What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-29 10:22:00 | Tendances d'attaque: les cyberattaques basées sur le cloud et la montée des méthodes d'accès initiales alternatives Attack trends: Cloud-Based Cyber-Attacks and the Rise of Alternative Initial Access Methods (lien direct) |
Utilisation des données du rapport de menace de fin d'année de DarkTrace \\ Ce blog détaille comment les cyberattaquants utilisent de plus en plus des services basés sur le cloud, notamment Dropbox et Microsoft 365 pour contourner furtivement la détection par des solutions de sécurité par e-mail traditionnelles.
Using data from Darktrace\'s End of Year Threat Report 2023 this blog details how cyber attackers are increasingly using cloud-based services including Dropbox and Microsoft 365 to stealthily bypass detection by traditional email security solutions. |
Threat | ★★ | |
|
2024-04-23 15:29:00 | L'état de l'IA en cybersécurité: comment l'IA aura un impact sur le paysage cyber-menace en 2024 The State of AI in Cybersecurity: How AI will impact the cyber threat landscape in 2024 (lien direct) |
Partie 2: Ce blog traite de l'impact de l'IA sur le paysage cyber-menace basé sur les données du rapport de la cybersécurité de l'état de DarkTrace \\.Obtenez les dernières informations sur les défis évolutifs auxquels sont confrontés les organisations, la demande croissante de professionnels qualifiés et la nécessité de solutions de sécurité intégrées.
Part 2: This blog discusses the impact of AI on the cyber threat landscape based on data from Darktrace\'s State of AI Cybersecurity Report. Get the latest insights into the evolving challenges faced by organizations, the growing demand for skilled professionals, and the need for integrated security solutions. |
Threat | ★★★ | |
|
2023-10-26 13:08:32 | Sellen Construction \\'builds great\\' with Darktrace and Microsoft (lien direct) | Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business.
Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business. |
Threat Cloud | ★★ | |
|
2023-10-26 13:08:32 | Exploring a crypto-mining campaign which used the Log4j vulnerability (lien direct) | This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation.
This blog analyzes a campaign-like pattern detected by Darktrace across multiple customers and industries which used the Log4j vulnerability to exploit compromised systems for crypto-mining, highlighting the multi-stage attack from initial C2 contact through payload retrieval to successful crypto-miner installation. |
Vulnerability Threat | ★★ | |
|
2023-06-05 11:01:52 | Chaque règle a une exception: comment détecter la menace d'initiés sans règles Every rule has an exception: How to detect insider threat without rules (lien direct) |
Les menaces d'initié contournent constamment les outils hérités.Découvrez comment DarkTrace \'s a empêché un initié de voler une IP précieuse.
Insider threats consistently bypass legacy tools. Learn how Darktrace\'s AI stopped an insider from stealing valuable IP. |
Threat | ★★ | |
|
2023-05-05 16:01:51 | Healthcare Beware: Crypto-mine, Malware et IoT Attacks Healthcare beware: Crypto-mining, malware, and IoT attacks (lien direct) |
As threat actors are continually employing novel methods to compromise a network, a growing number of healthcare companies are now having to play catch-up in a fast-evolving threat landscape.
As threat actors are continually employing novel methods to compromise a network, a growing number of healthcare companies are now having to play catch-up in a fast-evolving threat landscape. |
Threat | ★★★ | |
|
2023-04-06 00:00:00 | Infections Qaknote: une exploration basée sur le réseau de trajets d'attaque variés QakNote Infections: A Network-Based Exploration of Varied Attack Paths (lien direct) |
Fin janvier 2023, les acteurs de la menace ont commencé à maltraiter les pièces jointes à l'e-mail pour livrer Qakbot sur les appareils des utilisateurs \\ '.L'adoption généralisée de cette nouvelle méthode de livraison a entraîné une augmentation des infections à Qakbot dans la clientèle de Darktrace \\ entre fin janvier 2023 et fin février 2023. Dans ce blog, nous fournirons des détails sur ces soi-disant \\Les infections à «Qaknote \\», ainsi que les détails de la couverture de DarkTrace \\ des étapes qui y sont impliquées.
