Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers

June 4, 2024 at 07:06AM Snowflake, in collaboration with CrowdStrike and Mandiant, has reported a targeted campaign against a limited number of its customers. The company recommends enabling multi-factor authentication and limiting network traffic to trusted locations to prevent unauthorized access. U.S. CISA and ACSC issued alerts, and it’s advised to look for signs of … Read more

Poland says Russian military hackers target its govt networks

May 9, 2024 at 07:18PM Poland warns of state-backed Russian threat group targeting its government institutions. Russian APT28 hackers used a phishing campaign to trick officials into clicking malicious links, compromising their devices. This aligns with previous APT28 operations targeting NATO and EU members. APT28’s history includes hacking the DNC, DCCC, and the German Bundestag. … Read more

Cisco warns of large-scale brute-force attacks against VPN services

April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more

How to Identify a Cyber Adversary: Standards of Proof

March 12, 2024 at 10:11AM Part one of the article explains cybersecurity attribution, distinguishing between attribution and public disclosure, and discussing standards of proof including intelligence, judicial, and technical standards. Attribution is important for understanding the adversary and defending against future attacks. The article promises to delve into the key methods of attributing events to … Read more

Governments Urge Organizations to Hunt for Ivanti VPN Attacks

March 1, 2024 at 08:57AM Five Eyes agencies warn of ongoing exploitation of Ivanti VPN flaws and encourage organizations to assume credentials have been compromised, hunt for malicious activity, use Ivanti’s Integrity Checker Tool, and apply patches. Ivanti releases enhanced ICT to detect new/changed files on affected appliances. Agencies offer IoCs, Yara rules, and incident … Read more

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

February 19, 2024 at 08:51AM Meta Platforms curtailed malicious activity from firms in Italy, Spain, and the U.A.E. operating in surveillance-for-hire. Spyware targeted iOS, Android, and Windows devices, collecting device info, media, and enabling camera and microphone. Accounts in Italy and Spain were involved in social engineering. Meta also acted on coordinated inauthentic behavior from … Read more

Cloud Server Abuse Leads to Huge Spike in Botnet Scanning

January 15, 2024 at 06:12AM Security solutions provider Netscout has observed a significant increase in botnet scanning activity, with peak numbers reaching 43,000 devices on December 20. The use of free cloud and hosting servers by attackers to create botnet launch pads has risen, allowing for anonymity and low overhead. The scanning represents reconnaissance activity … Read more

Discord still a hotbed of malware activity — Now APTs join the fun

October 16, 2023 at 05:37PM Discord is increasingly being used by hackers and advanced persistent threat (APT) groups to distribute malware, steal data, and target critical infrastructure. Trellix’s report highlights how Discord’s content delivery network (CDN) is utilized for delivering malicious payloads, while webhooks are abused for data theft. The report also notes that APT … Read more