Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2023

Cactus Ransomware, BlackSuit, and more: Hacker's Playbook Threat Coverage Round-up: June 29, 2023

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Cactus ransomware and BlackSuit ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

HiBob - Can You Please Share Customers' Data?

As part of our ongoing commitment to conducting original research and maintaining an up-to-date Hacker’s Playbook, the SafeBreach Labs team is dedicated to uncovering new threats. My recent research focused on searching for vulnerabilities and design issues in the API security domain in line with this objective. As a result, we discovered a security vulnerability in the popular HR information system (HRIS) platform called HiBob.

MOVEIt Vulnerability: A Painful Reminder That Threat Actors Aren't the Only Ones Responsible for a Data Breach

The MOVEIt data breach continues to impact a number of both private and government groups across the US and Europe by exposing confidential data. With breaches like this becoming increasingly common, it can be easy to blame advanced persistent threat (APT) groups and other malicious actors; however, there is a valuable lesson to learn from the MOVEit breach: it is essential to be proactive about these threats, Not doing so may lead to a breach.

SafeBreach Coverage for US-CERT Alert (AA23-165A) - LockBit Ransomware

On June 14th, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC) along with its international cybersecurity partners released an advisory calling out the various indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the LockBit ransomware operation over the past 3 years.

BestinBAS Threat Researchers Discover Their 40th CVE

SafeBreach Labs is the research and development arm of SafeBreach. SafeBreach Labs delivers cutting-edge vulnerability and cybersecurity research as well as novel product ideas. Real-world insights and observations of “in-the-wild” attacks, as well as in-depth and frequent conversations with the top cybersecurity researchers and CISOs worldwide, serve as the foundation for its research and product-related work.

SafeBreach Coverage for US-CERT Alert (AA23-158A) - CVE-2023-3462 MOVEit Vulnerability

On June 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory highlighting the recent efforts of threat actors to disseminate CL0P ransomware. The various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the threat actors are listed in US-CERT Alert (AA23-158A) – CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

Bringing IT & OT Security Together, Part 2: BAS and the Purdue Model

In our first post on using BAS in an operational technology (OT) environment, we provided an overview of a typical converged IT/OT network, the trends that were driving increased cyber risk for industrial asset owners, and a high-level discussion of how BAS can help provide better visibility and protection across the converged environment.