What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-06 16:15:31 | Derrière les portes fermées: la montée de l'accès à distance malveillant caché Behind Closed Doors: The Rise of Hidden Malicious Remote Access (lien direct) |
Threat | ★★★ | ||
|
2024-04-23 13:17:04 | Podcast de vie malveillante: le Y2K Bug Pt.2 Malicious Life Podcast: The Y2K Bug Pt. 2 (lien direct) |
In the waning years of the 20th century, amid growing anxieties about the turn of the millennium, one man, Robert Bemer, observed the unfolding drama from his remote home on King Possum Lake. A revered figure in computing, Bemer had early on flagged a significant, looming issue known as the Y2K bug, which threatened to disrupt global systems as calendars rolled over to the year 2000. This episode delves into Bemer\'s life during this critical period, exploring his predictions, the ensuing global frenzy to avert disaster, and the disparate views on whether the billions spent in prevention were justified or merely a response to a misunderstood threat. |
Threat | ★★★ | |
|
2024-03-26 14:39:15 | Alerte de menace: les conséquences de la violation Anydesk Threat Alert: The Anydesk Breach Aftermath (lien direct) |
Cybearason Problèmes de menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris les vulnérabilités critiques.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★★ | |
|
2024-03-25 03:28:07 | L'évolution de la cyberisoire pour perturber au-delà du marché Siem et XDR Cybereason\\'s evolution to disrupt beyond SIEM and XDR market (lien direct) |
Aujourd'hui, les entreprises accélèrent pour investir dans la numérisation pour rester en avance sur la concurrence.Ils rencontrent de plus en plus un paysage en évolution des menaces et des défis de sécurité complexes - avec plus de charges de travail dans des nuages multiples, plus de main-d'œuvre dans des environnements hybrides et des appareils plus intelligents liés dans les opérations critiques de la mission.Ce parcours de transformation est exacerbé par une augmentation exponentielle des ressources de calcul, des volumes de données et des outils de sécurité, ce qui fait augmenter le coût du stockage, de la gestion et de l'analyse des données à des fins de sécurité.
Today enterprises are accelerating to invest into digitalization to stay ahead of competition. They are increasingly encountering an evolving threat landscape and complex security challenges - with more workloads in multi clouds, more workforces in hybrid environments, and more intelligent devices connected in mission critical operations. This transformation journey is exacerbated by exponential increase in compute resources, data volumes and security tooling, driving up the cost of storing, managing and analyzing the data for security purposes. |
Threat | ★★ | |
|
2024-03-13 14:50:52 | Méfiez-vous des messagers, exploitant la vulnérabilité activeMQ Beware of the Messengers, Exploiting ActiveMQ Vulnerability (lien direct) |
Cybearason Security Services Problème des rapports d'analyse des menaces pour informer sur l'impact des menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★ | |
|
2024-03-05 14:41:54 | Débloquer Snake - Python InfostEaler qui se cache à travers les services de messagerie Unboxing Snake - Python Infostealer Lurking Through Messaging Services (lien direct) |
Les services de sécurité de la cyberison des problèmes d'analyse des menaces pour informer les menaces.Les rapports d'analyse des menaces étudient ces menaces et fournissent des recommandations pratiques pour se protéger contre eux.
