Malware

Royal Ransomware - Analysis of One of the Most Active Ransomware Groups in Late 2022 and Early 2023

Jan 23, 2023 By Vedere Labs In Forescout

In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).

Read Post

Forescout

Read more about Royal Ransomware - Analysis of One of the Most Active Ransomware Groups in Late 2022 and Early 2023

Rubrik Security Cloud: Transition from REST to GraphQL (GQL) APIs

Jan 23, 2023 By Rubrik In Rubrik

With the release of Rubrik Security Cloud (RSC), our global customers can now consolidate management of their Rubrik estate to a single control plane. This significant improvement in management capabilities also allows customers to leverage the power of RSC’s GraphQL (GQL) APIs for their automation and management needs.

Read Post

Rubrik

Read more about Rubrik Security Cloud: Transition from REST to GraphQL (GQL) APIs

Black Basta - Technical Analysis

Jan 23, 2023 By Kroll In Kroll

In recent months, news outlets have reported a surge in double extortion ransomware attacks by Black Basta, a notorious ransomware-as-a-service (RaaS) threat group first identified in early 2022. The actor is sophisticated, often utilizing a unique set of tactics, techniques and procedures (TTPs) to gain a foothold, spread laterally, exfiltrate data and drop ransomware. However, Kroll has observed Black Basta sometimes utilizing similar TTPs across multiple incidents.

Read Post

Kroll

Read more about Black Basta - Technical Analysis

How Manufacturers Can Fight Back Against Ransomeware

Jan 22, 2023 By Arctic Wolf In Arctic Wolf

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

Read Post

Arctic Wolf

Read more about How Manufacturers Can Fight Back Against Ransomeware

How Cybersecurity Trends Drive Organizational Changes | Industry Panel Discussion

Jan 22, 2023 By CyberArk In CyberArk

Ransomware threats, the many flavors of trust, and the war for talent, are just a few of the cybersecurity trends challenging (and changing) today’s organizations. Watch as CyberArk’s Regional Manager, Amit Grinman, as he speaks with Shay Nahmany, Director of IT at Israel National Digital Agency, Shelly Brownshtein, Head Of Cyber Security At Menora Mivtachim Insurance, and Yossi Marmarali, Director, Security Engineering & Business Information Security Officer at Netafim and Dura-Line (Orbia), about staying secure and addressing these concerns head-on.

View Video

CyberArk

Read more about How Cybersecurity Trends Drive Organizational Changes | Industry Panel Discussion

Ransomware Hits Royal Mail - Lets Recap

Jan 20, 2023 By Lewis Fairburn In Pentest People

This week, UK’s Postal Service, Royal Mail has been hit with a Ransomware attack, which put the countries sensitive data at risk. In this blog post, we’ll take a look at what ransomware is, how it can affect businesses and individuals, and what we’ve learnt from this huge scale attack. Stay tuned for more updates on this developing story.

Read Post

Pentest People

Read more about Ransomware Hits Royal Mail - Lets Recap

Redline Infostealer Analysis (Part 1)

Jan 20, 2023 By Gagandeep Mehta In ThreatSpike

This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.

Read Post

ThreatSpike

Read more about Redline Infostealer Analysis (Part 1)

Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023

Jan 19, 2023 By Paolo Passeri In Netskope

Our most recent Cloud and Threat Report highlighted how threat actors abuse cloud services (with a special focus on cloud storage apps) to deliver malicious content (and yes, OneDrive leads the chart of the most exploited apps). To confirm that this trend will likely continue in 2023, researchers at Trend Micro have discovered an active campaign, launched by a threat actor named Earth Bogle.

Read Post

Netskope

Read more about Cloud Threats Memo: Threat Actors Continue to Abuse Cloud Services to Deliver Malware in 2023

LockBit ransomware - what you need to know

Jan 19, 2023 By Graham Cluley In Tripwire

It's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for an estimated 40% of all ransomware infections worldwide. I guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your PC... Yes.

Read Post

Tripwire

Read more about LockBit ransomware - what you need to know

CTI Roundup: Malicious PyPI Packages Bypass Firewalls

Jan 18, 2023 By Tanium In Tanium

PyPI packages use Cloudflare tunnels to bypass firewalls, new Raspberry Robin malware variant targets financial institutions in Portugal and Spain, and IcedID malware strikes again.

Read Post