Phishing is the weapon of choice for many adversaries. And it’s easy to understand why: Users fall victim to attacks in under 60 seconds on average, novice cybercriminals can launch …
Tag: XDR
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI …
This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. Organizations can use this information to understand the potential …
With that background covered, let’s delve into several active campaigns we’ve observed, each leveraging the .LNK file format as the initial trigger for initiating the …
Threat Actor: Unknown | Unknown Victim: American Manufacturing Company | American Manufacturing Company Price: $25,000 (open to negotiation) Exfiltrated Data Type: Not specified
Additional Information:
The threat actor is allegedly…AhnLab SEcurity intelligence Center (ASEC) has been publishing the Online Scams series to inform the readers about the ever-evolving scams. Prevention and blocking are the two most important measures to …
In May 2023, in a threat hunt across Sophos Managed Detection and Response telemetry, Sophos MDR’s Mark Parsons uncovered a complex, long-running Chinese state-sponsored cyberespionage operation we have dubbed “Crimson …
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
This time, we’re not revealing a new cyber threat investigation or analysis, but I want to share some insights about the team behind all Sekoia Threat Intelligence and Detection Engineering …
Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), that uses both a combination of many tried-and-true techniques used by other North Korean …
In a recent investigation by Bitdefender Labs, a series of cyberattacks targeting high-level organizations in South China Sea countries revealed a previously unknown threat actor. We’ve designated this group “Unfading …
This post is also available in: 日本語 (Japanese)
Executive SummaryA Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This …
Summary: This content highlights the misuse of the client management tool Quick Assist by the threat actor Storm-1811 in social engineering attacks, targeting users for financial gain.
Threat Actor: Storm-1811 …
The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team promptly initiated an in-depth analysis …
Summary: LogRhythm and Exabeam have announced a merger in the SIEM market, with the deal expected to close in the third quarter of this year.
Threat Actor: N/A
Victim: N/A…
More than 30.6 billion records have been exposed in 2024 so far based on 8,839 publicly disclosed incidents. Intensifying cybersecurity efforts has thus become more critical than ever for organizations …
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only …
Infostealers targeting macOS devices have been on the rise for well over a year now, with variants such as Atomic Stealer (Amos), RealStealer (Realst), MetaStealer and others widely distributed in …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we examine lateral movement techniques, showcasing some that we have observed in the wild within cloud environments. …
It’s been little more than a week since Apple rolled out an unprecedented 74 new rules to its XProtect malware signature list in version 2192. A further 10 rules were …
Threat Actor: Unknown | Unknown Victim: Italian Red Cross | Italian Red Cross Price: Not specified Exfiltrated Data Type: Internal source codes, databases, backups, and more
Additional Information:
The breach…Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials …
Summary: A notorious Russian APT group known as APT28 has been using a post-compromise tool called “GooseEgg” to steal credentials by exploiting a Windows Print Spooler bug.
Threat Actor: APT28 …
Summary: Researchers at SafeBreach discussed flaws in Microsoft and Kaspersky security products that can potentially allow the remote deletion of files, even after both vendors claim to have patched the …
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials …
Summary: The article discusses how a security researcher reverse-engineered and weaponized Palo Alto Networks’ extended detection and response (XDR) software, demonstrating the potential for attackers to exploit such tools for …
At its core, threat hunting is the practice of proactively searching for signs of malicious activities or indicators of compromise (IOCs) before threat actors gain a deep foothold within your …
To enhance our threat intelligence, improve detection and identify new threats, Sekoia.io analysts perform continuous hunting and detection engineering every day to give our customers more options to protect …
This post is also available in: 日本語 (Japanese)
Executive SummaryThis threat brief is frequently updated as new threat intelligence is available for us to share. The full update log …
Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and …
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a …
This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: …
Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.
To reduce …
We use the Internet in our everyday lives to get work done, manage our lives, and even socialize. We take this …
When discussing Windows services and how to hunt for their abuse, it is worth mentioning that there are several threat hunting hypotheses that we can leverage. This is very common …
As cyber adversaries become more sophisticated, detecting and neutralizing potential threats before they can cause any harm has become a top priority for cybersecurity professionals. It is also why threat …
CrowdStrike is committed to protecting our customers from the latest and most sophisticated cybersecurity threats. We are actively monitoring activity surrounding CVE-2024-3094, a recently identified vulnerability in XZ Utils. In …
____________________ Summary: The XZ Utils Data Compression Library has a vulnerability that impacts multiple Linux distributions. It is recommended to downgrade to an uncompromised version or migrate to updated releases.…
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.…
In this blog, we present a proof of value study demonstrating the value of detecting attempted DNS exfiltration and Command and Control …
StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. Upon a successful attack, the threat actor would gain …
This post is also available in: 日本語 (Japanese)
Executive SummaryThis article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 …
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
On March 4, 2024, JetBrains disclosed two critical …
This article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine …
This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. BunnyLoader is dynamically developing malware …
PRESS RELEASE
DENVER, March 5, 2024 – Red Canary today announced full coverage of its detection and response capabilities to include all major cloud infrastructure and platform services providers, such …
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them.…