How to Build a successful Threat Intelligence Program
Session for the Infosec World 2021 by Yochai Corem, CEO at Cyberint
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Webinar: Preventing Privacy and Cybersecurity Breaches
Check out this webinar to gain a deeper understanding of how to prevent privacy and cybersecurity breaches and ensure business continuity in a zero trust world. The webinar is hosted by Natali Adison, Technology, Data Protection & Cybersecurity attorney and Reuben Braham, VP Marketing at Cyberint.
Yochai Corem interview on Improvate Cyber Tech Summit
What are the 5 most important advantages our customers cited for implementing Digital Risk Protection? Watch the interview our CEO, Yochai Corem, gave at Improvate Cyber Tech Summit to learn.
Vidar Stealer Abuses Mastadon Social Network
Previously used the Thumbler and Faceit gaming platforms to access dynamic configuration from threat actors, new campaigns of Vidar Stealer's more recent versions suggesting a new venue where Vidar receives dynamic configurations and dropzone information for downloading and uploading files.
MSHTML RCE Exploited CVE-2021-40444
Details of a high severity remote code execution (RCE) vulnerability in Microsoft's proprietary browser engine 'MSHTML', also known as 'Trident', were released by Microsoft on September 7, 2021, and promptly followed by reports of active exploitation in the wild.
Atlassian Confluence Server OGNL Injection (CVE-2021-26084)
CVE-2021-26084, a critical vulnerability (CVSS score 9.8) in Atlassian Confluence Server and Confluence Data Center, is currently being actively and widely exploited by threat actors.
Masslogger Stealer
Cyberint Research observed several unsolicited malicious email (malspam) campaigns in August 2021 through which Masslogger was delivered. First noticed around April 2020, Masslogger is a popular.NET credential stealer used to gather credentials from victims for various applications, and is readily available to purchase on cybercriminal forums for around $100 (US).
Redline Stealer
First observed in 2020 and advertised on various cybercriminal forums as a 'Malware-as-a-Service' (MaaS) threat, Redline is an information stealer mainly targeting Windows' victim credentials and cryptocurrency wallets, as well as Browser information, FTP connections, game chat launchers, and OS information such as system hardware, processes names, time zone, IP, geolocation information, OS version, and default language.
LockBit Ransomware hits again
Launched in September 2019 and formerly known as 'ABCD', LockBit is a ransomware-as-a-service (RaaS) threat that was updated in June 2021 and improved on the group’s earlier claims of having the fastest encryption process on the ransomware scene (Figure 1). Much like other RaaS offerings, LockBit operates an affiliate profit sharing program in which up-to eighty percent of a ransom payment can be earned whilst the operators claim the remainder.
IOC's identified to hunt Conti Ransomware
Believed active since mid-2020, Conti is a big game hunter ransomware threat operated by a threat group identified as Wizard Spider and offer to affiliates as a ransomware-as-a-service (RaaS) offering. Following the lead of other big game hunter ransomware groups, Conti adopted the double extortion tactic, also known as 'steal, encrypt and leak', in order to apply additional pressure on victims to pay their ransom demands and avoid sensitive or confidential data being exposed.