What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-04 11:56:00 | Latrodectus: This Spider Bytes Like Ice (lien direct) | Pour cette recherche, nous nous sommes associés à l'équipe de recherche sur les menaces de Proofpoint \\ dans un effort de collaboration pour fournir un aperçu complet de ...
For this research, we partnered with Proofpoint\'s Threat Research team in a collaborative effort to provide a comprehensive overview of... |
Threat | ★★★★ | |
|
2024-02-22 05:00:00 | Les menaces continues ont besoin d'une gestion continue Continuous Threats Need Continuous Management (lien direct) |
Un explicateur principal des parties prenantes pour la cybersécurité continue de la gestion de l'exposition aux menaces (CTEM) à l'ère des menaces continues: l'affaire ...
A senior stakeholder explainer for Continuous Threat Exposure Management (CTEM) Cybersecurity in the Era of Continuous Threats: The Case... |
Threat | ★★★ | |
|
2023-11-13 13:51:02 | Modélisation des menaces et renseignement en temps réel - Partie 2 Threat Modeling and Real-Time Intelligence - Part 2 (lien direct) |
Levier Internet Telemetry & # 38;Intelligence des menaces pour les avantages au-delà du cadre d'attr & # 38; CK Le cadre de mitre ATT & # 38; CK est comme un ...
Leverage Internet Telemetry & Threat Intelligence for Benefits Beyond the MITRE ATT&CK Framework The MITRE ATT&CK framework is like a... |
Threat | ★★★★ | |
|
2023-11-03 13:30:31 | Modélisation des menaces et renseignement en temps réel - Partie 1 Threat Modeling and Real-Time Intelligence - Part 1 (lien direct) |
Garder les équipes de sécurité à l'avant-garde de la modélisation proactive des menaces de défense fait partie intégrante des programmes de sécurité par conception pour ...
Keeping Security Teams at the Forefront of Proactive Defense Threat modeling is an integral part of security-by-design programs for... |
Threat | ★★★★ | |
|
2023-05-16 12:49:01 | Les analystes plus agiles, sont plus précieux Analysts who are more agile, are more valuable (lien direct) |
Six raisons pour lesquelles aller plus vite avec la reconnaissance de la cyber-menace est la mission Introduction critique La reconnaissance de la cyber-menace est une critique ...
Six reasons why going faster with Cyber Threat Reconnaissance is mission critical Introduction Cyber Threat Reconnaissance is a critical... |
Threat | ★★★ | |
|
2023-03-14 22:27:50 | Threat Intelligence: A CISO ROI Guide - Automate to Increase Productivity (lien direct) | Automate Threat Intelligence to Stay Ahead of the Pack Introduction In our last several entries we talked about how threat hunting... | Threat | ★★★ | |
|
2023-03-14 22:27:18 | Threat Intelligence: A CISO\'s ROI - Avoid Inheriting a Security Problem with M&A Acquisitions (lien direct) | Elite Threat Hunting Teams Track Down Hidden Threats in M&A Situations By now we have discussed several areas of proactive security and... | Threat | ★★ | |
|
2023-03-14 22:26:26 | Threat Intelligence: A CISO ROI Guide - Elite Threat Hunters Prevent Supply Chain Breaches (lien direct) | Up the Ante Against Supply Chain Attacks and Still Have Time to Save the World Introduction In our first post we talked about how... | Threat | ★★ | |
|
2023-03-14 22:25:16 | Threat Intelligence: A CISO ROI Guide - Focus on Real-Time Threat Intelligence (lien direct) | Stop the Budget Drain and Strain of Old Threat Data you Don't Use In our first post, we talked about how cyber threat intelligence can... | Threat | ★★ | |
|
2023-03-14 22:21:37 | Threat Intelligence: A CISO ROI Guide - Prevent Data Breaches (lien direct) | Threat Reconnaissance that Saves your Butt and the Budget Threat hunting and reconnaissance often seems like another hard to explain... | Threat | ★★ | |
|
2023-02-21 13:10:23 | Attack Surface Management: Why Maturity Models Matter – Part II (lien direct) | The challenges of prioritization, the threat landscape and contextualizing risk for the business In our last post we talked about the... | Threat | ★★ | |
|
2023-01-19 15:00:27 | Darth Vidar: The Dark Side of Evolving Threat Infrastructure (lien direct) | Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar... | Threat | ★★★★★ | |
|
2022-12-21 17:15:14 | Inside the IcedID BackConnect Protocol (lien direct) | Deriving Threat Actor TTPs from Management Infrastructure Tracking You can find our previous work on Stage 1 and Stage 2 of IcedID's... | Threat | ★★★ | |
|
2022-10-07 14:31:34 | A Visualizza into Recent IcedID Campaigns: (lien direct) | Reconstructing Threat Actor Metrics with Pure Signal™ Recon Introduction IcedID (also known as BokBot) started life in early 2017 as a... | Threat | ★★★ | |
|
