Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SafeBreach

Windows Downdate Attacks, Quick Share Vulnerability Exploit, and More: Hacker's Playbook Threat Coverage Round-up: August 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats, including those discovered via original research by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share

Authors: Shmuel Cohen, Sr. Security Researcher | Or Yair, Security Research Team Lead Google’s Quick Share is a peer–to-peer data-transfer utility for Android, Windows, and Chrome operating systems. It uses a variety of communication protocols—including Bluetooth, Wi-Fi, Wi-Fi Direct, Web real-time communication (WebRTC), and near-field communication (NFC)—to send files between compatible devices that are in close proximity to each other.

Updated SafeBreach Coverage for US CERT Alert AA23-061A - BlackSuit (Royal) Ransomware

On August 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an update to an existing advisory (AA23-061A) highlighting new TTPs being leveraged by the recently rebranded “Royal” ransomware gang – now known as BlackSuit. Detailed information about this threat and the associated IOCs and TTPs can be seen on #StopRansomware: Blacksuit (Royal) Ransomware.

Windows Downdate: Downgrade Attacks Using Windows Updates

Downgrade attacks—also known as version-rollback attacks—are a type of attack designed to revert an immune, fully up-to-date software back to an older version. They allow malicious actors to expose and exploit previously fixed/patched vulnerabilities to compromise systems and gain unauthorized access.

Poseidon Infostealer, DoNex Ransomware, ElDorado Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: July 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

SafeBreach Coverage for AA24-190A (APT40)

On July 8th, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI) along with several international partners issued an urgent advisory outlining a People’s Republic of China (PRC) state-sponsored cyber group targeting Australian and U.S. enterprises.

FakePenny Ransomware, Qilin Ransomware, and More: Hacker's Playbook Threat Coverage Round-up: June 2024

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for newly discovered or analyzed threats by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats.

The Road to CTEM, Part 2: The Role of Continuous Validation

Many acronyms and security concepts come and go without much traction, but the term continuous threat exposure management (CTEM) seems to be taking hold for the foreseeable future. CTEM, a term originally coined by Gartner, offers a cyclical approach to finding and mitigating threat exposure—which is the accessibility and exploitability of digital and physical assets—in an ongoing, proactive, and prioritized way.