Cybereason Security Services issues Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat | ★★ | |
|
2024-02-12 16:37:24 | De Cracked à piraté: les logiciels malveillants se propagent via des vidéos YouTube From Cracked to Hacked: Malware Spread via YouTube Videos (lien direct) |
Ce rapport d'analyse des menaces se plongera dans les comptes YouTube compromis utilisés comme vecteur pour la propagation des logiciels malveillants.Il décrira comment ce vecteur d'attaque est exploité pour les campagnes à faible combustion et à faible coût, mettant en évidence les stratégies utilisées par les acteurs de la menace et comment les défenseurs peuvent détecter et prévenir ces attaques. & NBSP;
This Threat Analysis Report will delve into compromised YouTube accounts being used as a vector for the spread of malware. It will outline how this attack vector is exploited for low-burn, low-cost campaigns, highlighting strategies used by threat actors and how defenders can detect and prevent these attacks. |
Malware Threat | ★★★ | |
|
2024-02-06 04:35:35 | Alerte de menace: Ivanti Connect Secure VPN Zero-Day Exploitation THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation (lien direct) |
Cybereason Issues Menace Alertes pour informer les clients de l'émergence des menaces impactantes, y compris des vulnérabilités critiques telles que l'exploitation Ivanti Secure VPN Zero-Day.Les alertes de menaces de cyberéasie résument ces menaces et fournissent des recommandations pratiques pour se protéger contre elles.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including critical vulnerabilities such as the Ivanti Connect Secure VPN Zero-Day exploitation. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Vulnerability Threat | ★★ | |
|
2024-01-29 15:39:52 | THREAT ALERT: DarkGate Loader (lien direct) |
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them.
Cybereason issues Threat Alerts to inform customers of emerging impacting threats, including recently observed DarkGate Loader. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ★★★ | |
|
2023-12-18 16:09:11 | Alerte de menace: Citriced (CVE-2023-4966) THREAT ALERT: CITRIXBLEED (CVE-2023-4966) (lien direct) |
|
Threat | ★★ | |
|
2023-11-28 15:41:00 | Alerte de menace: variante DJVU livrée par le chargeur se faisant passer pour un logiciel gratuit THREAT ALERT: DJvu Variant Delivered by Loader Masquerading as Freeware (lien direct) |
|
Threat | ★★★ | |
|
2023-11-20 18:11:31 | Alerte de menace: Ransomware INC THREAT ALERT: INC Ransomware (lien direct) |
|
Ransomware Threat | ★★★ | |
|
2023-10-06 17:53:23 | Analyse des menaces: prendre des raccourcis… en utilisant des fichiers LNK pour l'infection initiale et la persistance THREAT ANALYSIS: Taking Shortcuts… Using LNK Files for Initial Infection and Persistence (lien direct) |
|
Threat | ★★★ | |
|
2023-09-20 13:10:48 | La cyberison établit la nouvelle norme de l'industrie en 2023 Évaluations de Mitre ATT & CK: Enterprise Cybereason Sets the New Industry Standard in 2023 MITRE ATT&CK Evaluations: Enterprise (lien direct) |
Fresh Off the Press: Les résultats de la 2023 MITER ENNÉNUITION ATT & AMP; CK & reg; Évaluations: Entreprise ont été publiés, mettant 30 solutions de sécurité au test dans des scénarios réels qui imitent l'acteur de la menace Turla.
Fresh off the press: the results of the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise have been published, putting 30 security solutions to the test in real world scenarios that mimic the Turla threat actor. |
Threat | ★★ | |
|
2023-08-21 20:45:00 | Analyse des menaces: assembler Lockbit 3.0 THREAT ANALYSIS: Assemble LockBit 3.0 (lien direct) |
|
Threat | ★★ | |
|
2023-04-26 14:16:20 | La cyberréason annonce la chasse et l'enquête unifiées aux menaces Cybereason Announces Unified Threat Hunting and Investigation (lien direct) |
La cyberréasie est ravie d'annoncer un développement significatif dans son approche pour stocker des données de chasse à long terme (télémétrie collectée par nos capteurs pas \\ 'Données bénignes \' détectées par et liées à un malveillantOpération, ou |
Threat | ★★ | |
|
2023-02-07 18:17:40 | THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise (lien direct) |
The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of GootLoader through heavily-obfuscated JavaScript files. In addition to the new techniques used to load GootLoader, Cybereason also observed Cobalt Strike deployment, which leveraged DLL Hijacking, on top of a VLC MediaPlayer executable.
