Massive Ad Fraud Campaign Infected 11M Devices, Spoofed 1,700 Apps and 120 Publishers
Read also: PayPal, Riot Games compromised, FBI links $100M Harmony hack to North Korea, and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How Did Kaseya Get Hacked?
The Kasya ransomware attack occurred through the exploitation of CVE 2021-30116, an authentication bypass vulnerability within Kaseya VSA servers. This allowed the hackers to circumvent authentication controls and executive commands via SQL injection, giving them all the control they needed to deploy their ransomware payload and encrypt a segment of Kaseya's internal data.
CTI Roundup: Ransomware Profits Drop as Attacks Remain High
Reporting revealed declining ransomware profits in 2022, a new backdoor based on the CIA’s Hive malware is discovered, and a new wave of BackdoorDiplomacy attacks are targeting Iranian government entities.
Royal Ransomware - Analysis of One of the Most Active Ransomware Groups in Late 2022 and Early 2023
In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).
Rubrik Security Cloud: Transition from REST to GraphQL (GQL) APIs
With the release of Rubrik Security Cloud (RSC), our global customers can now consolidate management of their Rubrik estate to a single control plane. This significant improvement in management capabilities also allows customers to leverage the power of RSC’s GraphQL (GQL) APIs for their automation and management needs.
Black Basta - Technical Analysis
In recent months, news outlets have reported a surge in double extortion ransomware attacks by Black Basta, a notorious ransomware-as-a-service (RaaS) threat group first identified in early 2022. The actor is sophisticated, often utilizing a unique set of tactics, techniques and procedures (TTPs) to gain a foothold, spread laterally, exfiltrate data and drop ransomware. However, Kroll has observed Black Basta sometimes utilizing similar TTPs across multiple incidents.
How Cybersecurity Trends Drive Organizational Changes | Industry Panel Discussion
Ransomware threats, the many flavors of trust, and the war for talent, are just a few of the cybersecurity trends challenging (and changing) today’s organizations. Watch as CyberArk’s Regional Manager, Amit Grinman, as he speaks with Shay Nahmany, Director of IT at Israel National Digital Agency, Shelly Brownshtein, Head Of Cyber Security At Menora Mivtachim Insurance, and Yossi Marmarali, Director, Security Engineering & Business Information Security Officer at Netafim and Dura-Line (Orbia), about staying secure and addressing these concerns head-on.
How Manufacturers Can Fight Back Against Ransomeware
Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.
Redline Infostealer Analysis (Part 1)
This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.
Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023
Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active campaign, launched by a threat actor named Earth Bogle.