Detecting Microsoft 365 and Azure Active Directory Backdoors
Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing...
The FBI, DHS & CISA Top 10 Most Exploited Vulnerabilities
Two US cyber-security agencies published this week a list of the top 10 most commonly exploited software vulnerabilities across the last four years, between 2016 and 2019.
The report, authored...
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
Threat Research Blog
Smoking Out a DARKSIDE Affiliate’s Supply Chain Software Compromise
June 16, 2021 |
by Tyler McLellan, Robert Dean, Justin Moore, Nick Harbour, Mike Hunhoff, Jared Wilson, Jordan Nuce
...
Why You Need Cybersecurity to Protect Your Greatest Assets
By: Tina Martin
Why You Need Cybersecurity to Protect Your Greatest Assets
When it comes to cybersecurity, you can never be too careful. After all, not everyone is clued-up with the...
Denial Of Service Vulnerability in VMWare Workstation 15
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15.
VMware allows users to set up virtual machines and...
Bad Bots – How To Fight Them and What Are They
Author: Asim Rahal
Bad internet bot traffic rose by 18.1% in 2019, and it now accounts for nearly one-quarter of all internet traffic
The figure above, which comes from Imperva’s 2020 Bad...
WhatsApp can be forced to decrypt WhatsApp Google Drive backups by state surveillance
The AES-GCM-256 key is stored and generated by WhatsApp server and is sent to the client. When a user signs in to new device, it retrieves the key from the server...
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...
Russian Military Hackers Sandworm Exploiting Mail Software Says NSA
By Sergiu Gatlan
The U.S. National Security Agency (NSA) says that Russian military threat actors known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software...
So Unchill: Melting UNC2198 ICEDID to Ransomware Operations
Mandiant Advanced Practices (AP) closely tracks the shifting tactics, techniques, and procedures (TTPs) of financially motivated groups who severely disrupt organizations with ransomware. In May 2020, FireEye released a...
