Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


dby 03:18   Advanced Phishing Campaign Targeting Individuals & Businesses in the Middle East (Part 2)    #alienvault #威胁情报 An advanced phishing campaign targeting Middle East-based companies and their vendors has been uncovered by researchers at CloudSEK, an artificial intelligence (AI) platform in the United Arab Emirates (UAE).

2022-12-06 00:18   5th December – Threat Intelligence Report    #checkpoint #威胁情报 For the latest discoveries in cyber research for the week of 5th December, please download our Threat Intelligence Bulletin. Top Attacks and Breaches Cyber criminals who breached Australian Medibank’s systems have released another batch of data onto the dark web, claiming that the files contai

2022-12-05 18:30   Tractors vs. threat actors: How to hack a farm    #welivesecurity(ESET) #威胁情报 Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat.The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity

2022-12-05 15:51   New CryWiper Trojan pretends to be a ransomware    #alienvault #威胁情报 In the fall of 2022, Securelist recorded attempts by a previously unknown Trojan, which we named CryWiper, to attack the organization's network in the Russian Federation.

2022-12-05 15:50   W4SP continues to nest in PyPI: Same supply chain attack, different distribution method    #alienvault #威胁情报 Days after researchers for Phylum and Checkmarx revealed an ongoing software supply chain attack spreading the W4SP Stealer malware through malicious packages on the Python Package Index (PyPI), ReversingLabs researchers discovered 10 additional PyPI packages pushing modified versions of W4SP that w

2022-12-05 14:00   今こそ見直したいメールセキュリティ対策~増加し続けるメール経由のサイバー攻撃を防ぐためには?    #LAC WATCH #威胁情报 メールは、今やビジネスに必要不可欠となったツールの一つです。だからこそ、日々進化を続けるサイバー攻撃に利用されてしまうケースが後を絶ちません。IPAが公開する「情報セキュリティ10大脅威 2022」※組織向けのランキングでも、「ランサムウェアによる被害」および「標的型攻撃による機密情報の窃取」が昨年から引き続き1位と2位となり、「サプライチェーンの弱点を悪用した攻撃」が3位、「ビジネスメール詐欺による金銭被害」が8位にランクインしています。Emotet、ランサムウェア、標的型攻撃、クレデンシャルフィッシングなど、メール経由でのサイバー攻撃による被害は深刻な状況です。※ 情報セキュリティ10

2022-12-05 14:00   Threat Analysis: MSI - Masquerading as a Software Installer    #cybereason #威胁情报 The Cybereason Global Security Operations Center (GSOC) issues a Purple Team Series of its Threat Analysis reports to provide a technical overview of the technologies and techniques threat actors use to compromise victims’ machines. 

2022-12-05 09:00   猛威を振るうランサムウェア、本当に効く対策とは?~ペネトレーションテスト結果から見る示唆~    #LAC WATCH #威胁情报 昨今、話題になっている「ランサムウェア」という言葉は昔からありますが、2020年あたりから一般的新聞紙面にも度々登場するようになったと思います。データやシステムを暗号化という形で破壊し、復号の対価を要求するタイプのマルウェアという意味合いで登場しました。 ランサムウェアの対策では、バックアップを安全に保管することが強調されがちです。車の運転になぞらえれば、「車輪がパンクしても良いように、スペアタイヤを積載しておく」ことにあたるでしょうか。この対策は、確かに有効な施策のひとつではあるのですが、バックアップ偏重に代表される、「旧来のワーム型ランサム」をイメージした対策は、ミスリードになりつつ

2022-12-05 08:00   Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations    #recordedfuture #威胁情报 A recent spear phishing attempt uncovers a Russia-aligned cyber espionage campaign targeting government, intelligence, and military industries.

2022-12-05 00:00   来自Kimsuky组织的突刺:多种攻击武器针对韩国的定向猎杀    #奇安信威胁情报中心 #威胁情报 在美韩联合演习这一背景下,我们监测到大量来自Kimsuky组织的攻击,从攻击样本来看,使用pif、hwp、doc等文件做为诱饵进行初始攻击,后续载荷包括其常使用的AppleSeed、PebbleDash等木马,其攻击样本使用了加解密算法来躲避相关杀软的静态查杀。

2022-12-02 23:45   Protecting major events: an incident response blueprint    #Talos #威胁情报 Cisco Talos Incident Response (Talos IR) is sharing a white paper on the steps organizations should follow to secure any major event. These ten focus areas should help guide any organizing committee or participating businesses in preparation for securing such events..

2022-12-02 22:05   BlackBasta ransomware    #alienvault #威胁情报 Members of the Conti ransomware group appear to have splintered into multiple threat groups including BlackBasta, which has become one of the most significant ransomware threats. ThreatLabz has observed more than five victims that have been compromised by BlackBasta 2.0 since the new version’s relea

2022-12-02 22:04   Exposed RDP actively targeted by Threat Actors to deploy Ransomware    #alienvault #威胁情报 Cyble Research and Intelligence Labs (CRIL) discovered multiple ransomware groups targeting open Remote Desktop Protocol (RDP) ports and has identified a number of families that are targeting the same service in the future.

2022-12-02 22:04   Cuba Ransomware    #alienvault #威胁情报 The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-sour

2022-12-02 22:01   Hitching a ride with Mustang Panda    #alienvault #威胁情报 Security firm Avast has uncovered a massive data breach targeting high-profile targets in Myanmar, including the government, state administration, the army and the opposition, and a number of foreign embassies and embassies.