-
Oct 29, 2023
Microsoft has monitored the actions of a group named Octo Tempest (identified by Crowdstrike as Scattered Spider and my Mandiant as UNC3944), which has targeted multiple firms to extort money. The cybercriminals, linked to the BlackCat group (ALPHV), use a… read more »
-
Oct 20, 2023
What’s the difference between IoA and IOC, and why is it crucial to incorporate them into a security strategy? TL;DR Courtesy of CrowdStrike IoC IoA Artifacts that suggest a system has been breached. Patterns of behavior that indicate that an… read more »
-
Oct 8, 2023
Ransomware groups are constantly evolving their tactics and techniques to stay ahead of defenders. Cybersecurity firm Red Sense collected some information on major ransomware groups this summer, and created this useful chart showing the main changes they made to their… read more »
-
Oct 7, 2023
Personally, I am a big fan of NextDNS, a DNS service that (similar to PiHole) allows you to block traffic to advertising circuits, tracking and telemetry systems. This is why I have always been fascinated by the possibility of reproducing… read more »
-
Sep 26, 2023
RansomedVC is a recent ransomware collective, which was initially detected by Malwarebytes and SocRadar in August 2023 after publishing information about nine victims on its dark web page: It gained notoriety after announcing that it had violated SONY: The singular… read more »
-
Sep 24, 2023
Stealth Falcon APT (aka Project Raven or FruityArmor), a state-sponsored hacking group from the United Arab Emirates (UAE), is mainly known for targeting activists, journalists, and dissidents in the Middle East. Cybersecurity researchers from ESET have discovered a previously undocumented… read more »
-
Sep 15, 2023
UNC3944, a financially motivated threat group, has been leveraging SMS phishing (smishing) campaigns to target organizations and gain unauthorized access to their systems. According to a detailed report by Mandiant, the group uses phone-based social engineering and smishing to obtain… read more »
-
Aug 29, 2023
Japan’s computer emergency response team (JPCERT) recently identified a new attack method named ‘MalDoc in PDF’, which manages to elude detection by incorporating a malicious Word file within a PDF file. According to researchers, a MalDoc in PDF file possesses… read more »