Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities

Credit to Author: Ian Kenefick| Date: Tue, 27 Feb 2024 00:00:00 +0000

This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.

Read more

LockBit Attempts to Stay Afloat With a New Version

Credit to Author: Trend Micro Research| Date: Thu, 22 Feb 2024 00:00:00 +0000

This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.

Read more

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver 

Credit to Author: Emmanuel Panopio| Date: Tue, 23 Jan 2024 00:00:00 +0000

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.  

Read more

Cloud Security Predictions at AWS re:Invent 2023

Credit to Author: Jon Clay| Date: Mon, 27 Nov 2023 00:00:00 +0000

Heading to AWS re:Invent 2023? Don’t miss out on our talk with Melinda Marks, ESG Practice Director for Cybersecurity, about cloud detection and response (CDR) and what’s trending in cloud security.

Read more

ALPHV/BlackCat Take Extortion Public

Credit to Author: Jon Clay| Date: Fri, 17 Nov 2023 00:00:00 +0000

Learn more about ALPHV filing a complaint with the Security and Exchange Commission (SEC) against their victim, which appears to be an attempt to influence MeridianLink to pay the ransom sooner than later.

Read more

DarkGate Opens Organizations for Attack via Skype, Teams

Credit to Author: Trent Bessell| Date: Thu, 12 Oct 2023 00:00:00 +0000

We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.

Read more

Electric Power System Cybersecurity Vulnerabilities

Credit to Author: Mayumi Nishimura| Date: Fri, 06 Oct 2023 00:00:00 +0000

Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.

Read more