本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
THREAT INTELLIGENCE/HUNTING
Adam Goss
Threat Intelligence with MISP: Part 2 — Setting up MISPAdam Goss·FollowPublished inInfoSec Write-ups·11 min read·6 days ago--ShareWelcome back to this series on using MISP for threat intelligence!MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source threat intelligence platform that allows you to share, collate, analyze, and distribute threat intelligence. It is used across industries and governments worldwide to share and analyze information about the latest threats.T...
Shiran Guez at Akamai
Allan Liska at ‘Ransomware Sommelier’
ransomwaresommelier.comCopy linkFacebookEmailNotesOtherDiscover more from RansomwareMy thoughts about ransomwareSubscribeContinue readingSign in PowerShell: Great Ransomware Tool or Greatest Ransomware Tool?Part 1 of a 3 Part SeriesAllan LiskaSep 19, 2023Share this postPowerShell: Great Ransomware Tool or Greatest Ransomware Tool?ransomwaresommelier.comCopy linkFacebookEmailNotesOtherShareIt is almost impossible to talk about ransomware attacks without talking about PowerShell. The use of PowerS...
Anton Chuvakin
Detection Engineering and SOC Scalability Challenges (Part 2)Anton Chuvakin·FollowPublished inAnton on Security·6 min read·1 day ago--ListenShareThis blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.This post is our second installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore the challenges of detection engineering in more detail — and where threat intelligence...
Francis Guibernau at AttackIQ
Jeremy Fuchs at Avanan
Breaking Down the Remcos Malware Attempts on Colombian Banks Posted by Jeremy Fuchs on September 20, 2023 Tweet Check Point researchers recently discovered a large-scale phishing campaign in Colombia targeting over 40 prominent companies. The attackers aimed to discreetly install the "Remcos" malware, a sophisticated RAT that gives them complete control over compromised computers. In our report, we explore the attack's complexities and the stealthy techniques used by the malicious actors. The cy...
Avertium
September 19, 2023 executive summary In recent years, ransomware groups have been evolving their tactics and moving away from the traditional strategy of encrypting victims’ data and demanding ransom for decryption keys. Instead, many ransomware groups are now shifting their focus towards data extortion. This shift represents a significant departure from their previous methodology and poses a more significant threat to businesses and individuals. Rather than merely locking access to data, ransom...
Hayden Covington at Black Hills Information Security
Hayden Covington // Phishing is an ever-present threat, but lately, user education and spam filters have helped mitigate some of that threat. But what happens when a phish makes it further than the user’s mailbox and deeper into your own environment? Can users be expected to have the same level of caution? The event covered in this post is a real event that I discovered while hunting through O365 logs for our SOC customers. For the sake of clarity throughout this blog post, I’m going to refer to...
Blackberry
Silent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA RESEARCH & INTELLIGENCE / 09.18.23 / The BlackBerry Research & Intelligence Team Share on Twitter Share on Facebook Share on Linked In Email Summary BlackBerry has discovered a new campaign we’ve dubbed “Silent Skimmer,” involving a financially motivated threat actor targeting vulnerable online payment businesses in the APAC and NALA regions. The attacker compromises web servers, using vulnerabilities to gain initi...
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana 16 – 22 Settembre 2023 22/09/2023 riepilogo In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 44 campagne malevole, di cui 39 con obiettivi italiani e 5 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 278 indicatori di compromissione (IOC) individuati. Riportiamo in seguito il dettaglio delle tipologie...
Check Point
Filter by: Select category Research (527) Security (842) Securing the Cloud (262) Harmony (126) Company and Culture (13) Innovation (6) Customer Stories (5) Horizon (1) Securing the Network (6) Connect SASE (9) Harmony Email (29) Artificial Intelligence (13) SecuritySeptember 19, 2023 Will the Real Slim Shady Please Stand Up? Check Point Research Exposes Cybercriminal Behind Malicious Software Impacting EMEA and APAC ByCheck Point Team Share Highlights: Advertised as legitimate tools, Remcos and...