2022-07-12 14:08:04 | An Analysis of Infrastructure linked to the Hagga Threat Actor (lien direct) | >Summary As this research reveals, mapping out adversary infrastructure has distinct advantages that enable a proactive response to future threats. A well resourced team with access to the right tools can monitor changes to adversary infrastructure in real time, discoveries can become strategic advantages when fully exploited. This blog is geared towards the practitioner threat [...] | Tool Threat | ★★★★ | |
|
2022-06-29 18:21:31 | The Sliding Scale of Threat Actor Sophistication When Reacting to 0-day Vulnerabilities (lien direct) | >SUMMARY Team Cymru's S2 Research Team has highlighted why it is important for cyber defenders to address the critical window between 0-day discovery and the subsequent release of security patches. While malicious activity surges after the release of a POC, the most advanced and skilled threat actors are likely able to develop their own exploits [...] | Threat | ||
|
2022-05-25 15:19:05 | Bablosoft; Lowering the Barrier of Entry for Malicious Actors (lien direct) | >Summary Evidence suggests an increasing number of threat actor groups are making use of a free-to-use browser automation framework. The framework contains numerous features which we assess may be utilized in the enablement of malicious activities. The technical entry bar for the framework is purposefully kept low, which has served to create an active community [...] | Threat | ||
|
2022-04-29 14:23:10 | Sliver Case Study: Assessing Common Offensive Security Tools (lien direct) | The proliferation of Cobalt Strike during the early the 2020s has been undeniable, and its impact unquestionable. In response to this challenge, the detection strategies of defenders have steadily matured. Consequently, threat actor decision making with regards to tooling is likely evolving too. We therefore decided to identify and track Cobalt Strike “alternatives”, specifically off-the-shelf [...] | Threat | ||
|
2022-04-07 19:38:10 | MoqHao Part 2: Continued European Expansion (lien direct) | This blog is a product of ongoing collaboration with @ninoseki, a Tokyo-based researcher who has tracked MoqHao for several years. His public GitHub contains numerous useful OSINT threat hunting tools. Introduction MoqHao (also referred to as Wroba and XLoader) is a malware family commonly associated with the Roaming Mantis threat actor group. MoqHao is generally [...] | Malware Threat | ||
|
2022-03-23 14:25:30 | Raccoon Stealer – An Insight into Victim “Gates” (lien direct) | Co-authored by Brian Eckman, Josh Hopkins, Andy Kraus, and Paul Welte Raccoon Stealer is one of 40-plus malware families tracked through Team Cymru’s Botnet Analysis and Reporting Service (BARS), a service which underpins our Threat Intelligence Feeds. Introduction to Raccoon Stealer Raccoon Stealer is an information stealer sold to 'affiliates' as a Malware-as-a-Service (MaaS) on [...] | Malware Threat | ||
|
2021-12-21 20:54:02 | The Biggest Cyber Security Developments in 2021 (lien direct) | As we charge towards another new year, we decided to pulse our threat intelligence team (@teamcymru_s2) for their views on what they perceive to be the biggest developments in cyber security over the past twelve months. Whilst this blog is a retrospective of recent events, it is also written with one eye on 2022 and [...] | Threat | ||
|
2021-11-03 14:19:09 | Webinject Panel Administration: A Vantage Point into Multiple Threat Actor Campaigns (lien direct) | The contents of this blog were shared with Team Cymru's community partners in the first half of 2021 and were subsequently presented by our analysts at RISE Las Vegas (September 2021). Much has been written about the role of webinjects in the evolution of banking trojans, facilitating the interception and manipulation of victim connections to [...] | Threat | ||
|
2021-10-05 16:00:48 | Collaborative Research on the CONTI Ransomware Group (lien direct) | Ransomware remains one of the pre-eminent cyber threats, with the evolution in tactics, techniques and procedures (TTPs) amongst threat actor groups over recent years upping the stakes for both victims and defenders. In addition to Team Cymru's involvement with the Ransomware Task Force, our analysts have also been collaborating over recent months with a [...] | Ransomware Threat | ||
|
2021-08-24 15:51:23 | Anatomy of a Supply Chain Attack: How to Accelerate Incident Response and Threat Hunting (lien direct) | In recent months, we've seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs [...] | Malware Threat | ||
|
2021-08-12 00:00:04 | MoqHao Part 1.5: High-Level Trends of Recent Campaigns Targeting Japan (lien direct) | Having last looked at the MoqHao (or Roaming Mantis) malware family in January 2021, we decided to take another look at activities of this threat group. MoqHao targets Android users, usually via an initial attack vector of phishing SMS messages, with a particular focus on Japan, South Korea and Taiwan (although MoqHao's focus continues [...] | Malware Threat | ||
