#ThreatHunting

Here’s what happens if you don’t layer network security – or remove unused web shells

November 21, 2024 by Xynik

November 21, 2024 at 08:18PM The US Cybersecurity and Infrastructure Agency (CISA) simulated a cyber attack on a critical infrastructure provider, exploiting vulnerabilities to gain extensive access. They highlighted lessons learned, emphasizing the need for better detection controls, ongoing staff training, and leadership to prioritize addressing known vulnerabilities to prevent future breaches. ### Meeting Notes … Read more

NodeStealer Malware Targets Facebook Ad Accounts, Harvesting Credit Card Data

November 21, 2024 by Xynik

November 21, 2024 at 01:48AM Threat hunters report an updated Python NodeStealer targeting Facebook Ads Manager and web browser credit card data. Developed by Vietnamese actors, it uses advanced techniques for data exfiltration, including avoiding detection in Vietnam. Recent phishing campaigns deploy I2Parcae RAT via ClickFix techniques, endangering users’ security and financial stability. ### Meeting … Read more

Join in the festive cybersecurity fun

November 19, 2024 by Xynik

November 19, 2024 at 04:16AM The 2024 SANS Holiday Hack Challenge, starting on November 7, features eight weeks of gamified cyber exercises. Participants can tackle various challenges across skill levels, with a live scoreboard for tracking progress. Winners receive prizes like free courses and subscriptions. Sign up for updates and further details online. ### Meeting … Read more

Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection

November 18, 2024 by Xynik

November 18, 2024 at 10:33AM Cyber Threat Intelligence (CTI) is vital for cybersecurity, emphasizing the importance of actionable, reliable, and timely information. Indicators of Compromise (IOCs) are crucial but often generic and ineffective. Custom IOCs enhance threat detection, adapt to specific risks, improve supply chain security, and support compliance, making them essential for organizational defense. … Read more

Alleged Snowflake attacker gets busted by Canadians – politely, we assume

November 10, 2024 by Xynik

November 10, 2024 at 10:30PM Alexander “Connor” Moucka, linked to the Snowflake breach affecting 165 customers, was arrested in Canada due to a U.S. extradition request. His co-conspirator, John Binns, is jailed in Turkey. Critical vulnerabilities in various software and cyber threats targeting crypto businesses are also highlighted, emphasizing ongoing security challenges. Here are the … Read more

Gootloader Cyberattackers Target Bengal-Cat Aficionados in Oz

November 8, 2024 by Xynik

November 8, 2024 at 12:05PM Recent research indicates that cybercriminals are targeting Australians interested in Bengal cats using Gootloader malware. By optimizing search results related to Bengal cat legality, they trick users into downloading malicious files. Sophos warns of rising attacks utilizing this method, urging users to be cautious of suspicious links and downloads. **Meeting … Read more

How to Outsmart Stealthy E-Crime and Nation-State Threats

November 6, 2024 by Xynik

November 6, 2024 at 10:08AM Cross-domain threats have surged, exploiting identity, cloud, and endpoint vulnerabilities with minimal detection footprints. Notable adversaries like Scattered Spider and North Korea’s Famous Chollima utilize stolen credentials and sophisticated phishing to conduct attacks. Defending against these requires integrated visibility, real-time threat hunting, and advanced identity protection measures to prevent breaches. … Read more

Meet Interlock — The new ransomware targeting FreeBSD servers

November 3, 2024 by Xynik

November 3, 2024 at 04:16PM Interlock is a new ransomware operation targeting FreeBSD servers, launched in September 2024. It has attacked six organizations, with data leaks occurring after ransom demands were ignored. The Windows encryptor operates effectively, while challenges persist with the FreeBSD version. Ransom demands range from hundreds of thousands to millions. **Meeting Takeaways: … Read more

Biz hired, and fired, a fake North Korean IT worker – then the ransom demands began

October 18, 2024 by Xynik

October 18, 2024 at 12:33AM Companies increasingly hire North Korean operatives disguised as IT contractors, who exfiltrate data and demand ransoms after being dismissed for poor performance. Secureworks highlights this emerging trend in cyber extortion, urging firms to verify candidates thoroughly, restrict remote software use, and be cautious of suspicious hiring practices. ### Meeting Takeaways: … Read more

Bad Actors Manipulate Red-Team Tools to Evade Detection

October 16, 2024 by Xynik

October 16, 2024 at 04:09PM EDRSilencer, an open-source tool used in red-team operations, is being exploited by threat actors to disable security alerts and evade detection by blocking 16 common EDR tools. This shift enhances stealth for malicious activities, prompting researchers to advise organizations to adopt advanced detection and threat-hunting strategies. ### Meeting Takeaways: 1. … Read more