162 matches found
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA, Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat APT activity...
#StopRansomware: Vice Society
Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques,...
#StopRansomware: Vice Society
Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize and remediate known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: This joint Cybersecurity Advisory CSA is part of an...
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Microsoft has observed the Sliver command-and-control C2 framework now being adopted and integrated in intrusion campaigns by nation-state threat actors, cybercrime groups directly supporting ransomware and extortion, and other threat actors to evade detection. We’ve seen these actors use Sliver...
Demystifying Qbot Malware
Demystifying Qbot Malware By Adithya Chandra and Sushant Kumar Arya · August 24, 2022 Executive summary The Trellix SecOps Team has observed an uptick in the Qbot malware infections in recent months. Qbot has been an active threat for over 14 years and continues to evolve, adopting new infection...
CISA and FBI issue alert about Zeppelin ransomware
The Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA have released a joint Cybersecurity Advisory CSA about Zeppelin ransomware. The advisory contains indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with...
Vulnerabilities & Threats that Matter 08 – 14th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 563 14 3 69 08 71 For a detailed threat digest, download the pdf file here Summary The second week of August 2022 witnessed the discovery of 563 vulnerabilities out of whi...
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures TTPs, including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team,...
Vulnerabilities & Threats that Matter 01 – 07th Aug
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 461 12 1 60 30 26 For a detailed threat digest, download the pdf file here Summary The first week of August 2022 witnessed the discovery of 461 vulnerabilities out of whic...
Vulnerabilities & Threats that Matter 25 – 31st July
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 462 7 4 52 22 64 For a detailed threat digest, download the pdf file here Summary The Last week of July 2022 witnessed the discovery of 462 vulnerabilities out of which 7...
Vulnerabilities & Threats that Matter 18 – 24th July
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 497 11 2 Worldwide 6 33 For a detailed threat digest, download the pdf file here Summary The third week of July 2022 witnessed the discovery of 497 vulnerabilities out of...
Vulnerabilities & Threats that Matter 11-17 July 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 580 37 2 World-wide 11 61 For a detailed threat digest, download the pdf file here Summary The second week of July 2022 witnessed the discovery of 580 vulnerabilities out ...
North Korean APT targets US healthcare sector with Maui ransomware
State-sponsored North Korean threat actors have been targeting the US Healthcare and Public Health HPH sector for the past year using the Maui ransomware, according to a joint cybersecurity advisory CSA from the FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Department of the...
Vulnerabilities & Threats that Matter 20 June – 26 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 413 14 4 121 19 33 For a detailed threat digest, download the pdf file here Summary The last week of June 2022 witnessed the discovery of 413 vulnerabilities out of which ...
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
These days ransomware analysis gets a lot of coverage in commercial and public reports, with vendors issuing dozens of ransomware-related publications each year. These reports provide analysis on specific malware families or new samples, describe the activities of a particular ransomware group,...
Vulnerabilities & Threats that Matter 13 June – 19 June 2022
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 798 53 1 109 4 13 For a detailed threat digest, download the pdf file here Summary The first week of June 2022 witnessed the discovery of 798 vulnerabilities out of which ...
New Qualys Research Report: Inside a Redline InfoStealer Campaign
The Qualys Threat Research Team continues its efforts to identify and document previously unseen adversary activity to better understand their tactics, techniques, and procedures TTPs and defend against them. Recently we identified a new Redline InfoStealer campaign that spreads via fake cracked...
The many lives of BlackCat ransomware
The BlackCat ransomware, also known as ALPHV, is a prevalent threat and a prime example of the growing ransomware-as-a-service RaaS gig economy. It’s noteworthy due to its unconventional programming language Rust, multiple target devices and possible entry points, and affiliation with prolific...
Growling Bears Make Thunderous Noise
Growling Bears Make Thunderous Noise By Trellix · June 6, 2022 Per public attribution, Russian cybercriminal groups have always been active. Their tactics, techniques, and procedures TTPs have not significantly evolved over time, although some changes have been observed. Lately, the threat...
Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
Summary Update June 2, 2022: This Cybersecurity Advisory CSA has been updated with additional indicators of compromise IOCs and detection signatures, as well as tactics, techniques, and procedures TTPs from trusted third parties. Update End The Cybersecurity and Infrastructure Security Agency CIS...