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
Behind the Scenes of BBTok: Analyzing a Banker’s Server Side Components
CISA
Release DateSeptember 20, 2023 Alert CodeAA23-263A Actions to take today to mitigate malicious cyber activity: Secure and closely monitor Remote Desktop Protocol (RDP). Maintain offline backups of data. Enable and enforce phishing-resistant multifactor authentication (MFA). SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopR...
Jonathan Munshaw at Cisco’s Talos
By Jonathan Munshaw Thursday, September 21, 2023 14:09 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter.As a former reporter, I’ve seen my fair share of press releases. But one from a threat actor was definitely a new one for me last week.ALPHV (aka BlackCat) publicly took credit for a massive cyber attack against MGM, a resort, gambling and sports betting company best known for its massive casinos. The attack took down slot machines, guest reservation syst...
Ian Ahl at Cloud Chronicles
Summary LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors to include but not limited to Software, Retail, Hospitality, Manufacturing, and Telecoms. LUCR-3 does not rely heavily on malware or even scripts, instead ...
Andy Thompson at CyberArk
× Share this Article Facebook Twitter Email LinkedIn The MGM Resorts Attack: Initial Analysis September 22, 2023 Andy Thompson Share this Article Facebook Twitter Email LinkedIn The recent cyberattack on MGM Resorts International has raised serious concerns about the security of sensitive data and the vulnerabilities organizations face in today’s digital landscape. In this blog post, we will dive into the details of the attack based on the information currently available, analyze its root causes...
Cyfirma
Published On : 2023-09-21 Share : Ransomware of the Week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes multiple – industries, geography, and technology – which could be relevant to your organization. Type: Ransomware. Target Technologies: MS Windows. Target Industries: Business Support Services, Heavy Construction. Target Geography: United States of America. Introduction CYFIRMA Research and Advis...
David Hazar
Containment in the Cloud - Their Native Firewalls Don't Always Work Report this article David Hazar David Hazar Certified SANS Instructor | Vulnerability & Cloud Security Consultant | Founder, Public Speaker Published Sep 22, 2023 + Follow If you thought that preventing access to and from your resources in Google Cloud and Azure was as easy as adding in a VPC firewall or Network Security Group rule, think again. In SANS Institute, SANS Cloud Security's course SEC549: Enterprise Cloud Security Ar...
Malachi Walker at DomainTools
Arda Büyükkaya at EclecticIQ
This issue of the Analyst Prompt discusses the recent takedown of the Qakbot malware network. It highlights how the UNC4841 threat actor leveraged a zero-day vulnerability in Barracuda, targeting the government, military, and Telecom sectors. Additionally, it discusses the published remote code execution exploit that is impacting VMware Aria software. Arda Büyükkaya – September 18, 2023 The FBI Dismantled QakBot Infrastructure QakBot — also known as Qbot, Quackbot and Pinkslipbot — is responsibl...
Esentire
→ Sep 21, 2023 Questions to Ask a Managed Security Services Provider (MSSP) → Sep 17, 2023 Russia-Linked LockBit Gang Attacks an MSP and Two Manufacturers Using the… → VIEW BLOG → Resources Case Studies → Videos → Reports → Webinars → Data Sheets → Cybersecurity Tools → Glossary → EXPLORE LIBRARY → SECURITY ADVISORIES Aug 22, 2023 Ivanti Zero-Day Vulnerability – CVE-2023-38035 THE THREAT On August 21st, 2023, Ivanti disclosed a new vulnerability impacting Ivanti Sentry (formerly MobileIron Sentr...
