Tenable

AUGUST 4, 2022

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021. International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. While malware is used for a variety of purposes, the government agencies point out that ransomware is a primary use case. Background. Description.

Malware 75

Malware Windows SMB Groups 75

Tenable

JANUARY 19, 2024

Find out why Uncle Sam is warning critical infrastructure facilities about drones made in China, while urging water treatment plants to beef up incident response plans. In addition, the latest on the Androxgh0st malware. 1 - Critical infrastructure orgs warned about using Chinese drones Here’s a warning from the U.S.

Infrastructure 72

Infrastructure Malware Government Technical Review 72

Darktrace

NOVEMBER 18, 2020

As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what’s around the corner for OT cyber-attacks.

Groups 101

Groups Malware Infrastructure 101

Tenable

JANUARY 27, 2023

Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy.

Policies 52

Policies Groups Malware Windows 52

Tenable

JULY 20, 2022

Having gained the industry’s attention in the first months of 2022, the LAPSUS$ extortion group has largely gone quiet. What can we learn from this extortion group’s story and tactics? In early 2022, the LAPSUS$ group broke onto the scene with flashy and disruptive attacks. Who is the LAPSUS$ group?

Groups 68

Groups Authentication Malware Report 68

Tenable

FEBRUARY 9, 2024

The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. In addition, new group tasked with addressing the quantum computing threat draws big tech names. Critical Infrastructure. ”

Weak Development Team 67

Weak Development Team Infrastructure Generative AI Artificial Inteligence 67

Tenable

APRIL 25, 2024

Who is the group behind ArcaneDoor? The group has been labeled UAT4356 by Cisco and STORM-1849 by Microsoft. Cisco attributes this activity with “high confidence” to a state-sponsored actor, though it is unconfirmed which state the group is associated with. Is any malware associated with ArcaneDoor?

Malware 70

Malware Analysis Groups Testing 70

Tenable

FEBRUARY 9, 2024

critical infrastructure through exploitation of known vulnerabilities Background On February 8, Fortinet published an advisory (FG-IR-24-015) to address a critical flaw in FortiOS, its network operating system. Critical Infrastructure (AA24-038A) Join Tenable's Security Response Team on the Tenable Community.

Malware 122

Malware Authentication Infrastructure Analysis 122

Darktrace

NOVEMBER 17, 2020

As the US Treasury announces new sanctions on the Russian institute believed to be behind the TRITON malware, this blog takes a look at the significance of this attack, and extrapolates what’s around the corner for OT cyber-attacks.

Groups 59

Groups Malware Infrastructure 59

CIO

MARCH 3, 2024

Robust printer security is not rocket science; it is largely a matter of recognising that the security measures (technologies, policies, etc) routinely applied to computing systems and other infrastructure should be applied to printers. Access to printers can be restricted to individual users or groups. Doing penetration testing.

Survey 243

Survey Malware Infrastructure Report 243

CIO

MAY 15, 2024

A model trained on, say, an archive of flat earth conspiracy theories will be bad at answering science questions, or a model fine-tuned by North Korean hackers might be bad at correctly identifying malware. They’re also full of inaccurate and biased information, malware, and other materials that can degrade the quality of output.

Open Source 326

Open Source Weak Development Team Artificial Inteligence Training 326

TechCrunch

DECEMBER 8, 2020

Dragos was founded in 2016 to detect and respond to threats facing industrial control systems (ICS), the devices critical to the continued operations of power plants, water and energy supplies, and other critical infrastructure. But the country has faced extensive criticism for its human rights record by international rights groups.

Industry 305

Industry System Energy Software Engineering 305

Tenable

AUGUST 25, 2023

government says public- and private-sector organizations alike must start getting ready now – especially critical infrastructure operators. That’s according to the study “The State of Cybersecurity Today” from Information Services Group (ISG), for which 204 executives from the world’s 2,000 largest companies were polled.

Malware 98

Malware Artificial Inteligence Open Source Artificial Intelligence 98

Tenable

DECEMBER 8, 2023

Plus, malware used in fake browser-update attacks ballooned in Q3. In addition, a new program aims to boost the cyber defenses of critical infrastructure orgs. Cybersecurity and Infrastructure Security Agency (CISA) issued a clarion call for software makers to use so-called “memory safe” programming languages. And much more!

