Эпизоды
-
**Threat Hunting Workshop: Hunting for Discovery
November 20, 2024 | 12:00 – 1:00 PM ET
Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery
----------
Top Headlines:
Unit 42 | Jumpy Pisces Engages in Play Ransomware: https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/Help Net Security | Sophos Mounted Counter-Offensive Operation to Foil Chinese Attackers: https://www.helpnetsecurity.com/2024/10/31/sophos-china-defensive-operation/?web_view=trueProject Zero | From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html?m=1The Cyber Express | HeptaX: Uncovering Cyberespionage Operations Through Unauthorized RDP Connections: https://thecyberexpress.com/heptax-cyberattack/?&web_view=true
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
*Join our Threat Hunting Workshop: Hunting for Discovery*
November 20, 2024 | 12:00 - 1:00 PM ET
Sign Up Here: https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-discovery
----
In this live episode of Out of the Woods: The Threat Hunting Podcast, we dive into essential threat hunting techniques and the journey to mastering the craft.
Join us as we discuss:
Building resilience through community insights and shared resourcesPractical threat hunting tips with the latest from GitHub repositories and threat actor techniquesManaging the grind and balancing detection with proactive hunting strategiesEnhancing skill sets by embracing the unknowns in the journey
Interesting Artifacts:
https://github.com/BushidoUKhttps://github.com/salesforce/logai?tab=readme-ov-file#documentationhttps://opensource.salesforce.com/logai/latest/intro.htmlhttps://detect.fyi/have-you-been-keeping-up-with-your-low-confidence-detections-494c742202e4
🔗 Join our Discord to interact with us at our next live session: https://discord.gg/Ka6tsEc3
#ThreatHunting #CyberSecurity #OutOfTheWoods #Podcast -
Пропущенные эпизоды?
-
**[LIVE] Out of the Woods: The Threat Hunting Podcast
October 24, 2024 | 7:00 – 8:30 PM ET
Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter
----------
Top Headlines:
Aqua | perfctl: A Stealthy Malware Targeting Millions of Linux Servers: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Cisco Talos Blog | Threat Actor Believed to be Spreading New MedusaLocker Variant in Europe and South America: https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/?&web_view=trueProofpoint US | Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware: https://www.proofpoint.com/us/blog/threat-insight/security-brief-royal-mail-lures-deliver-open-source-prince-ransomwareSecurity Affairs | Kyiv's Hackers Launched an Unprecedented Cyber Attack on Russian State Media VGTRK on Putin's Birthday: https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html?web_view=true
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
**Threat Hunting Workshop: Hunting for Collection
October 2, 2024 | 12:00 - 1:00 PM ET
Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection
**[LIVE] Out of the Woods: The Threat Hunting Podcast
October 24, 2024 | 7:00 – 8:30 PM ET
Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter
----------
Top Headlines:
The Hacker News | Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution: https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html?m=1The DFIR Report | Nitrogen Campaign Drops Silver and Ends With BlackCat Ransomware: https://thedfirreport.com/2024/09/30/nitrogen-campaign-drops-sliver-and-ends-with-blackcat-ransomware/Netskope | DCRat Targets Users with HTML Smuggling: https://www.netskope.com/blog/dcrat-targets-users-with-html-smugglingCISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments: https://www.cisa.gov/sites/default/files/2024-09/FY23_RVA_Analysis_508.pdf
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
**Threat Hunting Workshop: Hunting for Collection
October 2, 2024 | 12:00 - 1:00 PM ET
Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection
**[LIVE] Out of the Woods: The Threat Hunting Podcast
October 24, 2024 | 7:00 – 8:30 PM ET
Sign Up > https://intel471.com/resources/podcasts/blood-sweat-and-threats-carving-the-perfect-threat-hunter
----------
In this episode of Out of the Woods: The Threat Hunting Podcast, Scott Poley and Tom Kastura explore the latest threat-hunting insights, starting with UNC 2970, a North Korean-linked group using trojanized PDF readers to target industries like energy and finance. They discuss how the group's phishing tactics exploit job openings and the use of telemetry to detect malicious activity. The episode also covers a campaign leveraging CAPTCHA pages to deliver the Luma Stealer malware and dives into the risk of poisoned Python packages compromising supply chains. Tune in for strategies to stay proactive against advanced threats and enhance your hunting techniques.