Russia-Linked LockBit Gang Attacks an MSP and Two Manufacturers Using the… → VIEW BLOG → Resources Case Studies → Videos → Reports → Webinars → Data Sheets → Cybersecurity Tools → Glossary → EXPLORE LIBRARY → SECURITY ADVISORIES Aug 22, 2023 Ivanti Zero-Day Vulnerability – CVE-2023-38035 THE THREAT On August 21st, 2023, Ivanti disclosed a new vulnerability impacting Ivanti Sentry (formerly MobileIron Sentry). Ivanti has confirmed limited exploitation occurred prior to the disclosure… READ NOW Vi...
Shunichi Imano and James Slaughter at Fortinet
Ransomware Roundup - Retch and S.H.O. By Shunichi Imano and James Slaughter | September 21, 2023 On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the Retch and S.H...
InfoSec Write-ups
A STIX Report of Live Malicious IP — Criminal IPZeusCybersec·FollowPublished inInfoSec Write-ups·7 min read·Sep 12--2ListenShareA Detailed Report on STIX by Criminal IPIn this Article, I will put to test, the STIX API Integration of Criminal IP and practically show you how Powerful and Useful it is, by using it on a live Malicious IP address. If you are not yet familiar with Criminal IP or it’s STIX Integration, feel free to give a quick read to the articles which I am sharing below-Criminal-IP ...
Blue Team Operations : Educational Series (Part-1)Jay Vadhaiya·FollowPublished inInfoSec Write-ups·7 min read·Sep 12--ListenShareBlue team operations are all about protecting computer systems, networks, and information from cyber threats. Think of it as a defense team that works to keep the bad guys out. They do this by watching for signs of attack, fixing weaknesses, and responding to security breaches.//securitybeztabu.pl/The blue team works together with a red team, who acts like the bad guys...
Blue Team Operations : Educational SeriesEnhancing Cyber Defense Proficiency through Comprehensive Blue Team OperationsJay Vadhaiya·FollowPublished inInfoSec Write-ups·6 min read·Sep 7--ListenShare//www.sourcesecurity.com/Welcome to educational series of Blue Team Operations. In this series, we are going to explore different areas of Blue Teaming with some practical and theory base scenarios. I hope this series will help people who wants to start their career in Blue Team Operations.Here are lis...
Jan Geisbauer at Empty Datacenter
Posted on September 22, 2023 by Jan Geisbauer Leave a comment Hidden VNC attacks or HVNC are not new. In 2015 Marcus Hutchins wrote this post. What is this all about? You can programmatically create multiple desktops in windows by calling a kernel function (CreateDesktopA). A desktop is a securable object that contains, for example, windows from applications (more info here). Chrome for example is using a separate desktop for its sandbox (and so is edge now): Do not confuse those desktop kernel ...
Jouni Mikkola at “Threat hunting with hints of incident response”
September 16, 2023September 16, 2023JouniMi Post navigation RSS feed support in OpenCTI I haven’t been playing with the OpenCTI platform a lot since I first deployed it. I have a look at the data from time to time but haven’t had the time to create integrations. I just got back to this and started to look if the RSS feed ingestion has been added to the platform and it indeed seems to be the case. The RSS reader feature was added in 5.10.0 release which was released on 27.8.2023. I updated the do...
Justin De Luna at ‘The DFIR Spot’
Cloud Incident Response: Investigating AWS IncidentsLet’s change it up a bit. With the ever-evolving threat landscape and technology revolving around infrastructure, we have to talk about investigations regarding Cloud platforms, right? This will be a slightly unique discussion, as depending on your role, you may be involved in certain aspects of cloud IR. Whether you’re a contractor and learn a customer’s cloud environment on the fly or you’re reading this to understand how to better respond to...
Swachchhanda Shrawan Poudel at Logpoint
Luke Jenkins, Josh Atkins, and Dan Black at Mandiant
Blog Backchannel Diplomacy: APT29’s Rapidly Evolving Diplomatic Phishing OperationsLuke Jenkins, Josh Atkins, Dan Black Sep 21, 202321 min read | Last updated: Sep 22, 2023 Threat IntelligencephishingAdvanced Persistent Threats (APTs)Key InsightsAPT29’s pace of operations and emphasis on Ukraine increased in the first half of 2023 as Kyiv launched its counteroffensive, pointing to the SVR’s central role in collecting intelligence concerning the current pivotal phase of the war.During this period...
