What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-16 14:10:02 | Securing Critical Infrastructure with XDR (lien direct) |
In January, CISA, the FBI and the NSA released a joint Cybersecurity Advisory (CSA), titled Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, that provided an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures (TTPs), as well as detection actions, incident response guidance, and recommended mitigations.
"Russian state-sponsored APT actors have used sophisticated cyber capabilities to target a variety of U.S. and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors," the advisory states.
"Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware... CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting."
While critical infrastructure defense has always been high priority objective, there's still some disconnect in the world of critical infrastructure security around preparedness. According to a report covered by PRNewswire, a majority (84%) of critical infrastructure organizations indicated they had suffered at least one security breach involving their Operational Technology (OT) between 2018 and 2021; yet, 56% of respondents to the same study said they were “highly confident” that they wouldn't experience an OT breach in 2022. |
Threat | ||
|
2022-02-15 22:11:13 | Addressing the Risk from Cyberattacks in the Russia-Ukraine Conflict (lien direct) |
The situation in Ukraine continues to fluctuate, and U.S. intelligence sources are advising that Russia is preparing for an imminent invasion. Cyberattacks have already been observed in the conflict, and I expect diversions, distractions, and false flags as tensions escalate. There is also the potential risk of other threat actors being opportunistic under the cover of Russian aggression. |
Threat | ||
|
2022-02-10 11:00:00 | (Déjà vu) THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot (lien direct) |
The Cybereason Global Security Operations Center Team (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat Guideline | ||
|
2022-02-08 14:13:21 | Financial Services and the Evolving Ransomware Threat (lien direct) |
There's no doubt about it, ransomware attackers are increasingly targeting organizations in the financial services sector. As reported by Berkley Financial Specialists, financial institutions reported 635 ransomware-related events in the first half of 2021. That's a 30% increase over the same from the previous year. |
Ransomware Threat | ||
|
2022-02-08 10:00:00 | (Déjà vu) Webinar February 24th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-02-04 15:18:38 | Iranian Threat Actors Turn Up Heat on Cyber Cold War (lien direct) |
Cybereason released new reports this week sharing discoveries made by our researchers related to two different Iranian threat actors. One of the keys to giving Defenders the tools they need to reverse the adversary advantage is understanding how attackers think and the tools they use-which is why research into emerging tactics and techniques is essential. |
Threat | ||
|
2022-02-04 11:00:00 | Responding to Multi-Endpoint Threats with XDR (lien direct) |
Today's advanced threat actors are capable of gaining access to your network and moving laterally to more sensitive systems in just minutes. Therefore, detection, insight, and speed of response are critical to preventing business disruption, data theft or ransomware. |
Threat | ||
|
2022-01-20 13:33:58 | Cybereason XDR: 10X Faster Threat Hunting (lien direct) |
For many Security Operations Centers (SOCs), conducting effective queries using a traditional Security Information and Event Management (SIEM) requires training and familiarity with syntax language, and deep analysis to take action on the results of a particular hunt. |
Threat | ||
|
2022-01-19 10:00:00 | (Déjà vu) Webinar February 3rd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-01-14 17:03:05 | The MalOp Severity Score: Because Every Second Counts (lien direct) |
Managed Detection and Response (MDR) isn't a new concept. Organizations of all shapes and sizes work with security vendors to help manage their network security and address common use cases such as; talent shortages, operations teams that are stretched thin, alert fatigue, and 24x7 threat hunting and remediation. |
Threat | ||
|
2022-01-12 14:00:22 | EDR, MDR and XDR – What Are the Differences? (lien direct) |
As attacks get more complex, organizations are increasingly prioritizing threat detection and response capabilities. In a January 2020 survey, the SANS Institute learned that half of IT and security leaders planned on increasing their investment in network detection and response tools to help their organizations better defend against emerging threats. |
Threat Guideline | ||
|
2021-12-16 17:48:04 | (Déjà vu) THREAT ANALYSIS REPORT: Inside the LockBit Arsenal - The StealBit Exfiltration Tool (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Tool Threat | ||
|
2021-12-14 13:41:32 | Introducing Cybereason XDR Powered by Google Chronicle (lien direct) |
