The article discusses a phishing campaign utilizing the Mamba 2FA phishing kit, which mimics Microsoft 365 login pages and employs advanced techniques to capture user credentials and multi-factor …
Tag: SOC
Meow, a ransomware group that emerged in 2022, has gained attention for its unique operational model and rising victim count. It is often linked to Meow Leaks, which …
Summary: Logpoint has acquired Muninn, a network detection and response startup, to enhance its cybersecurity offerings by integrating AI-driven detection capabilities with its existing SIEM solutions. This acquisition aims to …
The webpage from Device42 provides a comprehensive guide to various IT compliance standards, highlighting key frameworks and checklists, including PCI DSS, NIST CSF, SOC 2, ISO 27001, and …
Short Summary:
The article discusses the detection and response to the Poseidon Stealer malware by eSentire’s Threat Response Unit (TRU). This malware targets macOS devices and employs deceptive techniques to …
Short Summary:
eSentire’s Threat Response Unit (TRU) reported on the detection of Go Injector leading to the execution of Lumma Stealer, a malware targeting sensitive data. The infection involved a …
Short Summary:
The article discusses the detection and analysis of the Poseidon Stealer malware by eSentire’s Threat Response Unit (TRU). This malware specifically targets macOS devices and employs deceptive techniques …
Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support – Help Net Security
Summary: Kali Linux 2024.3 has been released, featuring new tools and optimizations aimed at enhancing user experience and security assessments. This update introduces several innovative tools for network security, auditing, …
Summary: The report by Command Zero highlights the significant challenges faced by SecOps leaders, particularly the skills gap in cybersecurity and the operational difficulties with commonly used tools. It emphasizes …
Short Summary:
Sekoia.io conducted a proactive hunt for typosquatted domains related to the Paris 2024 Olympics, identifying over 650 suspicious domains. The analysis revealed a significant number of domains aimed …
Rapid7 has been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment. The company highlights the unique features of its InsightIDR product, …
Short Summary:
The eSentire Threat Response Unit (TRU) reported a case involving LummaC2 stealer malware and a malicious Chrome extension that manipulates browser activities and facilitates data theft. The incident …
The MITRE ATT&CK framework is a comprehensive matrix of tactics, techniques, and procedures (TTPs) used by cyber adversaries to carry out attacks. It provides a common language and a …
Summary: Integrity360, an Irish cybersecurity firm, is expanding its global presence through the acquisition of South African company Grove, which enhances its customer base and security operations. This deal is …
Short Summary:
The article discusses a recent threat investigation by eSentire’s Threat Response Unit (TRU) involving an AsyncRAT infection that originated from a phishing email. The TRU team successfully isolated …
Summary: Check Point Software Technologies has announced its acquisition of Cyberint, a threat intelligence firm, marking its third startup acquisition in about a year. The deal, valued at approximately $200 …
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198 in TeamCity On-Premises. Following its disclosure, threat actors quickly attempted to exploit this vulnerability, leading …
Summary: A recent Malwarebytes report reveals a significant rise in ransomware attacks, with evolving tactics that necessitate continuous monitoring and rapid response strategies for organizations. The report highlights alarming statistics …
Short Summary:
The article discusses the rapid exploitation of critical vulnerabilities, particularly focusing on CVE-2024-27198, a severe authentication bypass vulnerability in TeamCity On-Premises. Following its disclosure, threat actors quickly began …
Short Summary:
Darktrace reported the swift exploitation of a critical vulnerability (CVE-2024-27198) in JetBrains TeamCity, highlighting the urgent need for rapid detection and response to prevent supply chain attacks. Following …
DEF CON 32 gathered thousands of hackers and security enthusiasts, providing opportunities for learning and networking. Attendees shared insights from various talks, emphasizing the importance of proactive security …
eSentire’s Threat Response Unit (TRU) investigates the D3F@ck Loader malware, tracing its origins to a developer known as Sergei Panteleevich. The article details the loader’s capabilities, including its …
Short Summary:
Aqua Nautilus researchers have identified a new variant of the Gafgyt botnet that targets machines with weak SSH passwords. This botnet executes binaries from memory to expand its …
Unit 42 researchers uncovered a cloud extortion campaign that exploited misconfigurations, particularly exposed environment variable files (.env files), to compromise and extort multiple organizations. The attackers utilized various …
Short Summary:
This article provides a comprehensive overview of threat intelligence services, emphasizing their importance, methodology, benefits, and future in enhancing organizational cybersecurity posture.