Marco Ramilli
Cyber Crime cybersecurity CyberTools malwareSeptember 23, 2023September 23, 2023 Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, enabling the malware to evade detection and removal attempts. U...
Gavriel Fried and Doron Karmi at Mitiga
ByGavriel FriedDoron KarmiThereâs been a recent surge in cloud ransomware attacks. Examples of such attacks were observed by Sophos X-Ops, which detected the ransomware group BlackCat/ALPHV using a new Sphinx encryptor variant to encrypt Azure storage accounts by employing stolen Azure Storage account keys. The BlackCat/ALPHV ransomware group is the same entity that claimed responsibility for infiltrating MGMâs infrastructure and encrypting more than 100 ESXi hypervisors. In this blog post, ...
MITRE-Engenuity
A Threat-Informed Approach to Prioritizing VulnerabilitiesMaggie MacAlpine·FollowPublished inMITRE-Engenuity·6 min read·4 days ago--ListenShareWritten by Maggie MacAlpine.Another day, another breaking news update about the latest system vulnerability, adding to the mass of hundreds, if not thousands of vulnerabilities that cybersecurity defenders need to manage and, ideally, patch every day. Given the complexity of modern IT environments, as well as the number and diversity of underlying systems...
ATT&CK® Evaluations Turla (2023): Exploring the Release Components and Navigating the New VisualizationsAmy L. Robertson·FollowPublished inMITRE-Engenuity·7 min read·4 days ago--ListenShareWritten by Amy L. Robertson and Sonny Day.The moment you’ve been waiting for has arrived — the results from the ATT&CK® Evaluations for Enterprise — Turla round are now available for exploration on the ATT&CK Evaluations website! You’ll also find the full Emulation Plan and all associated collateral readily ac...
Inside Out: Let’s build a community-sourced insider threat knowledge baseSuneel Sundar·FollowPublished inMITRE-Engenuity·4 min read·3 days ago--ListenShareWritten by Cassidy Olsen, Shelley Folk, and Suneel Sundar.Trusted insiders are one of the greatest assets and threats to any organization. They can wreak havoc on an organization without suspicion causing immeasurable damage to both the business and its reputation. Security operations centers (SOCs) and the networks they protect are often focu...
Palo Alto Networks
5,898 people reacted 9 10 min. read Share By Robert Falcone September 19, 2023 at 6:00 AM Category: Vulnerability Tags: Advanced URL Filtering, CVE-2023-25157, CVE-2023-40477, Proof of Concept, Remote Access Trojan, remote code execution, social engineering, VenomRAT, WildFire, WinRAR This post is also available in: 日本語 (Japanese)Executive Summary Researchers should be aware of threat actors repurposing older proof of concept (PoC) code to quickly craft a fake PoC for a newly released vulnerabil...
855 people reacted 2 8 min. read Share By Lior Rochberger, Tom Fakterman and Robert Falcone September 22, 2023 at 6:05 AM Category: Government Tags: Advanced URL Filtering, APT, backdoor, Behavioral Threat Protection, China Chopper, CL-STA-0046, Cortex XDR, Cortex XSIAM, DNS security, Gelsemium, threat actors, web shells, WildFire Executive Summary A cluster of threat actor activity that Unit 42 observed attacking a Southeast Asian government target could provide insight into a rarely seen, stea...
