Cyber sleuths reveal how they infiltrate the biggest ransomware gangs

December 22, 2023 at 11:03AM When AlphV/BlackCat’s website went down, it sparked excitement among cybersecurity defenders who believed law enforcement had busted the cyber criminal crew. Though the website is now back, skepticism remains about its explanation for the outage. Singapore-based Group-IB’s 20th anniversary was celebrated with insights into infiltrating ransomware groups, shedding light on … Read more

What’s the Best Way to Communicate After a Data Breach?

December 20, 2023 at 08:05PM Organizations facing security incidents should prioritize clear and strategic communication. Ashley Sawatsky, a Senior Incident Response Advocate at Rootly, uses her expertise to offer essential tips. These include involving legal counsel, being proactive in notifying affected parties, providing regular updates, avoiding speculation, using cautious language, and preparing customer-facing teams. Ashley’s … Read more

MongoDB Suffers Security Breach, Exposing Customer Data

December 17, 2023 at 12:24AM On Dec 13, 2023, MongoDB detected unauthorized access to its systems, leading to exposure of customer data. The company recommends customers to watch out for social engineering and phishing attacks, enforce MFA, and rotate their MongoDB Atlas passwords. Additionally, MongoDB is experiencing login issues, unrelated to the security event. Further … Read more

China’s MIIT Introduces Color-Coded Action Plan for Data Security Incidents

December 16, 2023 at 02:48AM China’s Ministry of Industry and Information Technology unveils a draft proposal for a color-coded system to address data security events. The proposal categorizes incidents into four tiers based on harm level and requires affected companies to assess and report incidents to the local industry supervision department. Public comments are open … Read more

NKabuse backdoor harnesses blockchain brawn to hit several architectures

December 15, 2023 at 09:36AM Researchers have discovered a new multi-platform malware, “NKAbuse,” leveraging the NKN protocol for anonymous and reliable data exchange. The malware exploits an Apache Struts 2 vulnerability and targets various architectures, with a priority for Linux. It offers DDoS attacks and RAT functionality, and has been found in organizations in Mexico, … Read more

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

December 11, 2023 at 04:13AM The blog entry discusses the Analyzing AsyncRAT’s Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases, highlighting how the malware misuses legitimate processes for malicious activities and demonstrates evolving adversary tactics. It emphasizes the malware’s capabilities, infection chain, and strategies for evading detection. The entry also provides mitigation strategies and … Read more

Integrated DFIR Tool Can Simplify and Accelerate Cyber Forensics

December 7, 2023 at 02:11PM Trend Vision One™ – Forensics, integrated into the Trend Vision One platform, transforms cyber forensics for organizations like the City of Columbia and Trend’s global IR teams by streamlining evidence collection, improving response times, and enhancing global collaboration, ultimately bolstering cybersecurity efforts and operational efficiency. Meeting Summary: **Subject**: Cyber Threats … Read more

Ransomware, Data Breaches Inundate OT & Industrial Sector

December 7, 2023 at 02:05PM Over 75% of industrial firms experienced ransomware attacks last year, with 54% impacting operational technology. Attacks increased due to the industrial sector’s vulnerability and tendency to pay ransoms. Despite increased IT and OT security incidents, industrial sectors remain primary targets, with geopolitical tensions exacerbating threats. Victims often pay ransoms, urging … Read more

Building a Robust Threat Intelligence with Wazuh

December 7, 2023 at 06:06AM Threat intelligence is essential in cybersecurity, enabling proactive defense, informed decision-making, and global threat awareness. Wazuh, an open-source security platform, enhances threat intelligence by integrating threat feeds, enriching data, and providing tools to create IoCs and custom detection rules, aiding organizations in effectively responding to cyber threats. Clear Takeaways from … Read more

GAO: Federal Agencies Yet to Fully Implement Incident Response Capabilities

December 6, 2023 at 09:48AM A GAO report indicates that the majority of US federal agencies, 20 out of 23, have failed to completely implement incident response plans for cybersecurity. Takeaways from Meeting Notes: 1. The recent GAO report highlighted a critical issue in cybersecurity preparedness among US federal agencies. 2. Specifically, it was found … Read more