Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Cybersecurity teams are under immense pressure in 2024. They need to be more efficient than ever to stay ahead of evolving threats. This means embracing new technologies, strategies, and frameworks. One powerful tool in their arsenal is the threat intelligence lifecycle—a vital but challenging aspect of proactive cyber defense. Forward-thinking enterprises understand the value of a structured approach to threat intelligence.

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.

In security, we are very used to talking about features and functions in the tools we use.

Trustwave today added Threat Intelligence as a Service (TIaaS) to its offensive security portfolio to help organizations better understand the threats they face and provide detailed knowledge and mitigations of their security weaknesses. Trustwave TIaaS provides organizations with timely, contextualized, and prioritized threat intelligence based on factors relevant to their operations, enabling them to make risk-based and threat-informed decisions which benefit their organizations.

On March 28th, Red Hat released an advisory for CVE-2024-3094 which is a critical vulnerability identified in XZ Utils – a widely used data compression software included in many Linux distributions. This vulnerability stems from a backdoor inserted in versions 5.6.0 and 5.6.1 of XZ Utils and has been given a CVSS score of 10 out of 10, indicating its severity as critical.

Threat Intelligence is an important capability that many SOCs use to improve their security posture. Understanding what threat actors are targeting and how, can aid in everything from threat hunting to incident response. However, organizations often struggle with how to operationalize threat intelligence data they receive in order to actually accomplish this.