November 7, 2024 at 05:04AM Tactics, techniques, and procedures (TTPs) are essential for cybersecurity, identifying threats more reliably than indicators of compromise. This report details techniques like disabling Windows Event Logging, PowerShell exploitation, and registry manipulation, showcasing real-world examples through ANY.RUN’s sandbox to analyze malware behavior and enhance threat detection capabilities. ### Meeting Takeaways 1. … Read more
June 4, 2024 at 03:46PM The text is a guide to Extended Threat Detection and Response (XDR) by Trend Micro. It discusses the challenges faced by security teams, the need for efficient threat detection, and the benefits of XDR. It also explains different approaches, such as Native, Open, and Hybrid, and provides considerations for selecting … Read more
March 5, 2024 at 05:46AM TA577 threat actor employs ZIP archive attachments in phishing emails to obtain NTLM hashes, facilitating sensitive info gathering and follow-on activities. Delivery of the phishing waves on Feb 26 and 27, 2024, targeted hundreds of global organizations through thread hijacking technique. The actor aims to capture NTLMv2 Challenge/Response pairs for … Read more
February 26, 2024 at 07:26AM Summary: The advisory details the recent tactics of the APT29 cyber espionage group, attributed to the SVR, targeting cloud infrastructure. It outlines their previous activity and evolving techniques, such as accessing service and dormant accounts, using cloud-based token authentication, enrolling new devices to the cloud, and using residential proxies. Mitigation … Read more
October 13, 2023 at 07:06AM AvosLocker ransomware gang has been linked to recent attacks on critical infrastructure sectors in the U.S. The gang uses legitimate software and open-source remote administration tools to compromise networks and exfiltrate data. AvosLocker leverages sophisticated techniques to avoid detection and affects Windows, Linux, and VMware environments. The attacks rely on … Read more
October 11, 2023 at 12:09AM Microsoft analysts and researchers analyze trillions of signals daily to uncover emerging threats and provide timely security insights. They focus on nation-state groups to understand their activities within geopolitical trends. With the shift to remote work due to COVID-19, cybercriminals are exploiting system vulnerabilities and misconfigurations to access sensitive resources … Read more