• Mar 13, 2023

    Essential Tools for Gathering and Analyzing IOCs

    In Cyber Threat Intelligence, the collection and analysis of Indicators of Compromise (IOCs) is critical because they provide valuable information that can help organisations detect and respond to cyber threats more effectively. IOCs are pieces of evidence or artefacts that… read more »
  • Mar 11, 2023

    Plaso 20230226 has been released

    Plaso is a Python-based engine that can automatically create timelines from various files found on typical computer systems. It can extract timestamps from file system metadata, log files, registry files, browser history, email archives, and many other sources, and can… read more »
  • Mar 10, 2023

    UNC4540 targets unpatched SonicWall gateways with credential-stealing malware

    According to a recent report from cybersecurity firm Mandiant, Chinese cybercriminals are targeting unpatched SonicWall gateways with credential-stealing malware that persists through firmware upgrades. The spyware is targeting the SonicWall Secure Mobile Access 100 Series, which provides VPN access to… read more »
  • Mar 9, 2023

    CERT, CSIRT or SOC?

    When it comes to responding to cybersecurity incidents, organisations have several options, including using a Computer Emergency Response Team (CERT), a Computer Security Incident Response Team (CSIRT) or a Security Operations Center (SOC). While these teams may seem interchangeable, there… read more »
  • Mar 9, 2023

    Bitwarden vulnerability allows attackers to steal passwords using iframes

    The popular open-source password management service, Bitwarden, offers an auto-fill feature that can automatically fill in users’ saved credentials when they visit a website. However, this feature has a potentially dangerous behavior that could allow malicious iframes embedded in trusted… read more »
  • Mar 8, 2023

    Sharp Panda is starting to use a new version of the Soul framework

    Chinese threat actor Sharp Panda has targeted high-profile government agencies in Southeast Asia with a cyber espionage campaign using a new version of the Soul modular framework. Cybersecurity firm Check Point has described the activity as “long-running” and has previously… read more »
  • Mar 6, 2023

    MITIGA expose Google Cloud Platform's lack of forensic storage visibility

    A new report from cybersecurity firm MITIGA has revealed that malicious actors can exploit a lack of forensic visibility in Google Cloud Platform (GCP) to exfiltrate sensitive data. The research found that GCP does not provide sufficient visibility into its… read more »
  • Mar 5, 2023

    CrowdStrike released the 2023 Global Threat Report

    CrowdStrike has released its 9th Annual Global Threat Report, which provides a comprehensive overview of threat actor behaviour, tactics and trends over the past year. The report is based on the activities of more than 200 cyber adversaries and covers… read more »