Software Review 68

Software Review Software Malware Software Development 68

Tenable

MARCH 1, 2024

Plus, the latest guidance on cyberattack groups APT29 and ALPHV Blackcat. And the most prevalent malware in Q4. released in 2018, include an expanded scope beyond critical infrastructure; stronger emphasis on governance; and more guidance, tools and resources to facilitate its implementation. And much more! came out in 2014.

Artificial Inteligence 74

Artificial Inteligence Malware Generative AI Government 74

CIO

JULY 18, 2023

When discussing ransomware groups, too often the focus is on their names, such as Noberus, Royal or AvosLocker, rather than the tactics, techniques, and procedures (TTPs) used in an attack before ransomware is deployed. In fact, we rarely see a ransomware attack that doesn’t use legitimate software.

Software 130

Software Trends Infrastructure Network 130

Tenable

APRIL 12, 2024

1 - CISA to federal agencies: Act now to mitigate threat from Midnight Blizzard’s Microsoft email hack Midnight Blizzard, a nation-state hacking group affiliated with the Russian government, stole email messages exchanged between several unnamed U.S. military have had access to Malware Next-Generation Analysis since November.

Generative AI 117

Generative AI Malware Trends Government 117

Lacework

JUNE 7, 2022

As of this writing we have observed active exploitation by known Cloud threat malware families such as Kinsing, “Hezb”, and the Dark.IoT botnet. One interesting development was the use of a new malware host – 195.2.79.26 This is noteworthy because Kinsing often leverages legacy infrastructure in their attacks.

Malware 144

Malware Infrastructure IoT Azure 144

Lacework

SEPTEMBER 6, 2022

One of the only major changes in cybercriminal operations is who their victims are—today, instead of targeting individuals, they’re targeting critical infrastructure. So, why did this shift occur, and which types of critical infrastructure are most at risk? Critical infrastructure is organized into 16 different sectors.

Infrastructure 52

Infrastructure Industry Transportation Malware 52

Tenable

FEBRUARY 24, 2022

Government agencies publish warnings and guidance for organizations to defend themselves against advanced persistent threat groups. CISA announced Shields Up , an initiative to empower organizations and provide guidance on how to limit the exposure to common attack paths leveraged by these APT groups. Critical Infrastructure.”

Government 145

Government Malware Groups Telecommunications 145

CIO

MAY 24, 2023

Along with the promise is the peril of AI being used to cause harm by launching more efficient malware, creating sophisticated deepfakes, or by unintentionally disclosing code or trade secrets. The promise of generative AI means we are on the cusp of a rethinking of how businesses handle cybersecurity.

Malware 130

Malware Generative AI Guidelines Machine Learning 130

CIO

FEBRUARY 24, 2023

5G infrastructure involves multiple components, each of which represents an area where there is potential risk: Virtualized infrastructure: 5G services will run on virtual machines ( VMs ) as well as Kubernetes-based container infrastructure in the cloud and in data centers. Radio rogues.

Security 256

Security Wireless Network Virtualization 256

The Crazy Programmer

JULY 18, 2021

Cybersecurity is more critical than ever in today’s modern world, especially with news of ransomware attacks and other forms of malware on the rise. An SDP hides an organization’s infrastructure from outsiders, regardless of where it is situated, by constructing a perimeter with software rather than hardware.

Technology 336

Technology Internet Network Architecture 336

The Parallax

JANUARY 22, 2018

Its success was predicated not on “zero-day” vulnerabilities or new forms of malicious software, but rather on older, known malware delivered via an all-too-familiar method: phishing. The malware included hacked versions of end-to-end encrypted communication apps Signal and WhatsApp.

Malware 170

Malware Spyware Mobile Government 170

Palo Alto Networks

DECEMBER 29, 2022

23, a new variant of wiper malware, named HermeticWiper, was discovered in Ukraine. Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine. The Gamaredon group (aka Trident Ursa, Primitive Bear) is one of the most active, advanced and persistent threats (APT) targeting Ukraine. Top Malware.

Malware 71

Malware Linux Telecommunications Government 71

Mentormate

JUNE 4, 2024

Data breaches, malware, ransomware, data loss, and misconfigurations are just a few dangers lurking in the cloud. Unauthorized access and insider threats pose significant risks, as do malware infections and ransomware attacks. However, the road to robust data security is fraught with threats. Monitoring and logging are critical.

