Ransomware Trends Report | Q3 2024
A Free Guide to All Managers Security professionals often struggle to keep up with evolving ransomware trends due to the constant barrage of information. We aim to help you filter this overload, present the third quarter of 2024 Ransomware Trends in an understandable format, and convert this information into meaningful insights. Exploring Ransomware Trends in Q3 […]
Russia sentences Hydra dark web market leader to life in prison
Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. Additionally, more than a dozen accomplices have been convicted for their involvement in the production and sale of nearly a ton of drugs. Stanislav Moiseyev, the group’s „organizer,“ who was sentenced to life […]
Fuzzing and Bypassing the AWS WAF
The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this […]
Chinese national charged for hacking thousands of Sophos firewalls
The U.S. has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. The U.S. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a zero-day exploit used to […]
Spoofing Call Stacks To Confuse EDRs
Call stacks are an understated yet often important source of telemetry for EDR products. They can provide vital context to an event and be an extremely powerful tool in determining false positives from true positives (especially for credential theft events such as handle access to lsass). An example of this is that attackers will typically […]
Infostealer Shut Down After Source Code Was Leaked
Source code for Banshee Stealer was published on GitHub. The macOS malware-as-a-service Banshee Stealer has been taken down following the exposure of its source code. According to Security Affairs, the source code was leaked online, archived and published it on GitHub by VXunderground. It was also disclosed that the operators behind Banshee Stealer have shut down their operations after the […]
C2 Hunting: How to Find C2 Servers with Shodan
Threat actors are getting smarter. The days of blocklisting or threat hunting for IP addresses and domains you find in cyber threat intelligence reports are gone. You must get ahead of the bad guys and start performing C2 hunting. A Command and Control (C2) server is an attacker’s lifeline. It allows them to control systems […]
DHS, DTRA lead maritime cybersecurity exercise in Philippines, boost Indo-Pacific security efforts
The U.S. Department of Homeland Security (DHS), in collaboration with the Defense Threat Reduction Agency (DTRA) and U.S. Embassy Manila, conducted last week a high-impact maritime cybersecurity tabletop exercise and chemical security workshop with the Government of the Philippines. The exercise tested realistic scenarios involving sophisticated cyberattacks on critical port infrastructure, including automated cargo handling systems and communication networks. […]
US House passes legislation to bolster cyber defenses against Chinese state-sponsored threats
The U.S. House of Representatives unanimously approved a bill aimed at enhancing cyber resilience against state-sponsored threats. This legislation, advanced by the House Homeland Security Committee, seeks to address the increasing cyber threats posed by the Chinese Communist Party (CCP) to U.S. critical infrastructure. The legislation works to ensure the security and integrity of these critical […]
Chinese APT Group Earth Estries targets critical infrastructure sectors with advanced cyber attacks
New research from Trend Micro reveals that the Chinese APT group Earth Estries has focused on critical sectors, including telecommunications and government entities, across the US, Asia-Pacific, Middle East, and South Africa since 2023. The group utilizes sophisticated attack techniques and multiple backdoors, such as GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, impacting several Southeast Asian telecommunications companies and […]