Top Headlines:
Unit 42 | Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors: https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat/?web_view=trueCloudSEK | Unmasking the Danger: Lumma Stealer Malware Exploits Fake CAPTCHA Pages: https://www.cloudsek.com/blog/unmasking-the-danger-lumma-stealer-malware-exploits-fake-captcha-pages?&web_view=trueGoogle Cloud | An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader: https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-readerDarkReading | For $20, Researchers Seize Part of Net Infrastructure: https://www.darkreading.com/cyber-risk/researchers-seize-internet-infrastructure-for-20?&web_view=true
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
**Threat Hunting Workshop: Hunting for Collection
October 2, 2024 | 12:00 - 1:00 PM ET
Sign Up > https://intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-collection
In this episode of Out of the Woods: The Threat Hunting Podcast, Scott and Lee discuss four key topics: North Korea’s social engineering attacks on the crypto industry, the rise of the malicious Chrome extension Luma C2 Stealer, a phishing and doxxing campaign by Russian threat actors targeting NGOs, and hacktivist attacks on Russian and Belarusian institutions using ransomware and common tools. They highlight the growing sophistication of these tactics and stress the importance of vigilance and proactive threat hunting to defend against these increasingly complex threats.
Top Headlines:
1. FBI | Public Service Announcement - North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks: https://www.ic3.gov/Media/Y2024/PSA240903
2. Cybersecurity News | Beware the Drive-By Download: LummaC2 Stealer and Malicious Chrome Extension Wreak Havoc: https://securityonline.info/beware-the-drive-by-download-lummac2-stealer-and-malicious-chrome-extension-wreak-havoc/?&web_view=true
3. The Hacker News | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams: https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
4. SecureList | Head Mare: Adventures of a Unicorn in Russia and Belarus: https://securelist.com/head-mare-hacktivists/113555/
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
In this episode of "Out of the Woods: The Threat Hunting Podcast," Scott and Tom dive into the latest threat hunting headlines for the week of September 2nd, 2024. They explore how basic techniques are being repurposed in advanced ways, such as using Google Sheets for command and control in a suspected espionage campaign and employing web dev to enhance phishing attacks. The discussion also covers a new wave of skimming attacks targeting e-commerce sites and a deep dive into APT32’s advanced persistence tactics in a long-term intrusion. Scott and Tom offer insights and strategies for threat hunters to detect and counter these evolving threats.
Top Headlines:
1. Huntress | Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders: https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders?&web_view=true
2. Objective-See | A Surreptitious Cryptocurrency Miner in the Mac App Store?: https://objective-see.org/blog/blog_0x2B.html
3. Malwarebytes | Hundreds of Online Stores Hacked in New Campaign: https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign?web_view=true
4. Proofpoint US | The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers "Voldemort": https://www.proofpoint.com/us/blog/threat-insight/malware-must-not-be-named-suspected-espionage-campaign-delivers-voldemort
----------
Stay in Touch!Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/ -
In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it’s not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats.
1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp
2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/
3. Check Point Research | Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/
4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true
Stay in Touch!Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
In this week's Top 5 Threat Hunting Headlines, Scott and Tom discuss top cybersecurity threats, including Kaspersky's Tusk InfoStealer campaign, a cloud extortion campaign exploiting AWS environments, APT41's advanced tactics against a Taiwanese research institute, and the Banshee InfoStealer targeting macOS. They also explore the impact of AI on cybersecurity, emphasizing the need for SOCs to evolve with new talent and strategies to address emerging threats. The episode underscores the importance of staying vigilant and adapting to the rapidly changing threat landscape.
