On October 16th, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) issued an urgent advisory warning security teams about the use of Brute Force and other techniques by Iranian threat actors to compromise critical infrastructure ent

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

Interactive, hands-on keyboard attack campaigns are employed by today’s most proficient threat actors to penetrate organizational defenses. The network perimeter is typically the initial line of defense against unauthorized access to an organization’s network and the sensitive data it contains. After infiltration, attackers establish command-and-control (C&C) and data exfiltration channels to receive malicious payloads and export stolen data.

On September 5th, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) issued an urgent advisory warning security teams about efforts undertaken by threat actors affiliated with Russia’s General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).

On August 29, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) issued an urgent advisory warning security teams about known RansomHub ransomware IOCs and TTPs identified through FBI threat response activities and third-party reporting as recently as August 2024. Detailed information about this threat and the associated IOCs and TTPs can be seen in the advisory #StopRansomware: RansomHub Ransomware.

Security teams have a wide range of tools in their arsenal to combat cybersecurity threats, but the expanding attack surface and the sheer number of tools can make their jobs more difficult to manage. As we enter this new era of cybersecurity, security and risk management, leaders are focused on validating the efficacy of their security investments, improving ROI, and taking a more programmatic approach in order to enhance their efficiency.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting attack coverage for several new threats, including those discovered via original research by the SafeBreach Labs team. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook to ensure coverage against these advanced threats. Additional details about the threats and our coverage can be seen below.

According to Gartner, “By 2026, organizations prioritizing their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach.” But what exactly is CTEM?

Authors: Shmuel Cohen, Sr. Security Researcher | Or Yair, Security Research Team Lead Google’s Quick Share is a peer–to-peer data-transfer utility for Android, Windows, and Chrome operating systems. It uses a variety of communication protocols—including Bluetooth, Wi-Fi, Wi-Fi Direct, Web real-time communication (WebRTC), and near-field communication (NFC)—to send files between compatible devices that are in close proximity to each other.

On August 7th, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an update to an existing advisory (AA23-061A) highlighting new TTPs being leveraged by the recently rebranded “Royal” ransomware gang – now known as BlackSuit. Detailed information about this threat and the associated IOCs and TTPs can be seen on #StopRansomware: Blacksuit (Royal) Ransomware.