|
Threat Guideline | ★★★ | |
|
2023-01-19 13:00:00 | Sliver C2 Leveraged by Many Threat Actors (lien direct) |
What you need to know about this attack framework before it replaces Cobalt Strike
|
Threat | ★★★★★ | |
|
2023-01-10 12:00:00 | THREAT ANALYSIS: From IcedID to Domain Compromise (lien direct) |
BACKGROUND
In this Threat Analysis report, the Cybereason team investigates a recent IcedID infection that illustrates the tactics, techniques, and procedures (TTPs) used in a recent campaign. IcedID, also known as BokBot, is traditionally known as a banking trojan used to steal financial information from its victims. It has been around since at least 2017 and has been tied to the threat group TA551. |
Threat | ★★★★ | |
|
2022-12-05 06:00:00 | Threat Analysis: MSI - Masquerading as a Software Installer (lien direct) |
|
Threat Threat | ★★★ | |
|
2022-12-01 11:00:00 | Nine Cybersecurity Predictions for 2023 (lien direct) |
In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organizations worldwide. The cyber gang Conti with Russian-linked ties managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor. |
Ransomware Threat | ★★★ | |
|
2022-11-29 16:09:58 | Malicious Life Podcast: How to NOT Build a Cybersecurity Startup (lien direct) |
When it was founded in 2011, Norse Corp.-which described itself as "the world's largest dedicated threat intelligence network"-had everything a promising startup could wish for: a charismatic and experienced founder, a rare and valuable technology, and few tens of millions of dollars from investors. Less than six years later, it all came crashing down in the most horrible death a business can experience. What went wrong in Norse Corp.? |
Threat | ★★★ | |
|
2022-10-21 12:00:00 | THREAT ANALYSIS REPORT: DLL Side-Loading Widely (Ab)Used (lien direct) |
This Threat Analysis Report is part of the Purple Team Series. In this series, the Managed Detection and Response (MDR) and Threat Intelligence teams from the Cybereason Global Security Operations Center (GSOC) explore widely used attack techniques, outline how threat actors leverage these techniques, describe how to reproduce an attack, and report how defenders can detect and prevent these attacks. |
Threat | ||
|
2022-08-31 14:41:39 | The Importance of Actionable Threat Intelligence (lien direct) |
|
Threat | ||
|
2022-08-19 14:57:16 | THREAT ALERT: Inside the Redeemer 2.0 Ransomware (lien direct) |
The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. In this article, the Cybereason Research team exposes Redeemer 2.0, an updated version of the original ransomware. |
Ransomware Threat | ||
|
2022-07-07 14:02:10 | (Déjà vu) THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices (lien direct) |
The Cybereason Global Security Operations Center (SOC) Team issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2022-07-07 13:25:56 | What\'s New with Ransomware Gangs? (lien direct) |
The looming threat of new ransomware models was the top concern of executives in the fall of 2021, reported Gartner. Less than a year later, organizations find themselves facing an escalation of that very threat. |
Ransomware Threat | ||
|
2022-06-07 10:00:00 | Report: Ransomware Attacks and the True Cost to Business 2022 (lien direct) |
Ransomware continues to dominate the threat landscape in 2022. Organizations are under siege from a wide variety of threats, but ransomware offers threat actors a unique combination of very low risk with very high reward-which is why the volume of ransomware attacks nearly doubled from the previous year, and the total cost of ransomware was estimated to exceed $20 billion. |
Ransomware Threat | ||
|
2022-06-03 13:10:32 | (Déjà vu) Webinar June 30th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Ransomware Threat | ||
|
2022-05-16 17:03:08 | Achieve Faster, More Accurate Response with Cybereason Threat Intelligence (lien direct) |
|
Threat | ||
|
2022-05-16 13:26:55 | (Déjà vu) Webinar June 2nd 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
|
Ransomware Threat | ||
|
2022-05-12 15:54:00 | Russia Is Waging Cyberwar–with Little Success (lien direct) |
The atrocities taking place in Ukraine are truly tragic. It is personal to me. I've had the opportunity to work alongside cyber experts in Ukraine–providing time and resources over the years to help with cyber deterrence, and I watched anxiously as tensions escalated earlier this year. Russia may have launched its physical invasion of its neighbor on February 24, but Russia and threat actors aligned with Russia have been targeting Ukraine with cyberattacks for years. |
Threat | ★★★★ | |
|
2022-05-09 12:40:12 | How Do Ransomware Attacks Impact Victim Organizations\' Stock? (lien direct) |