498 people reacted 2 12 min. read Share By Lior Rochberger, Tom Fakterman and Robert Falcone September 22, 2023 at 6:03 AM Category: Government Tags: backdoor, BRONZE PRESIDENT, CL-STA-0044, Cortex XDR, Cortex XSIAM, Earth Preta, Mustang Panda, RedDelta, Stately Taurus, TA416, threat actors, Threat Protection, web shells, WildFire Executive Summary An advanced persistent threat (APT) group suspected with moderate-high confidence to be Stately Taurus engaged in a number of cyberespionage intrusio...
405 people reacted 0 13 min. read Share By Lior Rochberger, Tom Fakterman and Robert Falcone September 22, 2023 at 6:02 AM Category: Government Tags: Advanced URL Filtering, Alloy Taurus, APT, Behavioral Threat Protection, CL-STA-0045, Cobalt Strike, Cortex XDR, Cortex XDR Pro, Cortex XSIAM, DNS security, GALLIUM, Lazagne, LOLBAS, Mimikatz, Softcell, threat actors, web shells, WildFire Executive Summary We observed a series of intrusions directed at a Southeast Asian government target, a cluster...
1,313 people reacted 4 6 min. read Share By Lior Rochberger, Tom Fakterman and Robert Falcone September 22, 2023 at 6:00 AM Category: Government Tags: Alloy Taurus, APTs, Behavioral Threat Protection, China Chopper, CL-STA-0044, CL-STA-0045, CL-STA-0046, Cobalt Strike, Cortex XDR, Cortex XSIAM, DNS security, GALLIUM, Gelsemium, Mustang Panda, Stately Taurus, threat actors, Threat Protection, web shells, WildFire Executive Summary In early 2023, Unit 42 researchers began investigating a series of...
Pete Bryan at Microsoft
Recorded Future
Posted: 19th September 2023By: Insikt Group Recorded Future's Insikt Group has conducted an analysis of a prolonged cyber-espionage campaign known as TAG-74, which is attributed to Chinese state-sponsored actors. TAG-74 primarily focuses on infiltrating South Korean academic, political, and government organizations. This group has been linked to Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government, military, and political entities in South K...
Red Alert
Monthly Threat Actor Group Intelligence Report, July 2023 (KOR) 2023년 6월 21일에서 2023년 7월 20일까지 NSHC ThreatRecon팀에서 수집한 데이터와 정보를 바탕으로 분석한 해킹 그룹(Threat Actor Group)들의 활동을 요약 정리한 내용이다. 이번 7월에는 총 25개의 해킹 그룹들의 활동이 확인되었으며, SectorA 그룹이 38%로 가장 많았으며, SectorC, SectorJ 그룹의 활동이 그 뒤를 이었다. 이번 7월에 발견된 해킹 그룹들의 해킹 활동은 정부기관과 국방 분야에 종사하는 관계자 또는 시스템들을 대상으로 가장 많은 공격을 수행했으며, 지역별로는 유럽(Europe)과 동아시아(East Asia)에 위치한 국가들을 대상으로 한 해킹 활동이 가장 많은 것으로 확인된다. 1. SectorA 그룹 활동 특징 2023년 7월에는 총 5개 해킹 그룹의 활동이 발견되었으며, 이들은 SectorA01, ...
Red Canary
Jason Downey at Red Siege Information Security
Miles Arkwright and James Tytler at S-RM Insights
Miles Arkwright, James Tytler 15 September 2023 15 September 2023 Miles Arkwright, James Tytler Tags cyber security ransomware cyber incident response data breach threat intelligence CYBER SECURITY INSIGHTS REPORT 2022 We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance. The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated b...
SANS Internet Storm Center
Internet Wide Multi VPN Search From Single /24 Network, (Mon, Sep 18th)
Obfuscated Scans for Older Adobe Experience Manager Vulnerabilities, (Tue, Sep 19th)
Scanning for Laravel – a PHP Framework for Web Artisants, (Sat, Sep 23rd)
Tom Hegel at SentinelOne
Tom Hegel / September 21, 2023 Executive Summary SentinelLabs observes sustained tasking towards strategic intrusions by Chinese threat actors in Africa, designed to extend influence throughout the continent. New attacks include those against telecommunication, finance and government, attributed to the BackdoorDiplomacy APT and the threat group orchestrating Operation Tainted Love. China’s engagement in soft power diplomacy has a lengthy history, yet the use of strategic cyber intrusions highlig...