Cybereason and Google Cloud have unveiled Cybereason XDR powered by Google Chronicle, the first AI-driven XDR platform capable of ingesting and analyzing threat data from across the entire IT environment. |
Threat | ||
|
2021-12-13 13:08:24 | Malicious Life Podcast: Ransomware Attackers Don\'t Take Holidays (lien direct) |
In November of 2021, Cybereason released a special report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, focusing on the threat of ransomware attacks during weekends and holidays. Nate Nelson, our senior producer, talked with Ken Westin, Director of Security Strategy at Cybereason, about why attackers love holidays and weekends, and why ransomware attacks during these times are so effective and dangerous - check it out... |
Ransomware Threat | ||
|
2021-12-10 02:00:00 | (Déjà vu) Webinar January 11th 2022: Live Attack Simulation - Ransomware Threat Hunte (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-12-09 20:10:19 | (Déjà vu) THREAT ALERT: The Return of Emotet (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2021-11-29 06:00:00 | Webinar December 1st: Ransomware Attackers Don\'t Take Holidays (lien direct) |
Cybereason recently released a research report, titled Organizations at Risk: Ransomware Attackers Don't Take Holidays, that focuses on the threat that ransomware attacks during the weekends and holidays pose to organizations as we move into the holiday season. The global survey includes responses from 1,200+ security professionals at organizations that have previously suffered a successful ransomware attack. |
Ransomware Threat | ||
|
2021-11-23 13:29:20 | Which Data Do Ransomware Attackers Target for Double Extortion? (lien direct) |
Double extortion is one of the most prevalent ransomware tactics today. The attackers first exfiltrate sensitive information from their target before launching the ransomware encryption routine. The threat actor then demands a ransom payment in order to regain access to the encrypted assets along with an additional threat to publicly expose or otherwise release the data if the ransom demand is not met promptly. |
Ransomware Threat | ||
|
2021-11-18 12:06:57 | CISO Stories Podcast: Who is Your SOC Really For? (lien direct) |
Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? Ricardo Lafosse, CISO at Kraft Heinz, explains - check it out... |
Threat | ||
|
2021-11-09 18:46:51 | (Déjà vu) THREAT ANALYSIS REPORT: From Shatak Emails to the Conti Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-10-29 15:49:18 | (Déjà vu) Webinar November 11th: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-28 13:00:12 | (Déjà vu) THREAT ANALYSIS REPORT: Snake Infostealer Malware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Malware Threat | ||
|
2021-10-28 12:00:00 | (Déjà vu) Webinar: Live Attack Simulation - EMEA Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-27 17:25:51 | (Déjà vu) THREAT ALERT: Malicious Code Implant in the UAParser.js Library (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2021-10-26 15:21:56 | Microsoft Publishes Veiled Mea Culpa Disguised as Research (lien direct) |
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM-the threat actor behind the SolarWinds attacks-is targeting delegated administrative privileges as part of a larger malicious campaign.
Microsoft cautions that attackers are attempting to gain access to downstream customers of multiple cloud providers, managed service providers (MSPs), and IT services organizations in what at first glance appears to be a standard threat intelligence report, but upon examination more closely resembles a technical vulnerability disclosure. |
Vulnerability Threat | ||
|
2021-10-25 16:22:58 | Webinar: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2021-10-20 12:39:41 | Why All Telemetry is Essential for XDR Performance (lien direct) |
Robust telemetry is essential to any threat detection and response strategy. Organizations need the ability to collect threat information from across their IT infrastructure so that they can see what's going on in their environments and correlate the intelligence across devices, personas, application suites, and the cloud so that it's actionable. |
Threat | ||
|
2021-10-18 11:52:07 | Malicious Life Podcast: Operation GhostShell - An Iranian Espionage Campaign (lien direct) |
In July 2021, Nocturnus - the Cybereason Threat Research and Intelligence team - was called to investigate an espionage campaign targeting Aerospace and Telecommunications companies globally. Their investigation resulted in the discovery of a new threat actor dubbed MalKamak that has been operating since at least 2018, and a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control). |
Threat | ||
|
2021-10-12 12:00:20 | Cybereason and Google Cloud Join Forces to Drive XDR Innovation (lien direct) |
Cybersecurity defenders are under unprecedented pressure and attack from nearly every angle and every threat vector. To properly defend businesses, governments, hospitals, financial institutions and our critical infrastructure, security teams are accelerating their move to Extended Detection and Response (XDR).