|
2021-08-09 17:53:20 | Team Cymru\'s Threat Hunting Maturity Model Explained (lien direct) | Introduction to the Series In this four part series we'll be looking at Team Cymru's Threat Hunting Maturity Model. Its purpose is to define each step of the journey that organizations take to hire, empower and gain value from an elite threat hunting team. This series is aimed at those who may not be deeply [...] | Threat | ||
|
2021-05-06 18:44:11 | The Tide is Turning for External Threat Hunting (lien direct) | Forrester has called out Team Cymru within two distinct categories in their newly published Tech Tide™: Threat Intelligence, Q2 2021Report, so what has changed? In this blog, we'll briefly explain why we feature in each category, and what advantages each of these has to your organization. The categories are Threat Intelligence Feeds and Internet Infrastructure [...] | Threat | ||
|
2021-04-16 15:00:29 | Transparent Tribe APT Infrastructure Mapping (lien direct) | Introduction Transparent Tribe (APT36, Mythic Leopard, ProjectM, Operation C-Major) is the name given to a threat actor group largely targeting Indian entities and assets. Transparent Tribe has also been known to target entities in Afghanistan and social activists in Pakistan, the latter of which lean towards the assumed attribution of Pakistani intelligence. Tools used [...] | Threat | APT 36 | |
|
2021-04-08 18:46:12 | Interviews from The Underground Economy Conference – Part 2 (lien direct) | Underground Economy (UE), our threat intelligence, cyber security and cyber crime conference, is slated for November 2-4 in Strasbourg, and we are taking attendance applications now. You can learn about how to apply for admittance and how to submit a proposal here. Below is Part 2 of our interviews from UE 2019. WHAT WE [...] | Threat | ||
|
2021-04-01 18:09:26 | Underground Economy Conference, Co-Hosted by Council of Europe (lien direct) | Apply early for our threat intelligence, cyber crime and cyber security conference. We are planning to hold UE21 from 2nd to 4th November, 2021 in Strasbourg, France and the application process is now open. As always, attendance is restricted, so get your application in now. It will be the same format [...] | Threat | ||
|
2021-03-15 15:41:42 | FIN8: BADHATCH Threat Indicator Enrichment (lien direct) | INTRODUCTION Last week (10 March 2021), Bitdefender released a whitepaper on the recent activities of the FIN8 threat actor group, focusing particularly on their BADHATCH toolkit[1]. The research found that FIN8, a financially motivated group, had used this toolkit to target victims in the chemicals, insurance, retail and technology sectors. We’ve expanded on Bitdefender's [...] | Threat | ||
|
2020-03-25 10:10:49 | How the Iranian Cyber Security Agency Detects Emissary Panda Malware (lien direct) | Other threat intelligence groups have previously publicised that the Chinese-attributed threat group, Emissary Panda (aka APT27, TG-3390, BRONZE UNION, Iron Tiger and LuckyMouse), have been targeting various sectors in the Middle East, including government organisations. On 15 December 2019, Iran’s Minister of Communications and Information Technology, Mohammad Javad Azari-Jahromi, announced that Iranian authorities had detected foreign spying malware on their government servers which they attributed... Continue Reading → | Malware Threat | APT 27 | |
|
2020-03-03 14:43:01 | GAMAREDON: AN INSIGHT INTO VICTIMOLOGY USING AUGURY (lien direct) | Author: Josh Hopkins The Gamaredon Group is a threat actor group, believed to be aligned to Russia-state linked objectives. Community research into the group reveals a series of sophisticated attacks targeted predominantly against Ukrainian military interests, dating back to at least 2013. In this blog we will examine two recent periods of activity – August/September... Continue Reading → | Threat | ||
|
2020-02-19 13:40:01 | Azorult – what we see using our own tools (lien direct) | The Value of Being Able to Perform Threat Analysis outside the Boundaries of Your Enterprise… Looking at Dmitry Bestuzhev's piece about AZORult cryptominer spreading as a fake ProtonVPN installer[1], I took a glance in Augury at what we have for the malware hashes he provided and many are still very low in terms of their detection... Continue Reading → | Malware Threat | ||
|
2020-01-15 23:15:25 | Iran and Not Iran: What Our Threat Monitoring Indicates (lien direct) | Author: Rabbi Rob Thomas, CEO Greetings, network defenders!We now have a moment to assess the cyber actions in the wake of events in and around Iran. There was concern that the Iranian regime would respond with widespread cyber attacks. “Be vigilant,” some said. But vigilance is a state, not a plan. It is wise to... Continue Reading → | Threat |
1
We have: 35 articles.
We have: 35 articles.
To see everything:
Our RSS (filtrered)