Top 5 Threat Hunting Headlines - 19 Aug 2024
1. Secure List | Tusk Campaign Uses Infostealers and Clippers for Financial Gainhttps://securelist.com/tusk-infostealers-campaign/113367/2. Unit 42 | Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environmentshttps://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/3. Cisco Talos Blog | APT41 Likely Compromised Taiwanese Government-Affiliated Research Institute with ShadowPad and Cobalt Strikehttps://blog.talosintelligence.com/chinese-hacking-group-apt41-compromised-taiwanese-government-affiliated-research-institute-with-shadowpad-and-cobaltstrike-2/?&web_view=true4. Elastic Security Labs | Beyond the Wail: Deconstructing the BANSHEE Infostealerhttps://www.elastic.co/security-labs/beyond-the-wail5. Help Net Security | 74% of IT Professionals Worry That AI Tools Will Replace Themhttps://www.helpnetsecurity.com/2024/08/15/it-professionals-ai-worry/?web_view=true
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Top 5 Threat Hunting Headlines - 12 Aug 2024
1. DarkReading | SaaS Apps Present an Abbreviated Kill Chain for Attackershttps://www.darkreading.com/application-security/saas-apps-present-abbreviated-kill-chain-for-attackers?&web_view=true2. ReasonLabs | Enterprise Grade Security to All of Your Personal Deviceshttps://reasonlabs.com/research/new-widespread-extension-trojan-malware-campaign3. DFIR | Threat Actors' Toolkit: Leveraging Silver, PoshC2 & Batch Scriptshttps://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/4. SafeBreach | Downgrade Attacks Using Windows Updateshttps://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/5. Cyble | Double Trouble: Latrodectus and ACR Stealer Observed Spreading Via Google Authenticator Phishing Sitehttps://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/?&web_view=true
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Threat Hunting Workshop: Hunting for Command and Control
31 July 2024 | 12:00 - 1:00 pm ETRegister Here!Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate:3-4 Aug 2024: Sign Up Here!5-6 Aug 2024: Sign Up Here!-----
Top 5 Threat Hunting Headlines - 29 July 2024
1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in Attackshttps://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/?&web_view=true2. Guardio Labs | “EchoSpoofing” – A Massive Phishing Campaigns Exploiting Proofpoint’s Email Protevtion to Dispatch Millions of Perfectly Spoofed Emailshttps://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=b32e776ffab33. Esentire | Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAThttps://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat?&web_view=true4. Check Point Research | Stargazers Ghost Networkhttps://research.checkpoint.com/2024/stargazers-ghost-network/5. Help Net Security | Most CISO’s Feel Unprepared for New Compliance Regulationshttps://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/?web_view=true-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Threat Hunting Workshop: Hunting for Command and Control
31 July 2024 | 12:00 - 1:00 pm ETRegister Here!Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate:3-4 Aug 2024: Sign Up Here!5-6 Aug 2024: Sign Up Here!-----
Top 5 Threat Hunting Headlines - 22 July 2024
1. Popular Ukrainian Telegram Channels Hacked to Spread Russian Propagandahttps://therecord.media/ukrainian-news-telegram-channels-hacked-russian-propaganda?&web_view=true2. New Play Ransomware Linux Variant Targets ESXI Shows Ties with Prolific Pumahttps://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html3. Dragos Frostygoop Reporthttps://regmedia.co.uk/2024/07/23/dragos_frostygoop-report.pdf4. Likely Ecrome Actor Capitalizing on Falcon Sensor Issueshttps://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/5. Internet Organised Crime Threat Assessment 2024https://www.europol.europa.eu/cms/sites/default/files/documents/Internet%20Organised%20Crime%20Threat%20Assessment%20IOCTA%202024.pdf
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Threat Hunting Workshop: Hunting for Command and Control
31 July 2024 | 12:00 - 1:00 pm ETRegister Here!Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:3-4 Aug 2024: Sign Up Here!5-6 Aug 2024: Sign Up Here!-----
Top 5 Threat Hunting Headlines - 15 July 2024
1. Infosecurity Magazine | CISA Urges Software Makers to Eliminate OS Command Injection Flawshttps://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/?&web_view=true2. Wazuh | Detecting Living Off the Land Attacks with Wazuhhttps://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/3. ClickFIx Deception: A Social Engineering Tactic to Deploy Malwarehttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/4. The Hacker News | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruithttps://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html?m=15. Blackberry | Coyote Banking Trojan Targets LATAM with a Focus on Brazillian Financial Institutions https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions?&web_view=true
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Threat Hunting Workshop: Hunting for Command and Control
31 July 2024 | 12:00 - 1:00 pm ETRegister Here!Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:3-4 Aug 2024: Sign Up Here!5-6 Aug 2024: Sign Up Here!-----
Top 5 Threat Hunting Headlines - 1 July 2024
1. Qualys Security Blog | Remote Unauthenticated Code Execution Vulnerability in OpenSSH Serverhttps://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server?web_view=true2. ZScaler | Kimsuky Deploys TRANSLATEXT to Target South Korean Academiahttps://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia3. The Register | Police Allege 'Evil Twin' In-Flight WiFi Used to Steal Info & Australian Federal Police | Man Charged Over Creation of 'Evil Twin' Free WiFi Networks to Access Personal Datahttps://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/?&web_view=truehttps://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal4. GitHub | JPCERTCC/LogonTracerhttps://github.com/JPCERTCC/LogonTracer5. Help Net Security | 75% of New Vulnerabilities Exploited Within 19 Days https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/?web_view=true-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:
*3-4 Aug 2024: Sign Up Here!
*5-6 Aug 2024: Sign Up Here!