Properly executing and implementing XDR involves cutting-edge innovation, the very latest in detection technology, and most importantly the ability to collect and analyze all event telemetry data at scale. |
Threat | ||
|
2021-10-12 08:00:00 | What is Ransomware-as-a-Service and How Does it Work? (lien direct) |
Editor's Note: Unlock the knowledge, resources and expert guidance you need to successfully prevent ransomware attacks from impacting your organization's operations with this complimentary Ransomware Toolkit...
Recently, we introduced a blog series where we'll break down some key drivers of the ransomware threat landscape for Cybersecurity Awareness Month (formerly National Cybersecurity Awareness Month). We spent the first week analyzing Initial Access Brokers (IABs). For this week, let's focus on Ransomware-as-a-Service (RaaS).
|
Ransomware Threat | ||
|
2021-10-04 11:59:49 | Running Robust Managed Detection and Response Services (lien direct) |
Information security practitioners have published a lot of articles around topics like how to build and run a security operations center (SOC) and specific SOC functions such as incident response and threat hunting. These topics are always important, as threat actors are constantly coming up with more sophisticated attack strategies and vectors. |
Threat | ||
|
2021-09-27 17:05:50 | (Déjà vu) Threat Analysis Report: Inside the Destructive PYSA Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-09-27 12:03:13 | Malicious Life Podcast: Should the U.S. Ban Chinese and Russian Technology? (lien direct) |
Every year, seemingly, there's a new story of some software like 'Tik Tok' or 'FaceApp' from a hostile country that may or may not be a security threat to us in the West. So what should be done in cases like this? What if the U.S. just banned all technology from Russia and China? Is it a good idea? Is it even possible? Ira Winkler joins the discussion - check it out... |
Threat | ||
|
2021-09-22 17:26:23 | Threat Analysis Report: PrintNightmare and Magniber Ransomware (lien direct) |
The Cybereason Global Security Operations Center (GSOC) issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Ransomware Threat | ||
|
2021-09-15 12:46:32 | Four Considerations for Evaluating XDR Platforms (lien direct) |
There's a growing need for the more holistic approach to threat detection and response that XDR can deliver. Why? Just look at what's going on in the digital threat landscape... |
Threat | ||
|
2021-09-10 16:00:00 | THREAT ALERT: Microsoft MSHTML Remote Code Execution Vulnerability (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ||
|
2021-09-01 13:02:03 | The Value Drivers for an XDR Investment (lien direct) |
We have a pretty good idea by now of what Extended Detection and Response (XDR) is. As we noted in an earlier article, titled XDR: The Next Step in Threat Detection and Response, XDR is a security approach that builds on the successes of Endpoint Detection and Response (EDR). |
Threat | ||
|
2021-08-31 12:01:26 | Evolving Ransomware Tactics Include Recruiting Insiders and DDoS Attacks (lien direct) |
The attention generated by the DarkSide ransomware attack against Colonial Pipeline in May has helped to reshape the ransomware threat landscape. One of the most important modifications came when the digital crime forum XSS announced that members could no longer post about ransomware topics. The Exploit forum followed suit not long after, as reported by Bleeping Computer. |
Ransomware Threat | ||
|
2021-08-17 12:51:03 | XDR: The Key to Solving SIEM Shortcomings (lien direct) |
One of the mainstays of organizations' digital security postures is a Security Information and Event Management (SIEM) platform. According to CSO Online, SIEMs augment threat monitoring and incident response with log analysis. |
Threat | ||
|
2021-08-16 12:04:08 | (Déjà vu) Malicious Life Podcast: DeadRinger - Exposing Chinese APTs Targeting Major Telcos (lien direct) |
Cybereason recently discovered several previously unidentified attack campaigns targeting the telecoms industry across Southeast Asia that are assessed to be the work of multiple Chinese APT groups. The attacks are detailed in the threat intelligence report titled DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos. |
Threat | ||
|
2021-08-11 14:45:48 | The Rising Threat from LockBit Ransomware (lien direct) |
LockBit ransomware is the latest threat posing an increased risk for organizations. The ransomware gang has been making headlines recently. LockBit has also reportedly compromised Accenture.
