnerabilities and implement robust strategies to mitigate potential threats during high-activity periods.

Threat Actor: Cybercriminals | cybercriminals Victim: Sporting venues and attendees | sporting venues and attendees

Key Point :

Sporting events are susceptible to various cyber threats, including DDoS attacks, bot attacks on ticketing, and deceptive Wi-Fi hotspots.…
Read More

Victim: coinbv.nl Country : NL Actor: madliberator Source: http://k67ivvik3dikqi4gy4ua7xa6idijl4si7k5ad5lotbaeirfcsx4sgbid.onion Discovered: 2024-08-02 07:18:37.181962 Published: 2024-08-02 07:18:36.253081 Description : COIN is your hands-on partner for IT Continuity, Disaster & Workplace Recovery, and Cyber Security. The fast increase of, for instance, the volume of cyber / ransomware incidents, power cuts and other disasters, is forcing organisations to closely examine their critical digital company processes, secure their data and ensure the continuous availability of quantitative and qualitative human resources, preferably redundant.Services:Cyber…

Read More

A Security Information and Event Management (SIEM) solution acts as the central nervous system of an organization’s security framework. It collects, analyzes, and correlates data from various sources within the IT infrastructure, including network devices, servers, and security systems.

By integrating a SIEM solution in a SOC, organizations can significantly enhance their ability to monitor, assess, and mitigate cybersecurity risks in real-time.…

Read More

Summary: The OSC&R report reveals significant challenges in software supply chain security, highlighting the overwhelming volume of alerts faced by AppSec teams and the persistence of high-severity vulnerabilities. Despite advancements in application security practices, the report emphasizes the need for better risk management and the adoption of automated solutions to address alert fatigue and improve security hygiene.…

Read More

On July 25, 2024, the United States Federal Bureau of Investigation (FBI), the Cyber National Mission Force (CNMF), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense Cyber Crime Center (DC3), the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the Republic of Korea’s National Police Agency (NPA), and the United Kingdom’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory (CSA) that highlights cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.…

Read More

Summary: The article discusses the importance of Identity Threat Detection and Response (ITDR) initiatives, emphasizing the principle of least privilege as a critical strategy for reducing the risk of data breaches. It highlights the growing trend of credential theft and the need for organizations to tighten access controls to enhance security.…

Read More

Published On : 2024-07-26

EXECUTIVE SUMMARY

A recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited the chaos, using phishing campaigns and malicious domains to deceive users.

The CYFIRMA Research team is continuously monitoring the ongoing situation and has carried out an analysis of the tactics, techniques & procedures (TTPs) on deployed malware and malicious campaigns of the threat actors.…

Read More

Cactus is a ransomware strain discovered in March 2023 known for having compromised more than 140 entities as of July 2024.

Cactus typically obtains access to corporate networks by exploiting vulnerabilities in externally facing Virtual Private Network (VPN) software. Once access is secured, the ransomware establishes Command and Control (C2) communications with its operator via Secure Shell (SSH).…

Read More

Summary: The European Union is facing a significant increase in brute-force cyberattacks on corporate and institutional networks, primarily attributed to Russian threat actors exploiting Microsoft infrastructure to evade detection. This ongoing campaign, which has been active since at least May 2024, targets high-value assets across major cities in Europe, underscoring the urgent need for enhanced cybersecurity measures.…

Read More

On May 23, 2023, the U.S., Australia, New Zealand, Canada and the U.K. issued a joint advisory about a suspected Chinese state-sponsored threat actor group that infiltrates firewalls, routers and virtual private networks (VPNs) belonging to critical infrastructure organizations. The group is primarily referred to as Volt Typhoon aka BRONZE SILHOUETTE, Dev-0391, Insidious Taurus, Storm-0391, UNC3236, VANGUARD PANDA, VOLTZITE.…

Read More

Summary: A recent survey reveals that nearly half of organizations struggle to effectively operationalize threat intelligence due to silos within teams, technology, and data. Despite recognizing the importance of collaboration in cybersecurity, many organizations lack the necessary frameworks and tools to share information effectively.

Threat Actor: Cyware | Cyware Victim: Organizations | Organizations

Key Point :

49% of respondents reported difficulties in deriving actionable insights from threat intelligence due to silos.…
Read More

Summary: The content discusses the slow adoption of generative AI in enterprises due to concerns about data privacy and compliance.

Threat Actor: N/A Victim: N/A

Key Point :

Enterprises have been slow to adopt generative AI due to concerns about data privacy and compliance. A recent survey showed that while 75% of enterprises tested GenAI last year, only 9% deployed it widely.…
Read More

Written by: Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud Security Alex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud Security Ilfak Guilfanov, author of IDA Pro and CTO, Hex-Rays Vijay Bolina, Chief Information Security Officer & Head of Cybersecurity Research, Google DeepMind

Executive Summary Following up on our Gemini 1.5 Pro for malware analysis post, this time around we tested to see if our light-weight Gemini 1.5 Flash model is capable of large-scale malware dissection.…
Read More