77 matches found
-=TWELVE=- is back
In the spring of 2024, posts with real people's personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that...
New details on TinyTurla’s post-compromise activity reveal full kill chain
Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG TTNG implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures TTPs...
Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security
Rapid cloud and SaaS adoption is driving digital transformation thats reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection platfo...
Modern Asian APT groups’ tactics, techniques and procedures (TTPs)
Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...
Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise
Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...
From Malvertising to Ransomware: A ThreatDown webinar recap
Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising--the practice of embedding malicious code within legitimate online advertisements--and the epidemic of ransomware attacks affecting businesses globally. Presented by Mark Stockley, security...
Effective Vulnerability Management with Stakeholder Specific Vulnerability Categorization (SSVC) and Qualys TruRisk
Security stakeholders across the globe have long relied on the Common Vulnerability Scoring System CVSS to prioritize vulnerabilities and assess their risk posture. The reason why the CVSS has become the standard for many security and vulnerability management teams alike is that this method is ea...
Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data
Hundreds of databases on Amazon Relational Database Service Amazon RDS are exposing personal identifiable information PII, new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the...
Product Explained: Stellar Cyber Open XDR Platform
Almost every vendor, from email gateway companies to developers of threat intelligence platforms, is positioning themselves as an XDR player. But unfortunately, the noise around XDR makes it harder for buyers to find solutions that might be right for them or, more importantly, avoid ones that don...
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group,...
Imperva Adds Active Attack Detection to its Data Security Platform
Protecting the data perimeter Organizations are in constant pursuit of technology that provides rapid insight into threats. Early visibility, in combination with context-rich alerting and efficient incident response workflows, streamline threat containment and remediation efforts. Identifying...
Human Fraud: Detecting Them Before They Detect You
This is Part II of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part I, please click here. In my last blog, we focused on the initial phases of the account-takeover ATO kill chain – recon, weaponization and delivery – and how attackers...
‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast
Systems actively encrypted? Are they showing a screen that says “pay the ransom?” Too late: At that point, you’re probably toast. A few options, none great: 1. The painful and problematic process of recovery-via-backups if you have them and they work. You’ve tested them, right? No? Sorry: You can...
Data Exfiltration: What You Should Know to Prevent It
In today’s digitally driven era, data is the most critical component of a business. Companies are collecting more data than ever before, and constantly enhancing their operations through data-driven decisions. As a result, data leaks are a serious concern for companies of all sizes; if one occurs...
Kill Chains: Part 3→What’s Next
Life, the Universe, and Kill Chains As the final entry in this blog series, we want to quickly recap what we have previously discussed and also look into the possible future of kill chains. If you haven’t already done so, please make sure to read the previous 2 entries in this series: Kill chains...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Strategies, tools, and frameworks for building an effective threat intelligence team
How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...
Kill chains: Part 1→Strategic and operational value
It really is a good thing The term “kill chain” sounds extremely harsh. Almost as if after something is killed, it gets moved down the chain to be killed again. How dramatic! Indeed, the original definition was to describe how an enemy combatant of the military might attack; that is, the steps th...