November 1, 2024 at 06:27AM Microsoft has identified a Chinese threat actor, Storm-0940, using a botnet named Quad7 (CovertNetwork-1658) to conduct sophisticated password spray attacks targeting organizations in North America and Europe. This botnet exploits security flaws in routers to gain access, facilitating credential theft and further cyber exploitation. ### Meeting Takeaways – November 01, … Read more
October 31, 2024 at 04:10PM Microsoft has reported that Chinese threat actors utilize the Quad7 botnet, composed of hacked SOHO routers, for password-spray attacks to steal credentials. The botnet employs custom malware for remote access and evades detection using a SOCKS5 proxy. Once credentials are obtained, networks are compromised to exfiltrate data. ### Meeting Takeaways … Read more
October 26, 2024 at 01:44PM Cisco has implemented new security features for ASA and Firepower Threat Defense to combat brute-force and password spray attacks, enhancing network protection and resource efficiency. The update allows admins to configure settings to block repeated failed login attempts and other malicious connection attempts, significantly reducing successful attack rates. ### Meeting … Read more
April 12, 2024 at 02:25PM CISA issued an emergency directive in response to a Russian cyber threat targeting Microsoft email accounts. The group, known as Midnight Blizzard, is exfiltrating information and has already affected several companies. The directive requires federal agencies to investigate, reset compromised credentials, and secure privileged accounts. All organizations are urged to … Read more