Cybercrime Getting More Sophisticated: How to Protect Your Business?

Can it happen to us? Are we ready to combat a cyberattack? All over the world, security officers have been fielding these questions from CEOs and the Board of Directors in the wake of large, high-profile cyberattacks. Yes, is the honest answer when attackers have continuously expanded their...

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections

Trellix Global Defenders: LAPSUS$ Data Breaches and Proactive Protections By Taylor Mullins · March 23, 2022 Trellix is continuing to monitor the threat activity related to the LAPSUS$ threat group and their recent breaches of large organizations such as NVIDIA, Samsung, Microsoft, and Okta. This...

Mitigation of Supply Chain Risks in Microsoft 365

In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...

Kaspersky Managed Detection and Response: interesting cases

Kaspersky Managed Detection and Response MDR provides advanced protection against the growing number of threats that bypass automatic security barriers. Its capabilities are backed by a high-professional team of security analysts operating all over the world. Each suspicious security event is...

On-Demand Webinar: Into the Cryptoverse

In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream. This is undoubtedly a...

Sharing the first SimuLand dataset to expedite research and learn about adversary tradecraft

Last month, we introduced the SimuLand project to help security researchers around the world deploy lab environments to reproduce well-known attack scenarios, actively test detections, and learn more about the underlying behavior and implementation of adversary techniques. Since the release of th...

REvil Ransomware gang behind the Kaseya VSA Supply-Chain attack

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The REvil ransomware group was successful in carrying out a supply chain attack by exploiting the zero-day vulnerability CVE-2021-30116 in the Kaseya VSA server and delivering a malicious script to all the computer devices...

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the...

Carbanak and FIN7 Attack Techniques

What happens in Carbanak and FIN7 attacks? Here are some techniques used by these financially motivated threat groups that target banks, retail stores, and other establishments...

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous...

Unified SaaS Application Security, Detection, and Response

Organizations are rapidly embracing Software as a Service SaaS applications for scalability, ease & flexibility of use, and the benefits of not using their own infrastructure. To maintain their focus on business objectives during the new ‘remote workforce normalcy’, organizations have fast-tracke...

Simplifying Proactive Defense With Threat Playbooks

Security defense strategy can be extremely complex, with security teams grappling with tens of thousands of information points and evolving attacker techniques, said Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs. Derek Manky FortiGuard Labs has...

CrimeOps of the KashmirBlack Botnet – Part I

Introduction Being in a research team exposes us to a variety of attacks on different platforms, of different types, scope, and volume. It also gives us the opportunity to select particularly interesting attacks that target our customers and to analyze them. This blog will give you a taste of the...

Microsoft Security—detecting empires in the cloud

Microsoft consistently tracks the most advanced threat actors and evolving attack techniques. We use these findings to harden our products and platform and share them with the security community to help defenders everywhere better protect the planet. Recently, the Microsoft Threat Intelligence...

Report Looks at COVID-19’s Massive Impact on Cybersecurity

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the COVID-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to COVID-19. Of course, malicious downloads would be COVID-19 related...

New Report Explains COVID-19's Impact on Cyber Security

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks. Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is...

Product Overview: Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

We have all heard of the “cybersecurity skills gap” – the inability of firms to hire and retain high-level cybersecurity talent. This gap has been manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, compani...

Prometei botnet and its quest for Monero

By Vanja Svajcer. NEWS SUMMARYWe are used to ransomware attacks and big-game hunting making the headlines, but there are still methods adversaries use to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack we're calling "Prometei"...

MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats

As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...

Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)

On March 10, 2020 analysis of a SMB vulnerability was inadvertently shared, under the assumption that Microsoft was releasing a patch for that vulnerability CVE-2020-0796. As of March 12, Microsoft has since released a patch for CVE-2020-0796, which is a vulnerability specifically affecting SMB3...