Ransomware has developed into an extremely lucrative business model with little risk involved for the threat actors. Couple this with the willingness of most victim organizations to pay the ransom demand under the assumption it will return business operations to normal–ultimately encouraging more attacks–and we have a big problem with no easy remedies. |
Ransomware Threat | ★★★ | |
|
2022-05-02 18:35:55 | (Déjà vu) Webinar May 12th 2022: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response. |
Ransomware Threat | ||
|
2022-04-25 11:47:39 | (Déjà vu) THREAT ANALYSIS REPORT: SocGholish and Zloader – From Fake Updates and Installers to Owning Your Systems (lien direct) |
The Cybereason Global Security Operations Center (GSOC) Team issues Cybereason Threat Analysis reports to inform on impacting threats. The Threat Analysis reports investigate these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2022-04-13 15:38:18 | Webinar April 26th: Profile of the Dark Economy of Ransomware (lien direct) |
Ransomware operators have steadily become more sophisticated and more aligned with nation-state actors making ransomware an existential threat for enterprises. |
Ransomware Threat | ||
|
2022-04-01 05:00:00 | (Déjà vu) Webinar April 14th: Live Attack Simulation - Ransomware Threat Hunter Series (lien direct) |
Ransomware has the potential to affect any organization with exposed defenses. The challenges presented by a multi-stage ransomware attack to large organizations with a mature security team in place are unique and require an informed response.
Join this session to learn more about how mature security teams can more effectively manage a modern ransomware operation and avoid a system-wide takeover by bad actors - delivered through a step-by-step walkthrough of an attack:
Why ransomware continues to evolve & common delivery methods
The differences and similarities between ransomware and other forms of malware
Common methods attackers use to escalate their operations
Reliable techniques Defenders can use to end active ransomware operators in their environments
|
Ransomware Threat | ||
|
2022-03-31 20:07:58 | Cybereason Excels in the 2022 MITRE ATT&CK® Evaluations: 100% Prevention, Visibility and Real-Time Protection (lien direct) |
The MITRE Engenuity ATT&CK® Evaluations for Enterprise has quickly become the de facto authority for measuring the effectiveness of security solutions against real world scenarios that mimic advanced persistent threat attack progressions. |
Threat | ||
|
2022-03-28 15:00:25 | MITRE ATT&CK: Wizard Spider and Sandworm Evaluations Explained (lien direct) |
Later this week MITRE Engenuity will be releasing the results from their fourth round of the ATT&CK Evaluations. This round focused on threat actors Wizard Spider and Sandworm. In this article, we'll review why MITRE is the preeminent organization providing third-party evaluations of vendor solutions, and the key metrics to look for when evaluating the effectiveness of a solution. |
Threat | ||
|
2022-03-25 20:02:36 | Webinar April 7th: 2021 MITRE ATT&CK Evaluations Explained (lien direct) |
The 2021 Round 4 MITRE ATT&CK evaluations focused on Wizard Spider and Sandworm, threat actor groups known to target large corporations and healthcare institutions. Wizard Spider is largely a financially motivated ransomware crime group conducting campaigns since 2017. The Sandworm team is a Russian Threat group that has been linked to the 2015 and 2016 targeting of Ukrainian electrical companies and the 2017 NotPetya attacks. |
Ransomware Threat | NotPetya NotPetya | |
|
2022-03-23 12:59:50 | AI-Driven XDR: Defeating the Most Complex Attack Sequences (lien direct) |
What is an AI-driven XDR solution? AI-driven Extended Detection and Response (XDR) is a specific approach for advanced threat detection and automated response. AI-driven XDR extends continuous threat detection and monitoring across an organization's endpoints, cloud workloads, applications, and the network. |
Threat | ||
|
2022-03-22 15:40:28 | Authentication Platform Okta Investigates Alleged Breach (lien direct) |
Authentication platform Okta is reportedly investigating a potential breach after threat actors under the moniker Lapsus$ posted screenshots allegedly showing they had gained access to the company's internal environment. If confirmed, the attack could put the security of Okta's customers at risk. |
Threat | ||
|
2022-03-22 13:15:00 | Cybereason vs. Carbon Black: Why Delayed Detections Matter (lien direct) |
The U.S. Treasury Department estimates that U.S. companies have paid $1.6 billion in ransomware attacks since 2011. Given the lucrative nature of ransomware attacks, the threat shows no signs of diminishing.
