Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Malware

netwrix

Covenant C2 Fills the Void Left by Empire PowerShell

Post-exploitation tools are used by threat actors to move laterally inside a network and escalate their privileges in order to steal data, unleash malware, create backdoors and more. Red teams and ethical hackers also use these tools; indeed, simulating the efforts of adversaries plays a key role in implementing effective controls to secure systems, applications and files.

upguard

How Did Kaseya Get Hacked?

The Kasya ransomware attack occurred through the exploitation of CVE 2021-30116, an authentication bypass vulnerability within Kaseya VSA servers. This allowed the hackers to circumvent authentication controls and executive commands via SQL injection, giving them all the control they needed to deploy their ransomware payload and encrypt a segment of Kaseya's internal data.

Forescout

Royal Ransomware - Analysis of One of the Most Active Ransomware Groups in Late 2022 and Early 2023

In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).

Rubrik

Rubrik Security Cloud: Transition from REST to GraphQL (GQL) APIs

With the release of Rubrik Security Cloud (RSC), our global customers can now consolidate management of their Rubrik estate to a single control plane. This significant improvement in management capabilities also allows customers to leverage the power of RSC’s GraphQL (GQL) APIs for their automation and management needs.

kroll

Black Basta - Technical Analysis

In recent months, news outlets have reported a surge in double extortion ransomware attacks by Black Basta, a notorious ransomware-as-a-service (RaaS) threat group first identified in early 2022. The actor is sophisticated, often utilizing a unique set of tactics, techniques and procedures (TTPs) to gain a foothold, spread laterally, exfiltrate data and drop ransomware. However, Kroll has observed Black Basta sometimes utilizing similar TTPs across multiple incidents.

Arctic Wolf

How Manufacturers Can Fight Back Against Ransomeware

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

Pentest People

Ransomware Hits Royal Mail - Lets Recap

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

netskope

Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023

Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active campaign, launched by a threat actor named Earth Bogle.