Sean Gallagher at Sophos
Liquidity mining scam puts cruel new spin on Chinese cryptocurrency fraud, with a dash of AI chat Written by Sean Gallagher September 18, 2023 Threat Research cryptocurrency scams featured liquidity mining ShaZhuPan Sophos X-Ops Crypto fraud has become the dominant form of Internet-based confidence schemes over the past three years, as demonstrated by the sha zhu pan (“pig butchering”) scams we recently investigated. But one variant has been growing at a particularly rapid pace: fake “liquidity ...
Splunk
Share: By Tamara Chacon September 18, 2023 Using metadata and tstats to quickly establish situational awareness So you want to hunt, eh? Well my young padwa…hold on. As a Splunk Jedi once told me, you have to first go slow to go fast. What do I mean by that? Well, if you rush into threat hunting and start slinging SPL indiscriminately, you risk creating gaps in your investigation. What gaps might those be? As a wise man once said, Know thy network. Actually — in this case — know your network and...
Share: By Tamara Chacon September 18, 2023 If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information. When I say stats, I ...
Share: By Michael Haag September 22, 2023 On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like...
Puja Srivastava at Sucuri
Alessandro Brucato at Sysdig
System Weakness
Python hacker by IA “eyes”SummaryThe NIST Cybersecurity Framework (NIST CSF) is a set of guidelines developed to improve cybersecurity risk management and to protect computer systems. NIST core competencies are aligned with the 5 NIST functions: Identify, Protect, Detect, Respond and Recover.This article is about how to concretely mitigate, isolate and gather info about the attacker and the attack after it succeeded. Working on the respond domain, we’ll explore practically using a use case how t...
SOC131 EventID:67— Reverse TCP Backdoor Detected — letsdefend.ioEnes Adışen·FollowPublished inSystem Weakness·5 min read·Sep 14--ListenShareLet’s start with alert report.EventID :67Event Time :Mar, 01, 2021, 03:15 PMRule :SOC131 - Reverse TCP Backdoor DetectedLevel :Security AnalystSource Address :172.16.17.14Source Hostname :MikeComputerFile Name :msi.batFile Hash :3dc649bc1be6f4881d386e679b7b60c8File Size :2,12 KBDevice Action :CleanedSecurity Operations Center (SOC) detected a concerning even...
Gowthamaraj Rajendran (@fuffsec)·FollowPublished inSystem Weakness·6 min read·Sep 12--ListenShareSourceHello Smart hackers, Welcome back to my new blog, I hope you all are well!!In this blog, we are going to discuss Cross-Origin Attacks and Their Prevention.Please, read this article until the end.Before start writing the blog, I have such a small request for all of you, I always write articles on many. So if you didn’t follow, then follow me first and clap on this article, because that gives me ...
Idan Amos·FollowPublished inSystem Weakness·4 min read·Sep 14--ListenShareHold onto your keyboards because TryHackMe has just unveiled its latest gem — the Security Engineer Path. In a digital era rife with threats, Security Engineers are the unsung heroes. They design robust systems, defend networks, and decode the language of vulnerabilities. This path, a new addition to TryHackMe’s arsenal, promises an exciting journey through the world of security engineering, regardless of your prior knowle...
Open in appSign upSign InWriteSign upSign InThreat Hunting — (Threat Intelligence)Gowthamaraj Rajendran (@fuffsec)·FollowPublished inSystem Weakness·6 min read·Feb 13--ListenShare//static.fandomspot.com/images/08/8399/00-featured-senkuu-dr-stone-anime.jpgThreat hunting is a proactive security technique that actively searches for potential threats and vulnerabilities within a network. This approach is used by security professionals to identify potential threats and mitigate them before they can c...