In fact, the ransomware threat is constantly changing and evolving as attackers use more and more sophisticated techniques and vulnerabilities to gain access to organizations' data and networks. |
Ransomware Threat | ||
|
2022-03-17 13:50:48 | Enriching Raw Telemetry with the Cybereason Historical Data Lake (lien direct) |
Regardless of whether you are performing Threat Hunting across your most recent dataset or your long-term historical datasets, an important dimension to your data is the enrichment and contextualization process.
Contextual data provides the Threat Hunter (“hunter”) with additional data points and a more complete picture of the activity, allowing them to make more informed decisions about whether the activity should be investigated further or disregarded. |
Threat | ||
|
2022-03-16 12:43:23 | Leveraging the X in XDR: Correlating Across Multiple Sources of Telemetry (lien direct) |
Several trends are driving Managed Detection and Response (MDR) adoption as a viable alternative for organizations that don't necessarily have the resources on-hand to conduct intense threat hunting internally. The MDR market is expected to reach over $7 billion by 2028. That's up from $974.9 million in 2020, per Big News Network. |
Threat | ||
|
2022-03-16 12:33:41 | Webinar March 29th: Assessing the Cyberattack Risk in the Russia-Ukraine Conflict (lien direct) |
The situation in Ukraine continues to be tenuous, and global intelligence sources are advising that the threat of Russian state-sponsored and state-condoned attacks targeting Western nations and organizations remains high. Cyberattacks by groups supporting Russian interests have been observed, but experts have noted that we likely have not seen the full potential of a Russian cyber offensive…yet. |
Threat | ||
|
2022-03-10 14:39:49 | CISO Stories Podcast: Lessons Learned from Building an ISAC (lien direct) |
Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990's and now represent over 20 industry sectors. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community - check it out... |
Threat | ||
|
2022-03-09 14:41:21 | Threat Hunting: From LOLBins to Your Crown Jewels (lien direct) |
Continuous, real-time threat hunting is one of the key capabilities that organizations need today. By sharing the strategies that our Threat Hunting and Incident Response teams use, I hope to show you how you can implement threat hunting on your network as an integral part of your security operations. |
Threat | ||
|
2022-03-07 16:57:52 | (Déjà vu) THREAT ALERT: Emotet Targeting Japanese Organizations (lien direct) |
The Cybereason Global Security Operations Center (SOC) issues Cybereason Threat Alerts to inform customers of emerging impacting threats. The Alerts summarize these threats and provide practical recommendations for protecting against them. |
Threat | ||
|
2022-02-16 14:10:02 | Securing Critical Infrastructure with XDR (lien direct) |
In January, CISA, the FBI and the NSA released a joint Cybersecurity Advisory (CSA), titled Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure, that provided an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques and procedures (TTPs), as well as detection actions, incident response guidance, and recommended mitigations.
"Russian state-sponsored APT actors have used sophisticated cyber capabilities to target a variety of U.S. and international critical infrastructure organizations, including those in the Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors," the advisory states.
"Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology (OT)/industrial control systems (ICS) networks with destructive malware... CISA, the FBI, and NSA encourage the cybersecurity community-especially critical infrastructure network defenders-to adopt a heightened state of awareness and to conduct proactive threat hunting."
While critical infrastructure defense has always been high priority objective, there's still some disconnect in the world of critical infrastructure security around preparedness. According to a report covered by PRNewswire, a majority (84%) of critical infrastructure organizations indicated they had suffered at least one security breach involving their Operational Technology (OT) between 2018 and 2021; yet, 56% of respondents to the same study said they were “highly confident” that they wouldn't experience an OT breach in 2022. |
Threat |
To see everything:
Our RSS (filtrered)
