Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-07-25 13:08:08 |
Coucoo Spear & # 8211;le dernier acteur de menace nationale ciblant les entreprises japonaises Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies (lien direct) |
Les menaces de cybersécurité hautement sophistiquées, bien financées et à motivation stratégique sont complexes et difficiles, nécessitant des mesures de cybersécurité avancées, une intelligence des menaces et une coopération internationale.Les agences gouvernementales ou les groupes parrainés par l'État se livrent à des cyberattaques pour diverses raisons, notamment l'espionnage, le sabotage ou pour l'influence politique. & NBSP;
Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. Government agencies or state-sponsored groups, are engaging in cyber-attacks for various reasons, including espionage, sabotage, or for political influence. |
Threat
|
|
★★★
|
|
2024-07-10 14:12:01 |
Durcissement de bit dur Hardening of HardBit (lien direct) |
|
Threat
|
|
★★★
|
|
2024-06-25 17:01:23 |
Je suis gluant (chargeur) I am Goot (Loader) (lien direct) |
|
Threat
|
|
★★★
|
|
2024-05-29 16:12:47 |
Alerte de menace: la porte dérobée XZ - fournit des chaînes dans votre SSH THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH (lien direct) |
|
Threat
|
|
★★
|
|
2024-05-06 16:15:31 |
Derrière les portes fermées: la montée de l'accès à distance malveillant caché Behind Closed Doors: The Rise of Hidden Malicious Remote Access (lien direct) |
|
Threat
|
|
★★★
|
|
2024-04-23 13:17:04 |
Podcast de vie malveillante: le Y2K Bug Pt.2 Malicious Life Podcast: The Y2K Bug Pt. 2 (lien direct) |
In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer\'s life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat. |
Threat
|
|
★★★
|
|
2024-03-26 14:39:15 |
Alerte de menace: les conséquences de la violation Anydesk Threat Alert: The Anydesk Breach Aftermath (lien direct) |
Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat
Vulnerability
|
|
★★★
|
|
2024-03-25 03:28:07 |
L'évolution de la cyberisoire pour perturber au-delà du marché Siem et XDR Cybereason\\'s evolution to disrupt beyond SIEM and XDR market (lien direct) |
Aujourd'hui, les entreprises accélèrent pour investir dans la numérisation pour rester en avance sur la concurrence.Ils rencontrent de plus en plus un paysage en évolution des menaces et des défis de sécurité complexes - avec plus de charges de travail dans des nuages multiples, plus de main-d'œuvre dans des environnements hybrides et des appareils plus intelligents liés dans les opérations critiques de la mission.Ce parcours de transformation est exacerbé par une augmentation exponentielle des ressources de calcul, des volumes de données et des outils de sécurité, ce qui fait augmenter le coût du stockage, de la gestion et de l'analyse des données à des fins de sécurité.
Today enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by exponential increase in compute resources, data volumes and security tooling, driving up the cost of storing, managing and analyzing the data for security purposes. |
Threat
|
|
★★
|
|
2024-03-13 14:50:52 |
Méfiez-vous des messagers, exploitant la vulnérabilité activeMQ Beware of the Messengers, Exploiting ActiveMQ Vulnerability (lien direct) |
Cybearason Security Services Problème des rapports d'analyse des menaces pour informer sur l'impact des menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat
Vulnerability
|
|
★★
|
|
2024-03-05 14:41:54 |
Débloquer Snake - Python InfostEaler qui se cache à travers les services de messagerie Unboxing Snake - Python Infostealer Lurking Through Messaging Services (lien direct) |
Les services de sécurité de la cyberison des problèmes d'analyse des menaces pour informer les menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat
|
|
★★
|
|
2024-02-12 16:37:24 |
De Cracked à piraté: les logiciels malveillants se propagent via des vidéos YouTube From Cracked to Hacked: Malware Spread via YouTube Videos (lien direct) |
