2023-02-08 19:00   THREAT ALERT: GootLoader - SEO Poisoning and Large Payloads Leading to Compromise    #cybereason #威胁情报 The Cybereason Incident Response (IR) team investigated an incident which involved new deployment methods of the GootLoader malware loader through heavily-obfuscated JavaScript files. In addition to the new techniques used to load GootLoader, Cybereason also observed the deployment of addition

2023-02-07 01:41   Cybereason advances prevention, data collection, investigation, and management capabilities    #cybereason #威胁情报 The latest release of the Cybereason Defense Platform is packed with new innovations to ensure that our customers have an advantage over attackers. The latest enhancements include improvements to prevention, data collection, investigation, and management capabilities. 

2023-02-01 02:19   You Should Be Afraid of SIM Swaps    #cybereason #威胁情报 If SIM swap stories ever make the news, almost uniformly, they focus on people who lost a lot of money. But SIM swaps also take a psychological toll. Getting cut off from the grid all of a sudden, not knowing why, not being able to call for help. Even when it’s over, you ne

2023-01-24 23:17   FBI vs. REvil [ML BSide]    #cybereason #威胁情报 A year ago we told you the story of Kaseya: an IT solutions company that was breached on July 2021, and its servers were used to spread ransomware to an estimated 800 to 1500 small to medium-sized businesses.

2023-01-21 01:11   Cyberbunker, Part 2    #cybereason #威胁情报 Spamhaus's decision to add Cyberbunker to its list of Spam sources led the Stophaus coalition to initiate a DDoS attack later dubbed “The attack that almost broke the Internet.” The fallout from this attack led to Cyberbunker relocating to a bunker in Germany - but it was t

2023-01-19 22:00   7 Requirements for a Successful XDR Strategy    #cybereason #威胁情报 Definitions of Extended Detection and Response (XDR) are as diverse as the modern attack surface, creating uncertainty in the minds of security practitioners who have been given the task of upgrading their Security Operations Center’s ability to protect the complete organization from cyber thr

2023-01-19 21:00   Sliver C2 Leveraged by Many Threat Actors    #cybereason #威胁情报 What you need to know about this attack framework before it replaces Cobalt Strike This particular Threat Analysis report is part of a series named “Purple Team Series”, covering widely used attack techniques, how threat actors are leveraging them and how to detect their use.

2023-01-17 23:21   RSA Conference 2023 Promises New Concepts, Diversity of Ideas    #cybereason #威胁情报 The new year is always a time to reflect on what's coming next. As part of the RSA Conference program committee (having worked on the Hackers & Threats track for a number of years), I’m very privileged to see everyone's perspectives. This year I’m happy to report there was a significant gr

2023-01-12 03:45   Cyberbunker, Part 1    #cybereason #威胁情报 Sven Kamphuis and Herman Johan Xennt are quite dissimilar: one is young, the other is old, one is a Freedom Fighter, the other a businessman. In 1996, their unlikely partnership coalesced around a mutual deep hatred towards authority - and around a very unusual building: a Cold-War era nu

2023-01-10 20:00   THREAT ANALYSIS: From IcedID to Domain Compromise    #cybereason #威胁情报 BACKGROUND In this Threat Analysis report, the Cybereason team investigates a recent IcedID infection that illustrates the tactics, techniques, and procedures (TTPs) used in a recent campaign. IcedID, also known as BokBot, is traditionally known as a banking trojan used to steal financial info

2023-01-10 02:47   MITRE ATT&CK and the Art of Building Better Defenses    #cybereason #威胁情报 MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (MITRE ATT&CK) is a critical tool for security practitioners seeking to understand how attackers move, operate, and conduct their attacks. Designed to look at attacks from the attacker’s perspective, it catalogs the attack lifec

2023-01-04 01:01   How Netflix Learned Cloud Security [ML B-Side]    #cybereason #威胁情报 2011 was a pivotal year for Netflix: the now hugely successful company was then in the midst of a formidable transformation, changing from a mail-based DVD rental service to the modern streaming service that it is today. It was at this crucial point in the company’s history that Jason Cha

2022-12-20 05:40   Malicious Life Podcast: Fred Cohen, The Godfather of Computer Viruses [ML B-Side]    #cybereason #威胁情报 In his 1984 seminal paper - Computer Viruses: Theory and Experiments - Dr. Fred Cohen not only introduced the name ‘computer virus’, a term invented by his mentor, Leonard Adelman, but was also the first to analyze computer viruses in a rigorous mathematical way, proving that computer viruses

2022-12-14 21:40   Royal Rumble: Analysis of Royal Ransomware    #cybereason #威胁情报 The Royal ransomware group emerged in early 2022 and has gained momentum since the middle of the year. Its ransomware, which the group deploys through different TTPs, has impacted multiple organizations across the globe. The group itself is suspected of consisting of former members of other ra

2022-12-14 03:44   Case Study: How Cybereason MDR Improved Olist’s Triage & Response Time    #cybereason #威胁情报 Olist, a Brazilian e-commerce marketplace integrator, is one of the fastest-growing eCommerce platforms in the world. Last year, for example, it closed four acquisitions and tripled in size. Today, it is rapidly expanding beyond Brazil.