-----
Top 5 Threat Hunting Headlines - 25 June 2024
1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel techniquehttps://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/2. Cisco Talos | SneakyChef espionage group targets government agencies with SugarCh0st and more infection techniqueshttps://blog.talosintelligence.com/sneakychef-sugarghost-rat/3. Help Net Security | 1 out of 3 breaches go undetected https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/?web_view=true4. Ars Technica | Dell said return to office or else - nearly half of the workers chose "or else"https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/5. Infosecurity Magazine | Cybersecurity Burnout Costing Firms $700m+ Annuallyhttps://www.infosecurity-magazine.com/news/cybersecurity-burnout-costing-700m/?&web_view=true-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate:
*3-4 Aug 2024: Sign Up Here!
*5-6 Aug 2024: Sign Up Here!
-----
Top 5 Threat Hunting Headlines - 10 June 2024
1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortionhttps://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion2. Morphisec | Howling at the Inxos: Sticky Werewolf's Latest Malicious Aviation Attackshttps://blog.morphisec.com/sticky-werewolfs-aviation-attacks3. Vonahi Security | Automated Penetration Testing & Cyber Security Services - Top 10 Crticial Pentest Findings Reporthttps://www.vonahi.io/pentest-report-2024?utm=source=701Rp00000B6bue4. The DFIR Report | IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deploymenthttps://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/5. Zscaler | Technical Analysis of the Latest Variant of ValleyRAThttps://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Black Hat 2024 Training with Lee Archinal
"A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs"
Early registration closes on May 24, 2024! Secure your spot now at a discounted rate:
*3-4 Aug 2024: Sign Up Here!
*5-6 Aug 2024: Sign Up Here!
-----
Top 5 Threat Hunting Headlines - 22 May 2024
1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spywarehttps://blog.kandji.io/malware-cuckoo-infostealer-spyware2. Rapid7 | Ongoing Malvertising Campaign Leads to Ransomwarehttps://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/3. Unit 42 | Payload Trends in Malicious OneNote Sampleshttps://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/4. Check Point Research | Bad Karma, No Justice: Void Manticore Destructive Activities in Isrealhttps://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/5. Aqua Nautilus | Kinsing Demystified - A comprehensive Technical Guidehttps://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Top 5 Threat Hunting Headlines - 13 May 2024
1. Infosecurity Magazine | AI-Powered Russian Network Pushes Fake Political Newshttps://www.infosecurity-magazine.com/news/aipowered-russian-network-fake-news/?&web_view=true2. Elastic Security Labs | Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part Twohttps://www.elastic.co/security-labs/dissecting-remcos-rat-part-two3. The Record | Cyberthreat Landscape Permanently Altered by Chinese Operations, US Officials Sayhttps://therecord.media/cyberthreat-landscape-altered-chinese-operations?&web_view=true4. Elastic Security Labs | Dissecting REMCOS RAT: An in- depth analysis of a widespread 2024 malware, Part Fourhttps://www.elastic.co/security-labs/dissecting-remcos-rat-part-four5. Help Net Security | How Secure is the "Password Protection" on Your Files and Drives?https://www.helpnetsecurity.com/2024/05/10/password-protect-pdf-excel-files/?web_view=true
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Top 5 Threat Hunting Headlines - 22 April 2024
1. The Record | NATO to launch new cyber center to contest cyberspace 'at all times'https://therecord.media/nato-new-military-civilian-cyber-center-mons-belgium?&web_view=true2. Securonix | Securonix Threat Research Knowledge Sharing Series: Detecting DLL Sideloading Techniques Found In Recent Real-world Malware Attack Chainshttps://www.securonix.com/blog/detecting-dll-sideloading-techniques-in-malware-attack-chains/3. Darkreading | Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malwarehttps://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware?&web_view=true4. HackTrickshttps://book.hacktricks.xyz5. CSA | Deploying AI Systems Securelyhttps://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc -
Top 5 Threat Hunting Headlines - 15 April 2024
1. Volexity | Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/2. Trend Micro | Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbearhttps://www.trendmicro.com/en_no/research/24/d/earth-hundun-waterbear-deuterbear.html3. The Cyber Express | FatalRAT Targets Cryptocurrency Users With DLL Side-loading Techniqueshttps://thecyberexpress.com/fatalrat-phishing-campaign/?&web_view=true4. Elastic Security Labs | Linux detection engineering with Auditdhttps://www.elastic.co/security-labs/linux-detection-engineering-with-auditd5. NIST Special Publication | Incident Response Recommendations and Considerations for Cybersecurity Risk Managementhttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r3.ipd.pdf
-----
Follow Us!
Twitter: https://twitter.com/CyborgSecInc
LinkedIn: https://www.linkedin.com/company/cyborg-security/
YouTube: https://www.youtube.com/cyborgsecurity
Discord: https://discord.gg/DR4mcW4zBr
TikTok: https://www.tiktok.com/@cyborgsecinc - Показать больше