On May 24th, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), United Kingdom National Cyber Security Centre (NCSC-UK) and the Australian Cyber Security Centre (ACSC) along with their private sector partners recently discovered a cluster of activity of interest associated with a People’s Republic of China

On May 16th, Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) released an advisory highlighting the various malicious indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) being leveraged by the BianLian ransomware group.

On May 11th, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released an advisory highlighting the active malicious exploitation of CVE-2023-27350 in PaperCut MF and PaperCut NG software by a threat actors including one known as the Bl00dy Ransomware Gang. The US-CERT Alert (AA23-131A) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG includes detailed information about this investigation (along with attacker TTPs and IOCs).

The Cybersecurity and Infrastructure Security Agency (CISA) shared the findings of an investigation by numerous cybersecurity agencies worldwide on May 9th, exposing the malicious cyberespionage operations carried out by the Russian FSB utilizing the “Snake” malware. The US-CERT Alert (AA23-129A) Hunting Russian Intelligence “Snake” Malware provided information about this investigation and takedown (along with attacker TTPs and IOCs).

You can’t predict the future, but you can prepare for it. When it comes to IT (and OT), security validation is the closest to predicting the future as you can get. This is the second post in our series “Demystifying Security Validation Technologies: What You Need to Know,” in which we break down a number of security validation methods available today, provide the strengths and weaknesses of each, and explain how each functions in different IT environments.

Enterprise security operations teams find it increasingly difficult to maintain a hardened posture against advanced network and cloud threats. Given the rapid adoption of cloud platforms and software-as-a-service (SaaS) tools, cloud application traffic has overtaken web traffic to dramatically expand the attack surface. As a result, overreliance on traditional security controls can lead to increased blind spots, and control misconfigurations can create significant business risks.

Many enterprises in verticals such as power and energy, oil and gas, healthcare, and manufacturing have been playing catch up over the past decade in terms of securing their operational technology (OT) networks against cyberattacks. For years, industrial asset owners didn’t consider their OT environment to be a significant security risk.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Sabbath ransomware, 3CXDesktopApp vulnerability, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

You can’t predict the future, but you can prepare for it. When it comes to IT (and OT), security validation is the closest to predicting the future as you can get. This is the second post in our series “Demystifying Security Validation Technologies: What You Need to Know,” in which we break down a number of security validation methods available today, provide the strengths and weaknesses of each, and explain how each functions in different IT environments.