AWS 52

AWS Disaster Recovery Data Backup 52

Linux Academy

JUNE 17, 2019

They aim to find problems that need resolving to ensure our infrastructures run securely. EICAR is an industry standard test file used to test malware, anti-virus, content filters, etc. Logging : Add a new user account or change group security permissions, and check to make sure it’s logged. Is it logged?

Infrastructure 60

Infrastructure Firewall Malware Linux 60

Tenable

AUGUST 30, 2023

Mandiant refers to this group as UNC4841. In these attacks, UNC4841 leveraged multiple backdoor malware families, dubbed SALTWATER , SEASPY , SEASIDE , SUBMARINE (DEPTHCHARGE), and WHIRLPOOL. These additional malware families are known as SKIPJACK and FOXTROT / FOXGLOVE.

Malware 115

Malware Software Review Systems Review Exercises 115

Lacework

JUNE 10, 2021

Key Takeaways Keksec is now leveraging a new Tsunami DDoS malware dubbed “Ryuk” (not the ransomware family) The group has updated their DGA algorithm used by the Necro python malware An inventory of Keksec’s malware distribution infrastructure is provided New persona details are included Keksec, aka Necro, & Freakout, is a prolific actor targeting (..)

Malware 52

Malware Infrastructure Groups 52

Lacework

JUNE 10, 2021

Key Takeaways Keksec is now leveraging a new Tsunami DDoS malware dubbed “Ryuk” (not the ransomware family) The group has updated their DGA algorithm used by the Necro python malware An inventory of Keksec’s malware distribution infrastructure is provided New persona details are included Keksec, aka Necro, & Freakout, is a prolific actor targeting (..)

Malware 52

Malware Infrastructure Groups 52

Edgewise

JANUARY 31, 2019

What happens, then, when a cyber attack, namely malware, is used to uninstall security software designed specifically to prevent public cloud infrastructure compromise? This is precisely what happened with a new malware variant discovered by Palo Alto Networks’ Unit 42.

Malware 75

Malware Cloud Linux Infrastructure 75

Tenable

JANUARY 12, 2023

Cloud providers’ IP addresses and open ports targeted with malware. After analyzing 2022 Q2 and Q3 data from its VirusTotal malware analysis service, Google found 6,000 malware samples actively communicating with Google Cloud Platform, Microsoft Azure and Amazon Web Services (AWS). VPNs at risk from APT10 group.

Cloud 52

Cloud Backup Malware Google Cloud 52

Tenable

FEBRUARY 16, 2023

Background As part of their #StopRansomware campaign, the Federal Bureau of Investigations and Cybersecurity and Infrastructure Security Agency have released a joint Cybersecurity Advisory (CSA) in collaboration with South Korea's National Intelligence Service and Defence Security Agency. billion has been stolen or extorted. kr and xpopup[.]com.

Systems Review 53

Systems Review Malware Technical Review Healthcare 53

Tenable

SEPTEMBER 1, 2023

Plus, the QakBot botnet got torn down, but the malware threat remains – what CISA suggests you do. In a joint advisory, CISA and the FBI detailed the FBI-led international operation to take down the botnet’s infrastructure, while offering guidance for cybersecurity teams about QakBot prevention, detection and remediation measures.

ChatGPT 63

ChatGPT Artificial Inteligence Tools Malware 63

Ivanti

JANUARY 19, 2022

Ransomware, on the other hand, was responsible for most data breaches caused by malware. against known and zero-day vulnerabilities, zero-click exploit kits developed by the NSO Group, fileless malware and the adoption of the “as-a-service” business model. (SMS Worse yet, these?types types of attacks?continue

Artificial Inteligence 95

Artificial Inteligence Malware Artificial Intelligence Spyware 95

Tenable

DECEMBER 6, 2023

Tenable Research has published two blogs on CitrixBleed, our initial analysis of the vulnerability as well as a Frequently Asked Questions (FAQ) blog providing added context surrounding the in-the-wild exploitation by threat actors including multiple ransomware groups. ransomware group in their exploitation of CitrixBleed.

Systems Review 74

Systems Review Authentication Analysis Malware 74

TechCrunch

MARCH 2, 2022

As a result of the heightened likelihood of cyberthreat from Russian malactor groups, the U.S. Indeed, it’s a juxtaposition of sorts to think the cybersecurity industry is vulnerable to cyberattack, but for many nation state groups, this is their first port of call. In unprecedented times, even government bureaucracy moves quickly.

Industry 246

Industry Pharmaceuticals AWS Report 246