July 25, 2024 at 08:08AM Kaspersky proposed a “comprehensive assessment framework” to verify its security products to the US Department of Commerce, aiming to mitigate supply chain risks and provide security assurances. Despite this, the Commerce Department did not respond to the proposal. The framework includes localization of data processing, review of data received, and … Read more
June 5, 2024 at 05:56AM A new Linux variant of TargetCompany ransomware has been discovered, using a custom shell script to deliver and execute the payload, as well as exfiltrate victim information. This variant also targets VMware ESXi environments, potentially increasing the impact and chances of ransom payment. Trend Micro has observed increased activity of … Read more
May 29, 2024 at 04:50PM The National Rural Electric Cooperative Association has signed an agreement with the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center to enhance electric sector cybersecurity through increased information sharing and collaboration. The partnership aims to prioritize sharing intelligence about security threats and vulnerabilities and facilitate collaborative efforts … Read more
May 29, 2024 at 10:56AM The BlackSuit ransomware gang, linked to the Royal gang, targets US-based companies in critical sectors with a focus on financial gain. Using advanced methods, the group’s attack tactics include lateral movement, Kerberoasting, FTP exfiltration, and ransomware deployment. Mitigation tactics involve network configuration management and strengthening password encryption to prevent such … Read more
May 18, 2024 at 01:14PM The Android banking trojan “Grandoreiro” is spreading in a large-scale phishing campaign across 60+ countries, targeting accounts of about 1,500 banks. Despite law enforcement efforts in January 2024, it has reemerged with new features and is now targeting English-speaking countries, employing diverse phishing lures and expanded capabilities, indicating a resilient … Read more
April 23, 2024 at 09:16AM Global organizations are detecting cyberattacks more quickly, with average detection time reaching an all-time low of ten days, down from 16 days last year. However, there are still regional variations and a significant reliance on external sources to detect intrusions. Mandiant emphasizes the need for continued vigilance and improved threat … Read more
April 19, 2024 at 01:40PM Black Hat Asia conference in Singapore discussed the challenge of distinguishing true security threats from false alarms. Allyn Stott emphasized the importance of metrics in assessing detection and response programs, driving improvements, and demonstrating risk reduction to the business. He advised using frameworks like MITRE ATT&CK, SANS Institute’s HMM, and … Read more
April 11, 2024 at 06:27PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has launched a new version of “Malware Next-Gen,” allowing the public to submit malware samples for analysis. This expands access beyond government agencies and aims to enhance cyber defense efforts. The platform has already identified 200 suspicious files from 1,600 submissions, encouraging … Read more
April 2, 2024 at 11:07AM Amid upcoming global elections, Clint Watts, Microsoft’s Threat Analysis Center GM, anticipates AI-driven misinformation influencing outcomes. Deception may not reach feared sophistication but will remain effective due to simple tactics. Watts’ team monitors government-linked threat groups globally and identified AI techniques utilized by Russian actors to post fake news. AI … Read more
March 26, 2024 at 04:28AM The blog entry provides a summary of the Agenda ransomware’s new propagation methods targeting VMWare vCenter and ESXi servers using custom PowerShell scripts embedded in its latest Rust variant. The ransomware is distributed globally and has been increasingly detected by cybersecurity organizations. The threat actors are utilizing various defense evasion … Read more