At the end of January 2023, threat actors began to abuse OneNote email attachments to deliver Qakbot onto users\' devices. Widespread adoption of this novel delivery method resulted in a surge in Qakbot infections across Darktrace\'s customer base between the end of January 2023 and the end of February 2023. In this blog, we will provide details of these so-called \'QakNote\' infections, along with details of Darktrace\'s coverage of the steps involved in them. |
Threat | ★★ | |
|
2023-03-23 00:00:00 | AMADEY INFO-SELECTEUR: Exploiter les vulnérabilités du jour pour lancer des informations sur le vol de logiciels malveillants [Amadey Info-Stealer: Exploiting N-Day Vulnerabilities to Launch Information Stealing Malware] (lien direct) | Le malware du voleur d'informations Amadey a été détecté sur plus de 30 clients entre août et décembre 2022, couvrant diverses régions et verticales de l'industrie.Ce blog met en évidence la résurgence des logiciels malveillants en tant que service (MAAS) et la mise à profit des vulnérabilités n-days existantes dans les campagnes de smokeloder pour lancer Amadey sur les clients des clients \\ '.Cette enquête faisait partie des travaux de recherche sur la menace continue de DarkTrace \\ dans les efforts pour identifier et contextualiser les menaces à travers la flotte de Darktrace, en s'appuyant sur les idées de l'IA grâce à une analyse humaine collaborative.
Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers\' networks. This investigation was part of Darktrace\'s continuous Threat Research work in efforts to identify and contextualize threats across the Darktrace fleet, building off of AI insights through collaborative human analysis. |
Malware Threat General Information | ★★★ | |
|
2023-03-21 00:00:00 | Authentification multi-facteurs: pas la solution miracle [Multi-Factor Authentication: Not the Silver Bullet] (lien direct) | L'authentification multi-facteurs (MFA) a été largement adoptée comme mesure de sécurité par rapport aux méthodes de rachat de compte commun.Cependant, l'industrie constate de plus en plus d'exemples de compromis MFA dans lesquels les acteurs de menace exploitent l'outil de sécurité lui-même pour obtenir un accès au compte.
Multi-Factor Authentication (MFA) has been widely adopted as a security measure against common account takeover methods. However, the industry is seeing more and more examples of MFA compromise wherein threat actors exploit the security tool itself to gain account access. |
Tool Threat | ★★ | |
|
2023-02-14 00:00:00 | Account hijack with double RESPOND (lien direct) | Since its introduction, Software-as-a-Service (SaaS) has seen an enormous spike in popularity in businesses around the world. It has undeniably assumed a primacy in which it is regarded as one of the most important aspects of IT. Equally, cloud security has seen a boom in prevalence as threat actors find ways to weaponize SaaS against both SMBs and multinational companies. | Threat | ★★ | |
|
2023-02-13 00:00:00 | CryptoJacking How this double-edged sword can come back to hurt you (lien direct) | This blog explores how Darktrace was the only security tool to proactively alert an APAC Logistics Security Operation Centre (SOC) team to an instance of cryptocurrency hijacking (Cryptojacking) on their network. This blog also points to a broader discussion on why Cryptojacking poses a greater threat to organizations than simply slower machines and higher electrical bills. | Tool Threat | ★★ | |
|
2023-01-31 00:00:00 | Qakbot Resurgence: Evolving along with the emerging threat landscape (lien direct) | In June 2022, Darktrace observed a surge in Qakbot infections across its client base. These infections, despite arising from novel delivery methods, resulted in unusual patterns of network traffic which Darktrace/Network was able to detect and respond to. | Threat | ★★★ | |
|
2022-12-14 00:00:00 | Five Cyber Security Predictions for 2023 (lien direct) | This blog walks through five key trends we expect to observe in the cyber threat and cyber defense landscape in the next 12 months. | Threat | ★★ | |
|
2022-11-22 00:00:00 | PREVENT Use Cases: Uncovering Misconfigurations (lien direct) | Misconfigurations - whether accidental or malicious - are a growing threat in the face of rapidly expanding digital footprints comprising of cloud assets and bespoke OT technology. This blog explains how these are uncovered and remediated with Darktrace PREVENT. | Threat | ★★★★ | |
|