Ce rapport d'analyse des menaces se plongera dans les comptes YouTube compromis utilisés comme vecteur pour la propagation des logiciels malveillants.Il décrira comment ce vecteur d'attaque est exploité pour les campagnes à faible combustion et à faible coût, mettant en évidence les stratégies utilisées par les acteurs de la menace et comment les défenseurs peuvent détecter et prévenir ces attaques. & NBSP;
This Threat Analysis Report will delve into compromised YouTube accounts being used as a vector for the spread of malware. It will outline how this attack vector is exploited for low-burn, low-cost campaigns, highlighting strategies used by threat actors and how defenders can detect and prevent these attacks. |
Threat
Malware
|
|
★★★
|
|
2024-02-06 04:35:35 |
Alerte de menace: Ivanti Connect Secure VPN Zero-Day Exploitation THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation (lien direct) |
Cybereason Issues Menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris des vulnérabilités critiques telles que l'exploitation Ivanti Secure VPN Zero-Day.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities such as the Ivanti Connect Secure VPN Zero-Day exploitation. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat
Vulnerability
|
|
★★
|
|
2024-01-29 15:39:52 |
THREAT ALERT: DarkGate Loader (lien direct) |
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat
|
|
★★★
|
|
2023-12-18 16:09:11 |
Alerte de menace: Citriced (CVE-2023-4966) THREAT ALERT: CITRIXBLEED (CVE-2023-4966) (lien direct) |
|
Threat
|
|
★★
|
|
2023-11-28 15:41:00 |
Alerte de menace: variante DJVU livrée par le chargeur se faisant passer pour un logiciel gratuit THREAT ALERT: DJvu Variant Delivered by Loader Masquerading as Freeware (lien direct) |
|
Threat
|
|
★★★
|
|
2023-11-20 18:11:31 |
Alerte de menace: Ransomware INC THREAT ALERT: INC Ransomware (lien direct) |
|
Threat
Ransomware
|
|
★★★
|
|
2023-10-06 17:53:23 |
Analyse des menaces: prendre des raccourcis… en utilisant des fichiers LNK pour l'infection initiale et la persistance THREAT ANALYSIS: Taking Shortcuts… Using LNK Files for Initial Infection and Persistence (lien direct) |
|
Threat
|
|
★★★
|
|
2023-09-20 13:10:48 |
La cyberison établit la nouvelle norme de l'industrie en 2023 Évaluations de Mitre ATT & CK: Enterprise Cybereason Sets the New Industry Standard in 2023 MITRE ATT&CK Evaluations: Enterprise (lien direct) |
Fresh Off the Press: Les résultats de la 2023 MITER ENNÉNUITION ATT & AMP; CK & reg; Évaluations: Entreprise ont été publiés, mettant 30 solutions de sécurité au test dans des scénarios réels qui imitent l'acteur de la menace Turla.
Fresh off the press: the results of the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise have been published, putting 30 security solutions to the test in real world scenarios that mimic the Turla threat actor. |
Threat
|
|
★★
|
|
2023-08-21 20:45:00 |
Analyse des menaces: assembler Lockbit 3.0 THREAT ANALYSIS: Assemble LockBit 3.0 (lien direct) |
|
Threat
|
|
★★
|
|
2023-04-26 14:16:20 |
La cyberréason annonce la chasse et l'enquête unifiées aux menaces Cybereason Announces Unified Threat Hunting and Investigation (lien direct) |
La cyberréasie est ravie d'annoncer un développement significatif dans son approche pour stocker des données de chasse à long terme (télémétrie collectée par nos capteurs pas \\ 'Données bénignes \' détectées par et liées à un malveillantOpération, ou |
Threat
|
|
★★
|
|
2023-02-07 18:17:40 |
THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise (lien direct) |
The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of GootLoader through heavily-obfuscated JavaScript files. In addition to the new techniques used to load GootLoader, Cybereason also observed Cobalt Strike deployment, which leveraged DLL Hijacking, on top of a VLC MediaPlayer executable.