Key Points:
Proactive Defense: Anticipating and…Summary: The article discusses the critical role of firewalls in protecting operational technology (OT) networks, emphasizing that while they serve as a perimeter defense, they are not sufficient alone due …
Short Summary:
The article discusses a phishing attack that led to a malware infection involving the 0bj3ctivity Stealer, facilitated by the Ande Loader. eSentire’s Threat Response Unit (TRU) details their …
Summary: Researchers from the CISPA Helmholtz Center have discovered critical vulnerabilities in Alibaba’s T-Head Semiconductor RISC-V processors, particularly the C910 CPU cores, which could allow attackers to execute arbitrary code …
Summary: Security Operation Centers (SOCs) are increasingly turning to AI to manage the overwhelming volume of data and sophisticated threats, allowing human analysts to focus on more strategic tasks. While …
Victim: coinbv.nl Country : NL Actor: madliberator Source: http://k67ivvik3dikqi4gy4ua7xa6idijl4si7k5ad5lotbaeirfcsx4sgbid.onion Discovered: 2024-08-02 07:18:37.181962 Published: 2024-08-02 07:18:36.253081 Description : COIN is your hands-on partner for IT Continuity, Disaster & Workplace Recovery, and …
“`html Short Summary:
This article discusses a recent malware campaign detected by eSentire’s Threat Response Unit (TRU) that involved multiple malware threats targeting a government sector customer. The attack utilized …
A Security Information and Event Management (SIEM) solution acts as the central nervous system of an organization’s security framework. It collects, analyzes, and correlates data from various sources within the …
Summary: eSentire’s Threat Response Unit (TRU) has identified a new variant of Gh0st RAT, dubbed Gh0stGambit, which utilizes malicious Chrome installer packages to infect systems. The report details the malware’s …
SideWinder Leverages Enhanced Infrastructure to Focus on Mediterranean Ports and Maritime Facilities
“`html
Short Summary: The BlackBerry Threat Research and Intelligence team has identified a new campaign by the nation-state threat actor SideWinder, targeting maritime facilities in the Indian Ocean and Mediterranean…“`html Short Summary:
This article discusses a cybersecurity incident involving two medical organizations that were tricked into downloading a malicious version of a DICOM viewer, a software used for viewing …
WarmCookie, also known as BadSpace [2], is a two-stage backdoor tool that provides functionality for threat actors to retrieve victim information and launch additional payloads. The …
WarmCookie, also known as BadSpace [2], is a two-stage backdoor tool that provides functionality for threat actors to retrieve victim information and launch additional payloads. The …
WarmCookie is a backdoor malware strain that allows threat actors to gather sensitive system information, facilitating further cyber attacks against their targets. Between April and June 2024, Darktrace’s Threat Research …
Summary: KnowBe4 revealed it was deceived into hiring a fake IT worker from North Korea, leading to attempted insider threat activities that were ultimately thwarted. The incident underscores the sophistication …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Summary: Vanta, a trust management platform, has raised $150 million in Series C funding, increasing its valuation to $2.45 billion. The company aims to enhance security and compliance processes while …
Written by Mitigant (Kennedy Torkura) and Sekoia.io Threat Detection and Research (TDR) team (Erwan Chevalier and Guillaume Couchard).
Table of contents IntroductionEnterprises are increasingly using cloud infrastructure to take …
Same threats, different days? Not necessarily. Threat actors are forever innovating, looking for better and more effective ways to achieve their goals. While tactics like phishing are often in the …
In today’s cybersecurity landscape, it’s not a matter of if an organization will experience a security incident, but when. Having a skilled Security Operations Center (SOC) team that can effectively …
This report was originally published for our customers on 20 June 2024.
Today, the Check Point Research (CPR) team published a report on the same implant, providing details of recent MuddyWater campaigns.…
A supply chain attack is a prominent “Initial Access” tactic employed by malware authors and Advanced Persistent Threat (APT) groups to gain a foothold on their targeted hosts or systems. …
Summary: A new phishing kit called FishXProxy is making it easy for cybercriminals to launch sophisticated scams, bypassing security defenses and going undetected.
Threat Actor: FishXProxy | FishXProxy Victim: Individuals …
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the …