The group reportedly revealed the attack on their site on the DarkWeb, noting, “these people are beyond privacy and security. Hope their services are better than what I have seen inside. If you are interested in purchasing data sets, contact us.” |
Ransomware Threat | ||
|
2021-08-09 12:18:15 | XDR: The Next Step in Threat Detection and Response (lien direct) |
The global EDR market (Endpoint Detection and Response) is growing rapidly. The Transparency Market Research team predicted that this market will increase at a CAGR of about 21% in the next decade, reported Help Net Security. If it happens, this growth will help the global EDR market surpass a valuation of $13.8 billion by 2030. |
Threat | ||
|
2021-08-03 04:03:00 | DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos (lien direct) |
Following the discovery of Hafnium attacks targeting Microsoft Exchange vulnerabilities, the Cybereason Nocturnus and Incident Response teams proactively hunted for various threat actors trying to leverage similar techniques in-the-wild. In the beginning of 2021, the Cybereason Nocturnus Team investigated clusters of intrusions detected targeting the telecommunications industry across Southeast Asia. During the investigation, three clusters of activity were identified and showed significant connections to known threat actors, all suspected to be operating on behalf of Chinese state interests.
The report comes on the heels of the Biden administration's public rebuke of China's Ministry of State Security for the recent HAFNIUM attacks that exploited vulnerabilities in unpatched Microsoft Exchange Servers and put thousands of organizations worldwide at risk. Exploitation of these same vulnerabilities were central to the success of the attacks detailed in this research. |
Threat | ||
|
2021-08-03 04:00:17 | Webinar: DeadRinger - Exposing Chinese Threat Actors Targeting Major Telcos (lien direct) |
The Cybereason Nocturnus Research Team recently released a major threat intelligence research report titled DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos, which details the discovery of several previously unidentified attack campaigns targeting the telecommunications industry across Southeast Asia, where several clusters of attack activity were identified and assessed to be the work of several prominent APT groups who are known to conduct operations aligned with the interests of the Chinese government. |
Threat | ||
|
2021-06-17 12:32:14 | Biden-Putin Summit and Why Threat Actors Just Won\'t Give it a Rest (lien direct) |
On June 11, McDonald's said in a message to its U.S. employees that it had discovered unauthorized activity on an internal security system. The burger chain responded by bringing on some external consultants to investigate what had happened, reported the Wall Street Journal. |
Threat | ||
|
2021-06-14 11:59:48 | Ransomware Attacks are Evolving: What You Need to Know (lien direct) |
One look at all the ransomware attacks from the past few years, and it's clear that crypto-malware actors are attempting to maximize their financial gain. We've observed these threat groups using multiple techniques to profit even more off their victims than in years past. Here are a few tactics that stood out to us.
|
Ransomware Threat | ||
|
2021-06-01 16:53:30 | SolarWinds Threat Actors Behind New Email Attack Campaign (lien direct) |
The threat actors behind last year's SolarWinds supply chain attack have launched a new email attack campaign aimed at organizations around the world. This attack wave attracted the attention of the Microsoft Threat Intelligence Center (MSTIC) on May 25. |
Threat | ||
|
2021-05-25 12:23:45 | New Cybersecurity Executive Order: Will It Have Impact? (lien direct) |
The state of the threat landscape in general, and incidents like the recent ransomware attack against Colonial Pipeline demand that we take immediate action to improve cybersecurity defenses. The recent executive order (EO) on cybersecurity from President Biden is a bold step in the right direction. |
Threat | ||
|
2021-04-30 12:20:47 | 100 Days Down, 1,360 Days of Nation-State Cybersecurity Threats to Go (lien direct) |
This week marks the milestone of the Biden Administration's first 100 days. It is somewhat arbitrary to expect an incoming president to achieve significant progress in just 100 days, or to judge success or failure based on such a small span of time.
However, it does provide a glimpse into the vision and direction of the administration, and so far it seems like President Biden is preparing to address the growing cybersecurity threat from our adversaries. |
Threat | ||
|
2021-04-30 12:11:34 | PortDoor: New Chinese APT Backdoor Attack Targets Russian Defense Sector (lien direct) |
The Cybereason Nocturnus Team has been tracking recent developments in the RoyalRoad weaponizer, also known as the 8.t Dropper/RTF exploit builder. Over the years, this tool has become a part of the arsenal of several Chinese-related threat actors such as Tick, Tonto Team and TA428, all of which employ RoyalRoad regularly for spear-phishing in targeted attacks against high-value targets. |
Tool Threat |
To see everything:
Our RSS (filtrered)
