Incident_Response – Page 5

Articles

Beyond the Headlines: Elevating Threat Intelligence Sharing to Fight Cyber Threats

The need for a collective defense strategy is more critical than ever. The intricate nature of modern attacks calls for a unified approach, one that leverages shared cyber threat intelligence.…

Threat_Actor_Profiles

Unveiling the GRU’s Cyber Playbook – Mandiant

5 August 2023 Threat Analyst

In this blog post, we delve into a comprehensive analysis of a recent article published by Mandiant, a part of Google Cloud, titled “The GRU’s Disruptive Playbook”. The article, authored…

Incident_Reports

PhishForce – Salesforce Zero-Day Exploitation

5 August 2023 Threat Analyst

Introduction A recent zero-day vulnerability in Salesforce’s software was exploited by threat actors to phish Facebook credentials. This incident was first reported by Guardio Labs, who detected a sophisticated email…

Vulnerabilities_Exploits

Critical Vulnerability CVE-2023-39143 in PaperCut Poses RCE Threat to Unpatched Servers

5 August 2023 Threat Analyst

The recently discovered critical security vulnerability in PaperCut’s NG/MF print management software, tracked as CVE-2023-39143 (NVD), has brought attention to the potential risks posed by unpatched Windows servers. This flaw…

Incident_Reports Techniques_Tactics_Procedures

Deceptive Python Package ‘VMConnect’ Targets VMware vSphere Users

4 August 2023 Threat Analyst

A recent cybersecurity incident has brought to light a malicious Python package on the Python Package Index (PyPI), posing as the VMware vSphere connector module ‘vConnector’. This package, named ‘VMConnect’,…

Threat_Actor_Profiles

Threat Actor Profile: Volt Typhoon

1 August 2023 Threat Analyst

In the ever-evolving landscape of cybersecurity in 2023, the activities of state-sponsored Advanced Persistent Threat (APT) groups have become a significant area of focus. Among these, the Chinese APT group…

Threat_Actor_Profiles Trends_Analysis

The Rising Threat of Abyss Locker Ransomware to VMware’s ESXi Servers

31 July 2023 Threat Analyst

A new emerging threat, Abyss Locker ransomware has been making headlines for its targeted attacks on VMware’s ESXi virtualised environments. IOCs however seem sadly lacking. The Abyss Locker Ransomware Launched…

Vulnerabilities_Exploits

CVE-2023-21716: A Critical Heap Corruption Vulnerability in Microsoft Word

31 July 2023 Threat Analyst

CVE-2023-21716 (NVD), a critical flaw in Microsoft Office Word’s RTF parser, has been a focal point in the cybersecurity community since its private disclosure to Microsoft in November 2022. Microsoft…

Vulnerabilities_Exploits

Ivanti Patches another Zero-Day Exploited in Norwegian Government Attacks – Active Exploitation Observed

28 July 2023 Threat Analyst

Ivanti has patched another critical vulnerability in its Endpoint Manager Mobile software (formerly MobileIron Core), which was exploited as a zero-day to breach the IT systems of several ministries in…

Events_Conferences

SANS Digital Forensics Summit 2023

27 July 2023 Threat Analyst

Attention all cybersecurity enthusiasts! The SANS Digital Forensics Summit 2023 is on the horizon. This event is a significant gathering of experts and practitioners in the field of digital forensics…

Beyond the Headlines: Elevating Threat Intelligence Sharing to Fight Cyber Threats

Unveiling the GRU’s Cyber Playbook – Mandiant

PhishForce – Salesforce Zero-Day Exploitation

Critical Vulnerability CVE-2023-39143 in PaperCut Poses RCE Threat to Unpatched Servers

Deceptive Python Package ‘VMConnect’ Targets VMware vSphere Users

Threat Actor Profile: Volt Typhoon

The Rising Threat of Abyss Locker Ransomware to VMware’s ESXi Servers

CVE-2023-21716: A Critical Heap Corruption Vulnerability in Microsoft Word

Ivanti Patches another Zero-Day Exploited in Norwegian Government Attacks – Active Exploitation Observed

SANS Digital Forensics Summit 2023

You missed

Cisco Investigates Data Breach: Sensitive Information Reportedly For Sale on Hacking Forum

Nation-State Adversaries Exploit Ivanti CSA Zero-Days: A Deep Dive into Targeted Attacks and Vulnerability History

Ivanti CSA Hit with Three New Zero-Day Vulnerabilities in Active Exploitation

File Hosting Services Misused for Identity Phishing: Microsoft’s Analysis