Summary: A recent supply chain attack conducted through multiple CDNs has been traced back to a common operator, impacting a large number of websites.
Threat Actor: Unknown | Supply Chain …
Tag: SOC
Phishing is a formidable–and financially devastating–threat costing organizations $4.76 million USD per breach on average. With a simple, deceptive email, adversaries can masquerade as trusted entities, tricking even savvy individuals …
IntelBroker, a notorious figure known for orchestrating high-profile cyberattacks, operates within BreachForums. Specializing in identifying and selling access to compromised systems, sensitive data leaks, and possibly extortion, IntelBroker facilitates various …
Phishing is the weapon of choice for many adversaries. And it’s easy to understand why: Users fall victim to attacks in under 60 seconds on average, novice cybercriminals can launch …
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
This blog investigates the network-based activity detected by Darktrace in compromises stemming from the exploitation of a vulnerability in Palo Alto Networks firewall devices, namely CVE-2024-3400.
IntroductionPerimeter devices such …
By Ale Houspanossian · June 17, 2024
Case SummaryIt was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identified an …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
What is Living off the Land attack?
Read More
In the face of increasingly vigilant security teams and adept defense tools, attackers are continually looking for new ways to circumvent network security …
This blog investigates Medusa ransomware, a Ransomware-as-a-Service (RaaS) variant that is known to use living off the land techniques to infect target networks and move towards its ultimate goals, data …
SSLoad is a stealthy malware that is used to infiltrate systems through phishing emails, gather reconnaissance and transmit it back to its operators while delivering various payloads. Recently, Unit42 highlighted …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
5 Reasons why the right tool is important for Success, Morale, and Team Value
Read More
Security Operations Center (SOC) Tier 1 and 2 analysts play a critical role in protecting organizational …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is …
Summary: Two Russian state-aligned threat actors are conducting online influence operations to undermine the upcoming Olympic Games in Paris, spreading fake news and doctored images on social media.
Threat Actor: …
Summary: Managed Service Partners (MSPs) highlight cybersecurity as their top concern in staying competitive in the market, with challenges including staying on top of security technologies, employing more security analysts, …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
In this blog we examine how Darktrace was able to detect and block malicious phishing emails sent via Microsoft Teams that were impersonating an international hotel chain.
Social Engineering in…This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering …
This blog delves into Darktrace’s investigation into the exploitation of the Citrix Bleed vulnerability on the network of a customer in late 2024. Darktrace’s Self-Learning AI ensured the customer was …
tl;dr
Read More
Huntress uncovered the infrastructure of a mass phishing campaign including potentially novel tradecraft that combines HTML smuggling, injected iframes, and session theft via transparent proxy. This technique allows an …
Summary: This article discusses the decline of traditional phishing messages and the rise of more advanced social engineering-driven attacks, such as spear-phishing and business email compromise (BEC), and emphasizes the …
This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This …
On February 22, 2025, the Critical Infrastructure and Security Agency (CISA) issued a #StopRansomware: ALPHV Blackcat ransomware alert. This alert builds upon earlier Federal Bureau of Investigation (FBI) work and …
Summary: The content discusses the results of a cybersecurity survey conducted by KPMG, which reveals that despite recent cyberattacks, the majority of cybersecurity leaders are confident in their security operations …
Summary: LogRhythm and Exabeam have announced a merger in the SIEM market, with the deal expected to close in the third quarter of this year.
Threat Actor: N/A
Victim: N/A…
This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
Summary: The content discusses the use of GenAI in cybersecurity operations and highlights the lack of clear policies and understanding of the technology’s implications among organizations.
Threat Actor: N/A
Victim: …
In a hacker forum monitored by SOCRadar, a new alleged pasiens data leak is detected for Indonesian citizens.
Leak Date: 06/05/2024Lines: 100k+EXAMPLE
INSERT INTO `pasiens` (`id`, `merchant_id`, `name`, `no_surat`, `nomor_identitas`,…
Introduction
Read More
In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G …
In a hacker forum monitored by SOCRadar, a new alleged database leak is detected for BPK RI.
BPK.go.idIn April 2024, more than 700K+ rows of data from the store company …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we examine lateral movement techniques, showcasing some that we have observed in the wild within cloud environments. …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Microarchitectural side-channel attacks misuse shared processor state to transmit information between security domains.
Although they can be used in isolation, they are frequently employed as building blocks for more sophisticated …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
A collective awesome list of public (JSON) APIs for use in security.The list is supported by https://alexanderjaeger.deLearn about REST: https://github.com/marmelab/awesome-rest
Sample API used by hendryadrian.com https://www.hendryadrian.com/ransom/all.php
APIDescriptionAuthHTTPSLinkFree / CommercialAlexaAlexa Top…Privileged Access Management (PAM) is a critical aspect of information security that focuses on controlling, managing, and monitoring the access and activities of privileged users within an IT environment. Privileged …
Email Security Appliances (ESAs) are hardware or software solutions designed to protect an organization’s email system from a wide range of email-based threats. These appliances play a crucial role in …
“There are too many firewall features available today; I am using Cisco ASA as an example for this firewall topic.” Cisco ASA is a versatile network security device that combines …
Content :
Introduction to SOC What is a Use Case in SOC? Use Case Life Cycle Use Case Management Challenges in Use Case Management Best Practices Introduction to SOC (Security…
Summary
Read More
In late 2023, BlackBerry analysts identified a spear-phishing campaign by threat group FIN7 that targeted a large automotive manufacturer based in the United States. FIN7 identified employees at the …
Introduction
Read More
While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based interactive console …
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your …
Overview
Read More
Recently, NSFOCUS CERT detected that Palo Alto Networks issued a security announcement and fixed the command injection vulnerability (CVE-2024-3400) in PAN-OS. Since GlobalProtect gateway or portal configured in PAN-OS …
Introduction
Read More
To enhance our threat intelligence, improve detection and identify new threats, Sekoia.io analysts perform continuous hunting and detection engineering every day to give our customers more options to protect …
A Virtual Private Network (VPN) is a technology that creates a secure and encrypted connection over a less secure network, such as the internet. It allows users to send and …