August 28, 2024 at 08:56AM The FBI, CISA, and the Department of Defense Cyber Crime Center jointly warn network defenders of ongoing cyber exploitation by an Iran-based group targeting U.S. and foreign organizations. The advisory details the threat actors’ tactics, techniques, and procedures, and provides indicators of compromise. Organizations are urged to follow recommended mitigations … Read more
August 25, 2024 at 12:48PM ‘Sedexp’ is a stealthy Linux malware that has been evading detection since 2022 by using a persistence technique not included in the MITRE ATT&CK framework. Based on the meeting notes, the key takeaways are: 1. A Linux malware named ‘sedexp’ has been evading detection since 2022. 2. It uses a … Read more
April 19, 2024 at 01:40PM Black Hat Asia conference in Singapore discussed the challenge of distinguishing true security threats from false alarms. Allyn Stott emphasized the importance of metrics in assessing detection and response programs, driving improvements, and demonstrating risk reduction to the business. He advised using frameworks like MITRE ATT&CK, SANS Institute’s HMM, and … Read more
April 18, 2024 at 03:02PM Summary: This joint Cybersecurity Advisory (CSA), released by the FBI, CISA, EC3, and NCSC-NL, highlights the Akira ransomware threat. The report details the ransomware’s impact, encryption methods, impact on different system architectures, and recommended mitigations for network defenders. The CSA also provides technical details using the MITRE ATT&CK framework. For … Read more
February 15, 2024 at 02:19PM CISA and MS-ISAC conducted an incident response assessment revealing a threat actor gaining unauthorized access to a state government organization’s network environment. Moreover, the attacker compromised network administrator credentials through the account of a former employee, successfully accessing the organization’s internal and Azure environments. A Cybersecurity Advisory containing mitigation strategies … Read more
December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more
November 9, 2023 at 11:49AM Tidal Cyber, a startup founded by MITRE veterans, has raised $5 million in seed funding to develop its threat-informed defense platform. The Washington, DC-based firm offers tooling aligned with the MITRE ATT&CK framework to help organizations automate detection and response while customizing their security programs. Tidal Cyber’s platform includes features … Read more