November 3, 2024 at 04:16PM Interlock is a new ransomware operation targeting FreeBSD servers, launched in September 2024. It has attacked six organizations, with data leaks occurring after ransom demands were ignored. The Windows encryptor operates effectively, while challenges persist with the FreeBSD version. Ransom demands range from hundreds of thousands to millions. **Meeting Takeaways: … Read more
October 18, 2024 at 12:33AM Companies increasingly hire North Korean operatives disguised as IT contractors, who exfiltrate data and demand ransoms after being dismissed for poor performance. Secureworks highlights this emerging trend in cyber extortion, urging firms to verify candidates thoroughly, restrict remote software use, and be cautious of suspicious hiring practices. ### Meeting Takeaways: … Read more
October 16, 2024 at 04:09PM EDRSilencer, an open-source tool used in red-team operations, is being exploited by threat actors to disable security alerts and evade detection by blocking 16 common EDR tools. This shift enhances stealth for malicious activities, prompting researchers to advise organizations to adopt advanced detection and threat-hunting strategies. ### Meeting Takeaways: 1. … Read more
October 15, 2024 at 04:05AM Trend Micro’s Threat Hunting Team identified EDRSilencer, a tool designed to block endpoint detection and response (EDR) solutions, enhancing malware stealth by disrupting telemetry transmission. This enables threat actors to evade detection, complicating the identification of malware. Organizations are urged to strengthen security measures and monitor for this evolving threat. … Read more
September 20, 2024 at 11:25AM The article discusses the Ransomhub ransomware’s utilization of EDRKillShifter to disable EDR and antivirus protections. Ransomhub also exploits the Zerologon vulnerability to take control of networks without authentication. The group has attacked various industries, employed spear-phishing, and used the affiliate model. Trend Micro’s Vision One telemetry data aided in uncovering … Read more
August 16, 2024 at 06:10AM Trend Micro’s Zero Day Initiative (ZDI) revealed a zero-day vulnerability, CVE-2024-38213, named Copy2Pwn, which cybercriminals exploited to bypass Windows protections. Microsoft fixed this flaw in June 2024 but only disclosed it in August. ZDI discovered it during the analysis of attacks by a threat group named Water Hydra for bypassing … Read more
August 8, 2024 at 11:00AM After a cybersecurity incident, organizations should conduct a thorough review of the attack to understand its timeline, actions taken, and response efficiency. This post-mortem analysis helps in identifying gaps and potential improvements in processes. Sharing incident data and learnings with others in the industry enhances cybercrime prevention. Establishing a timeframe … Read more
July 19, 2024 at 03:24AM The Play ransomware group has developed a new Linux variant targeting ESXi environments, with potential collaboration with Prolific Puma. The ransomware utilizes evasion techniques and custom-built tools. To mitigate the risk of attacks on ESXi environments, it’s recommended to implement strong access controls, network segmentation, regular backups, and security monitoring. … Read more
July 16, 2024 at 05:50PM Secureworks® introduces Taegis™ ManagedXDR Plus, a Managed Detection and Response (MDR) offering tailored for mid-market companies’ unique cybersecurity requirements. It provides customized use cases, compliance reports, and alerting to address evolving cyber threats and regulations while working within limited budgets. The new tier offers expanded threat hunting, premium support, and … Read more
July 9, 2024 at 11:51AM Startup Command Zero has secured $21 million in seed funding to fuel its AI and automation-powered cybersecurity investigation platform. The Austin-based company aims to address the bottleneck in security operations with its user-friendly platform, combining expert investigative questions, autonomous methods, and advanced Language Learning Models. The investment round was led … Read more