Srivathsa Sharma at Trend Micro
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group. By: Srivathsa Sharma September 22, 2023 Read time: ( words) Save to Folio Subscribe In this blog entry, we examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group...
Adam Chester at TrustedSec
Okta for Red Teamers September 18, 2023 By Adam Chester in Red Team Adversarial Attack Simulation For a long time, Red Teamers have been preaching the mantra “Don’t make Domain Admin the goal of the assessment” and it appears that customers are listening. Now, you’re much more likely to see objectives focused on services critical to an organization, with many being hosted in the cloud. With this shift in delegating some of the security burden to cloud services, it’s commonplace to find Identity ...
Joseliyo Sánchez at VirusTotal
Popular Posts An update from VirusTotal Our goal is simple: to help keep you safe on the web. And we’ve worked hard to ensure that the services we offer continually improve. But as... Introducing VirusTotal Code Insight: Empowering threat analysis with generative AI At the RSA Conference 2023 today, we are excited to unveil VirusTotal Code Insight, a cutting-edge feature that leverages artificial intelli... VT4Browsers++ Any indicator, every detail, anywhere TL;DR: VirusTotal’s browser extension...
Callum Roxan, Paul Rascagneres, and Thomas Lancaster at Volexity
September 22, 2023 by Callum Roxan, Paul Rascagneres, Thomas Lancaster Facebook Twitter Email Volexity has identified several long-running and currently active campaigns undertaken by the threat actor Volexity tracks as EvilBamboo (formerly named Evil Eye) targeting Tibetan, Uyghur, and Taiwanese individuals and organizations. These targets represent three of the Five Poisonous Groups of Chinese Communist Party (CCP). Volexity has tracked the activities of EvilBamboo for more than five years and...
WeLiveSecurity
ESET researchers document OilRig’s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022 Zuzana HromcováAdam Burgher 21 Sep 2023 • , 22 min. read ESET researchers have analyzed two campaigns by the OilRig APT group: Outer Space (2021), and Juicy Mix (2022). Both of these cyberespionage campaigns targeted Israeli organizations exclusively, which is in line with the group’s focus on the Middle East, and used the same playbook: OilRig first compromised a legitimate w...
Yuca
Automating Identification of Actor Procedural Level Details in OSINT Blogs: How AI-Powered Tools Streamline MITRE ATT&CK Procedural Technique Analysis and Threat ProfilingYUCA·Follow6 min read·6 days ago--ListenShareTLDR: As cybercriminals are starting to use GPT capabilities for malicious purposes such as WormGPT. Defenders need to start adapting to the change and leverage these AI models too. As such, I created a tool dubbed MITREATT&CKProceduralGPT to support one of the big problems regarding...
ZScaler
MALLIKARJUN PIDDANNAVAR - Sr. Security ResearcherAugust 22, 2023 - 13 min read Security InsightsContentsArticleMore blogsCopy URLCopy URLIntroductionAgniane Stealer fraudulently takes credentials, system information, and session details from browsers, tokens, and file transferring tools. Agniane Stealer also heavily targets cryptocurrency extensions and wallets. Once it obtains the sensitive data, Agniane Stealer transfers that stolen data to command-and-control [C&C] servers, where threat actor...
Ransomware Attacks on Gaming Industry - A CISO PerspectiveDEEPEN DESAI - Global CISOSeptember 19, 2023 - 11 min read Security InsightsContentsIntroductionKey TakeawaysAttack Vectors and TTPsSuspected Threat ActorsHackers Leverage Multiple Trending TechniquesHow to Defend Against Ransomware AttacksRansomware Best Practices and MitigationConclusionMore blogsCopy URLCopy URLIntroductionThe gaming industry is experiencing a surge in cyber attacks because of its vast reservoirs of sensitive customer ...
