August 29, 2024 at 01:53PM Summary: The FBI, CISA, MS-ISAC, and HHS have released a joint Cybersecurity Advisory to disseminate information about RansomHub ransomware, including its tactics, techniques, and procedures. The advisory includes details on the ransomware’s impact, mitigation recommendations for network defenders, technical details, and further resources to protect against ransomware threats. Based on … Read more
July 15, 2024 at 08:19PM The DarkGate malware has become more prevalent after a competitor was taken down by the FBI. Its developer, named RastaFarEye, designed the malware for keylogging, data and credential theft, remote access, and ransomware deployment. Infections are achieved through social engineering, phishing, and compromised websites. The malware’s flexibility and numerous infection … Read more
May 1, 2024 at 05:09AM APT & Targeted Attacks Summary Cybercriminals and nation state actors both exploit compromised routers for anonymization. FBI disrupted Pawn Storm’s botnet of Ubiquiti EdgeRouters, which was used for various malicious activities. Despite the disruption, the botnet operator continued to control some bots. Multiple threat actors used backdoored SSH servers on … Read more
April 19, 2024 at 08:04AM Akira ransomware has victimized over 250 organizations globally, collecting $42 million in ransom payments. Initially targeting Windows systems, it has expanded to infect VMware ESXi virtual machines. Through various tactics like targeting VPN services and known vulnerabilities in Cisco products, the operators gain access to victims’ environments. They then deploy … Read more
March 1, 2024 at 02:33AM The Five Eyes intelligence alliance issued a cybersecurity advisory warning about cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways. They cautioned that the Integrity Checker Tool may provide a false sense of security, allowing threat actors root-level persistence despite factory resets. Ivanti … Read more
February 29, 2024 at 10:42AM The joint Cybersecurity Advisory (CSA) highlights the Phobos ransomware threat, observed as recently as February 2024. It describes the ransomware’s tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and provides recommendations from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information … Read more
February 16, 2024 at 09:19PM Google has open sourced Magika, a machine-learning-powered file identifier, as part of its AI Cyber Defense Initiative. It aims to provide better automated tools for IT network defenders. Magika uses a trained model to rapidly identify file types from file data, enhancing security. Google also plans to partner with startups … Read more
December 19, 2023 at 02:35PM The ALPHV/BlackCat ransomware group has earned more than $300 million from 1,000+ victims worldwide by September 2023, per FBI. Affiliates have extensive networks and experience in ransomware and data extortion. Additionally, FBI and CISA have issued mitigation measures, including patching vulnerabilities and enforcing multifactor authentication. FBI has recently disrupted the … Read more
November 21, 2023 at 11:29AM This joint Cybersecurity Advisory (CSA) aims to provide network defenders with information about the LockBit 3.0 ransomware and its exploitation of the CVE-2023-4966 vulnerability affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. The CSA includes tactics, techniques, and indicators of compromise (IOCs) obtained from various organizations, … Read more