US, Allies Release Guidance on Event Logging and Threat Detection

August 23, 2024 at 08:03AM The US and its allies released a joint guidance document, “Best Practices for Event Logging and Threat Detection,” focusing on defining a baseline for event logging in organizations. The guidance emphasizes the importance of security best practices, sharing responsibilities, capturing high-quality cyber security events, and structured log formats to support … Read more

Chinese hackers hid in US infrastructure network for 5 years

February 7, 2024 at 03:11PM The Chinese cyber-espionage group Volt Typhoon infiltrated U.S. critical infrastructure networks, remaining undetected for at least five years. They utilize living off the land techniques, stolen accounts, and strong operational security to maintain long-term access. U.S. authorities warn of potential disruption to critical infrastructure, with mitigation advice provided alongside the … Read more

Sandworm Cyberattackers Down Ukrainian Power Grid During Missile Strikes

November 9, 2023 at 03:08AM The Sandworm APT group, linked to Russia’s Main Center for Special Technologies, used living-off-the-land techniques to cause a power outage in a Ukrainian city in October 2022. The attack coincided with missile strikes. Unlike previous attacks, Sandworm exploited LotL binaries instead of advanced cyber weaponry. This incident highlights the challenge … Read more