2022-11-04 00:00:00 | New technique to deliver malicious email payloads: Webmail login portal hidden within Google Translate domain (lien direct) | Darktrace has recently detected a trend of threat actors hiding malicious links within Google Translate domains to avoid detection. In one incident, these links were used to harvest the recipients' credentials. | Threat | ||
|
2022-09-28 00:00:00 | High-profile hacks emphasize the threat of social engineering (lien direct) | The current threat landscape is rife with social engineering attempts across email, SMS and digital messaging. Discover why MFA and security awareness alone aren't enough to keep organizations safe from these tactics, and what Self-Learning AI can do to help. | Threat | ||
|
2022-09-21 00:00:00 | Modern Extortion: Detecting Data Theft from the Cloud (lien direct) | Now one of the most popular talking points in the security world, the ransom industry continues to see growth. First ransomware, then double extortion and now simple data theft have been used to meet threat actors' extortion needs. This blog highlights an example of this in a US customer's SaaS environment. | Threat | ||
|
2022-09-05 00:00:00 | From BumbleBee to Cobalt Strike: Steps of a BumbleBee intrusion (lien direct) | In April 2022, Darktrace observed threat actors using the loader known as 'BumbleBee' to install Cobalt Strike Beacon onto target systems. This blog provides details of the steps threat actors took during their intrusions, along with details of the network-based behaviours which served as evidence of their activities. | Threat | ||
|
2022-03-23 09:00:00 | Autonomous Response stops a runaway Trickbot intrusion (lien direct) | Autonomous Response recently stopped a Trickbot attack on a public administration organization, despite being activated only after the threat had taken root. This blog outlines the reasons for Trickbotâs repeated resurrection and explains how Darktraceâs Autonomous Response is able to stop each new iteration. | Threat | ||
|
2021-09-30 09:00:00 | IoT security: The threat before us (lien direct) | The âInternet of Thingsâ is all around us, and yet it presents one of the most overlooked threat vectors in cyber. This blog explores how attackers gain footholds into corporate environments through Internet-connected smart devices, and how Self-Learning AI illuminates threats in this area. | Threat | ||
|
2021-09-09 09:00:00 | Sellen Construction âbuilds greatâ with Darktrace and Microsoft (lien direct) | Discover why Sellen Construction rely on Darktrace and Microsoft to protect their dynamic cloud environment, how AI Analyst saves its security team time in threat investigation, and how Darktrace enables self-learning protection across the business. | Threat | ||
|
2021-07-08 09:00:00 | How cyber-attacks take down critical infrastructure (lien direct) | Operational technology does not need to be directly targeted to be shut down by an attack. This blog discusses how cyber-attacks can disrupt the continuity of operations by creating safety concerns, as well as the limits of securing IT and OT in isolation on todayâs threat landscape. | Threat | ||
|
2021-07-01 09:00:00 | The elevation of cyber-crime to terrorism threat status (lien direct) | The US administration have announced that ransomware will now be treated as a terrorism-level threat. This blog discusses what this means for the cyber-criminal world and private organizations, as all levels of society adapt to the new classification. | Ransomware Threat | ★★★ | |
|
2021-06-28 09:00:00 | Post-mortem of a SQL server exploit (lien direct) | Deep dive into how an attacker leveraged compromised credentials to infect multiple servers and spread laterally through the organization. This detailed threat find is an excellent use case for Autonomous Response and the importance of patching vulnerabilities. | Threat Patching | ||
|
2021-06-14 09:00:00 | How a SOC team neutralized the QakBot banking trojan (lien direct) | Proactive Threat Notifications and Ask The Expert provide around-the-clock support. In a recent case, Darktrace SOC analysts helped a customer handle the QakBot banking trojan before it spread to other devices. | Threat | ★★★★ | |
|
2021-05-04 09:00:00 | Insider threats, supply chains, and IoT: Breaking down a modern-day cyber-attack (lien direct) | The threat landscape is not what it was. Sprawling IoT ecosystems and globalized supply chains offer many opportunities for threat actors. Darktrace detects these vectors on a daily basis, sometimes in the very same attack. | Threat | ||
|