|
Threat
Guideline
|
|
★★★
|
|
2023-01-19 13:00:00 |
Sliver C2 Leveraged by Many Threat Actors (lien direct) |
What you need to know about this attack framework before it replaces Cobalt Strike
|
Threat
|
|
★★★★★
|
|
2023-01-10 12:00:00 |
THREAT ANALYSIS: From IcedID to Domain Compromise (lien direct) |
BACKGROUND
In this Threat Analysis report, the Cybereason team investigates a recent IcedID infection that illustrates the tactics, techniques, and procedures (TTPs) used in a recent campaign. IcedID, also known as BokBot, is traditionally known as a banking trojan used to steal financial information from its victims. It has been around since at least 2017 and has been tied to the threat group TA551. |
Threat
|
|
★★★★
|
|
2022-12-05 06:00:00 |
Threat Analysis: MSI - Masquerading as a Software Installer (lien direct) |
|
Threat
Threat
|
|
★★★
|
|
2022-12-01 11:00:00 |
Nine Cybersecurity Predictions for 2023 (lien direct) |
In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organizations worldwide. The cyber gang Conti with Russian-linked ties managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor. |
Threat
Ransomware
|
|
★★★
|
|
2022-11-29 16:09:58 |
Malicious Life Podcast: How to NOT Build a Cybersecurity Startup (lien direct) |
When it was founded in 2011, Norse Corp.-which described itself as "the world's largest dedicated threat intelligence network"-had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millions of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.? |
Threat
|
|
★★★
|
|
2022-10-21 12:00:00 |
THREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used (lien direct) |
This Threat Analysis Report is part of the Purple Team Series. In this series, the Managed Detection and Response (MDR) and Threat Intelligence teams from the Cybereason Global Security Operations Center (GSOC) explore widely used attack techniques, outline how threat actors leverage these techniques, describe how to reproduce an attack, and report how defenders can detect and prevent these attacks. |
Threat
|
|
|
|
2022-08-31 14:41:39 |
The Importance of Actionable Threat Intelligence (lien direct) |
|
Threat
|
|
|
|
2022-08-19 14:57:16 |
THREAT ALERT: Inside the Redeemer 2.0 Ransomware (lien direct) |
The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. In this article, the Cybereason Research team exposes Redeemer 2.0, an updated version of the original ransomware. |
Threat
Ransomware
|
|
|
|
2022-07-07 14:02:10 |
(Déjà vu) THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices (lien direct) |
The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat
|
|
|
|
2022-07-07 13:25:56 |
What\'s New with Ransomware Gangs? (lien direct) |
The looming threat of new ransomware models was the top concern of executives in the fall of 2021, reported Gartner. Less than a year later, organizations find themselves facing an escalation of that very threat. |
Threat
Ransomware
|
|
|
|
2022-06-07 10:00:00 |
Report: Ransomware Attacks and the True Cost to Business 2022 (lien direct) |
Ransomware continues to dominate the threat landscape in 2022. Organizations are under siege from a wide variety of threats, but ransomware offers threat actors a unique combination of very low risk with very high reward-which is why the volume of ransomware attacks nearly doubled from the previous year, and the total cost of ransomware was estimated to exceed $20 billion. |
Threat
Ransomware
|
|
|
|
2022-06-03 13:10:32 |
(Déjà vu) Webinar June 30th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Threat
Ransomware
|
|
|
|
2022-05-16 17:03:08 |
Achieve Faster, More Accurate Response with Cybereason Threat Intelligence (lien direct) |
|
Threat
|
|
|
|
2022-05-16 13:26:55 |
(Déjà vu) Webinar June 2nd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Threat
Ransomware
|
|
|
|
2022-05-12 15:54:00 |
Russia Is Waging Cyberwar–with Little Success (lien direct) |
The atrocities taking place in Ukraine are truly tragic. It is personal to me. I've had the opportunity to work alongside cyber experts in Ukraine–providing time and resources over the years to help with cyber deterrence, and I watched anxiously as tensions escalated earlier this year. Russia may have launched its physical invasion of its neighbor on February 24, but Russia and threat actors aligned with Russia have been targeting Ukraine with cyberattacks for years. |
Threat
|
|
★★★★
|
|
2022-05-09 12:40:12 |
How Do Ransomware Attacks Impact Victim Organizations\' Stock? (lien direct) |
Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand under the assumption it will return business operations to normal–ultimately encouraging more attacks–and we have a big problem with no easy remedies. |
Threat
Ransomware
|
|
★★★
|
|
2022-05-02 18:35:55 |
(Déjà vu) Webinar May 12th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Threat
Ransomware
|
|
|
|
2022-04-25 11:47:39 |
(Déjà vu) THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (lien direct) |
The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat
|
|
|
|
2022-04-13 15:38:18 |
Webinar April 26th: Profile of the Dark Economy of Ransomware (lien direct) |
Ransomware operators have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises. |
Threat
Ransomware
|
|
|
|
2022-04-01 05:00:00 |
(Déjà vu) Webinar April 14th: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response.
Join this session to learn more about how mature security teams can more effectively manage a modern ransomware operation and avoid a system-wide takeover by bad actors - delivered through a step-by-step walkthrough of an attack:
Why ransomware continues to evolve & common delivery methods
The differences and similarities between ransomware and other forms of malware
Common methods attackers use to escalate their operations
Reliable techniques Defenders can use to end active ransomware operators in their environments
|
Threat
Ransomware
|
|
|
|
2022-03-31 20:07:58 |
Cybereason Excels in the 2022 MITRE ATT&CK® Evaluations: 100% Prevention, Visibility and Real-Time Protection (lien direct) |
The MITRE Engenuity ATT&CK® Evaluations for Enterprise has quickly become the de facto authority for measuring the effectiveness of security solutions against real world scenarios that mimic advanced persistent threat attack progressions. |
Threat
|
|
|
|
2022-03-28 15:00:25 |
MITRE ATT&CK: Wizard Spider and Sandworm Evaluations Explained (lien direct) |
Later this week MITRE Engenuity will be releasing the results from their fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. In this article, we'll review why MITRE is the preeminent organization providing third-party evaluations of vendor solutions, and the key metrics to look for when evaluating the effectiveness of a solution. |
Threat
|
|
|
|
2022-03-25 20:02:36 |
Webinar April 7th: 2021 MITRE ATT&CK Evaluations Explained (lien direct) |
The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks. |
Threat
Ransomware
|
NotPetya
NotPetya
|
|
|
2022-03-23 12:59:50 |
AI-Driven XDR: Defeating the Most Complex Attack Sequences (lien direct) |
What is an AI-driven XDR solution? AI-driven Extended Detection and Response (XDR) is a specific approach for advanced threat detection and automated response. AI-driven XDR extends continuous threat detection and monitoring across an organization's endpoints, cloud workloads, applications, and the network. |
Threat
|
|
|
|
2022-03-22 15:40:28 |
Authentication Platform Okta Investigates Alleged Breach (lien direct) |
Authentication platform Okta is reportedly investigating a potential breach after threat actors under the moniker Lapsus$ posted screenshots allegedly showing they had gained access to the company's internal environment. If confirmed, the attack could put the security of Okta's customers at risk. |
Threat
|
|
|
|
2022-03-22 13:15:00 |
Cybereason vs. Carbon Black: Why Delayed Detections Matter (lien direct) |
The U.S. Treasury Department estimates that U.S. companies have paid $1.6 billion in ransomware attacks since 2011. Given the lucrative nature of ransomware attacks, the threat shows no signs of diminishing.
In fact, the ransomware threat is constantly changing and evolving as attackers use more and more sophisticated techniques and vulnerabilities to gain access to organizations' data and networks. |
Threat
Ransomware
|
|
|
|
2022-03-17 13:50:48 |
Enriching Raw Telemetry with the Cybereason Historical Data Lake (lien direct) |
Regardless of whether you are performing Threat Hunting across your most recent dataset or your long-term historical datasets, an important dimension to your data is the enrichment and contextualization process.
Contextual data provides the Threat Hunter (“hunter”) with additional data points and a more complete picture of the activity, allowing them to make more informed decisions about whether the activity should be investigated further or disregarded. |
Threat
|
|
|
|
2022-03-16 12:43:23 |
Leveraging the X in XDR: Correlating Across Multiple Sources of Telemetry (lien direct) |
Several trends are driving Managed Detection and Response (MDR) adoption as a viable alternative for organizations that don't necessarily have the resources on-hand to conduct intense threat hunting internally. The MDR market is expected to reach over $7 billion by 2028. That's up from $974.9 million in 2020, per Big News Network. |
Threat
|
|
|
|
2022-03-16 12:33:41 |
Webinar March 29th: Assessing the Cyberattack Risk in the Russia-Ukraine Conflict (lien direct) |
The situation in Ukraine continues to be tenuous, and global intelligence sources are advising that the threat of Russian state-sponsored and state-condoned attacks targeting Western nations and organizations remains high. Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive…yet. |
Threat
|
|
|