2021-03-18 09:00:00 | Hafnium-inspired cyber-attacks neutralized by AI (lien direct) | As a result of the wide-reaching Hafnium attacks, various threat actors have begun exploiting ProxyLogon. This blog post shows a real-life example of how Darktrace detected this campaign against vulnerable Exchange servers, before public attribution. | Threat | ||
|
2020-12-22 09:00:00 | How AI stopped a WastedLocker intrusion before ransomware deployed (lien direct) | Darktrace recently detected and investigated a WastedLocker attack. This blog explores how this high-speed, high-stakes ransomware uses 'living off the land' techniques to bypass traditional security tools, and how Darktrace Antigena can autonomously stop this threat in its earliest stages, before encryption has begun. | Ransomware Threat | ||
|
2020-09-24 09:00:00 | Darktrace OT threat finds: Detecting an advanced ICS attack targeting an international airport (lien direct) | As IT and OT converges, cyber-attacks are increasingly spreading to Industrial Control Systems, causing operational outages and physical disruption. Darktrace's AI recently detected a simulation of an advanced threat in the environment of a major international airport that used a range of ICS attack techniques. | Threat | ||
|
2020-08-19 09:00:00 | (Déjà vu) Evil Corp intrusions: WastedLocker ransomware detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Ransomware Threat | ||
|
2020-08-19 09:00:00 | WastedLocker ransomware: Evil Corp hacker group detected by Darktrace (lien direct) | Darktrace has recently observed multiple intrusions associated with renowned threat actor Evil Corp. This blog details how Darktrace's AI detected the malicious activity throughout the attack life cycle – from the initial intrusion and the C2 traffic to the encryption or exfiltration of sensitive files. | Threat | ★★★ | |
|
2020-08-17 09:00:00 | Darktrace threat finds: Abusing TeamViewer to deploy ransomware (lien direct) | The increased use of off-the-shelf tools is lowering the barrier to entry for cyber-criminals. This blog explores an incident in which a low-skilled threat actor was able to successfully deploy ransomware in a retail organization by connecting to the domain controller via TeamViewer. | Ransomware Threat | ||
|
2020-08-06 09:00:00 | (Déjà vu) Darktrace OT threat finds: Defending the widening attack surface (lien direct) | This blog looks across a database of hundreds of customers to reveal the extent of ICS protocol use within IT environments. With increasing IT/OT convergence, the need for a unified security platform with visibility and detection capabilities across both realms has never been more critical. | Threat | ||
|
2020-08-06 09:00:00 | Darktrace OT threat finds: Defending the widening threat landscape (lien direct) | This blog looks across a database of hundreds of customers to reveal the extend of ICS protocol use within IT environments. With increasing IT/OT convergence, the need for a unified security platform with visibility and detection capabilities across both realms has never been more critical. | Threat | ||
|
2020-07-22 09:00:00 | Darktrace OT threat finds: Industrial sabotage (lien direct) | With increasing convergence between the cyber-physical realm and the corporate network, Darktrace has seen a rise in cyber-attacks that start in IT before traversing into industrial systems. This blog details one such threat, that was detected and investigated on by AI. | Threat | ||
|
2020-07-13 09:00:00 | Darktrace email finds: Chase fraud alert (lien direct) | Darktrace's AI email security recently stopped a malicious email attempting to impersonate Chase bank, coaxing the recipient into handing over their credentials. This blog covers why the attack evaded traditional security tools at the gateway, and how Darktrace spotted and neutralized the threat in real time. | Threat | ||
|
2020-07-08 09:00:00 | Speed of weaponization: From vulnerability disclosure to crypto-mining campaign in a week (lien direct) | Darktrace recently detected a series of crypto-mining campaigns in its customers just a week after SaltStack revealed a vulnerability. This blog details the initial infection, payload execution and command and control, describing how AI identified the threat in real time. | Vulnerability Threat | ||
|
2020-04-02 09:00:00 | Catching APT41 exploiting a zero-day vulnerability (lien direct) | This blog looks at how the cyber-criminal group APT41 exploited a zero-day vulnerability, and examines how Darktrace's AI detected and investigated the threat at machine speed. | Vulnerability Threat Guideline | APT 41 |
1
We have: 38 articles.
We have: 38 articles.
To see everything:
Our RSS (filtrered)
