2022, Information Security and Security Intelligence

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

In part one of our Black Hat Asia 2022 NOC blog , we discussed building the network with Meraki: . NetWitness PCAP file carving and submission to Cisco Secure Malware Analytics (formerly Threat Grid) for analysis. New Integrations Created at Black Hat Asia 2022. Meraki MR, MS, MX and Systems Manager by Paul Fidler .

Malware

Malware Accountability Technology DNS

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Security Affairs

MAY 18, 2022

pic.twitter.com/Tro0NfMD0j — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. pic.twitter.com/stXJMDMevc — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022. pic.twitter.com/stXJMDMevc — Microsoft Security Intelligence (@MsftSecIntel) May 17, 2022.

Security Intelligence

Security Intelligence Hacking Accountability Malware

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. According to Microsoft the ransomware operators compromised the exposed systems to deploy the NightSky ransomware. trendmrcio[.]com, rogerscorp[.]org,

Ransomware

Ransomware Hacking Internet Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Security Affairs

JULY 1, 2022

Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. — Microsoft Security Intelligence (@MsftSecIntel) June 29, 2022. Pierluigi Paganini.

Security Intelligence

Security Intelligence Malware Hacking Information Security

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Security Affairs

MAY 15, 2022

Microsoft Security Intelligence team Microsoft reported that a new variant of the Sysrv botnet, tracked as Sysrv-K, now includes exploits for vulnerabilities in the Spring Framework and WordPress. — Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022. ” reads a Tweet published by Microsoft.

Security Intelligence

Security Intelligence Malware Backups Architecture

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Security Intelligence

Security Intelligence Manufacturing Cyber threats Accountability

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. On December 6, The Akamai Security Intelligence Response Team (SIRT) published the first update to the InfectedSlurs advisory series. and earlier.

Firmware

Firmware Wireless DDOS IoT

Microsoft blocked Polonium attacks against Israeli organizations

Security Affairs

JUNE 3, 2022

Threat actors were observed abusing OneDrive, for this reason, the IT giant has suspended more than 20 malicious OneDrive applications created by POLONIUM actors, notified affected organizations, and deployed a series of security intelligence updates that will quarantine malicious tools developed by the attackers.

Security Intelligence

Security Intelligence Hacking Antivirus Authentication

SolarWinds Serv-U bug exploited for Log4j attacks

Security Affairs

JANUARY 19, 2022

We reported our discovery to SolarWinds, and security updates have been released. More info: [link] — Microsoft Security Intelligence (@MsftSecIntel) January 19, 2022. In the past, other threat actors exploited Serv-U vulnerabilities to carry out malicious activities.

Authentication

Authentication Hacking Ransomware Security Intelligence

New InfectedSlurs Mirai-based botnet exploits two zero-days

Security Affairs

NOVEMBER 22, 2023

The researchers discovered the botnet in October 2023, but they believe it has been active since at least 2022. In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port.

DDOS

DDOS Wireless Security Intelligence Malware

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

Security Affairs

MAY 20, 2023

Researchers at Microsoft Security Intelligence team published a series of tweets to warn of a new wave of attacks aimed at distributing the Clop ransomware and linked it to the financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7 ). ” reads one of the tweets published by the experts. We are in the final!

Cybercrime

Cybercrime Ransomware Security Intelligence Hacking

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Security Affairs

AUGUST 7, 2023

In October 2022, the Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warned of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter. reads the unclassified National Security Overview 2022 published last week by the Finnish agency.

Ransomware

Ransomware Government Cyber threats Security Intelligence

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

Security Affairs

NOVEMBER 11, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. From August 2022, Recorded Future researchers observed a rise in command and control (C2) infrastructure used by Sandworm (tracked by Ukraine’s CERT-UA as UAC-0113).

Ransomware

Ransomware Telecommunications DNS Hacking

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

Throughout 2022, both groups targeted sectors included academia, defence, governmental organisations, NGOs, think-tanks, as well as politicians, journalists and activists. SEABORGIUM’s campaigns begin with a reconnaissance activity of target individuals, with a focus on identifying their contacts on social networks or the sphere of influence.

Phishing

Phishing Media Hacking Education

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

VMware urges customers to patch VMware Horizon servers against Log4j attacks

Security Affairs

JANUARY 26, 2022

link] — Kevin Beaumont (@GossiTheDog) January 20, 2022. link] — Microsoft Security Intelligence (@MsftSecIntel) January 11, 2022. to add a shell.

Internet

Internet Internet Ransomware Hacking

IT giants warn of ongoing Chromeloader malware campaigns

Security Affairs

SEPTEMBER 20, 2022

pic.twitter.com/v6sexKgDSg — Microsoft Security Intelligence (@MsftSecIntel) September 16, 2022. Microsoft researchers are tracking an ongoing wide-ranging click fraud campaign where attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices.

Malware

Malware Adware Ransomware Security Intelligence

European firm DSIRF behind the attacks with Subzero surveillance malware

Security Affairs

JULY 28, 2022

Researchers from threat intelligence firm RiskIQ, using passive DNS data related to Knotweed attacks, linked the C2 infrastructure used by the malware since February 2020 to DSIRF. One of the zero-day exploits used in Knotweed attacks was triggering the recently patched CVE-2022-22047 issue. or later to detect the related indicators.

Surveillance

Surveillance Malware Authentication Accountability

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Security Affairs

OCTOBER 16, 2022

Get TTPs and protection info: [link] — Microsoft Security Intelligence (@MsftSecIntel) October 14, 2022. Several notable features differentiate this ransomware from other campaigns and payloads tracked by MSTIC.

Ransomware

Ransomware Encryption Backups Security Intelligence

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage.

Phishing

Phishing Accountability Hacking Surveillance

Cyber Security Informer

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Microsoft warns of attacks targeting MSSQL servers using the tool sqlps

Webinars

Trending Sources

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Webinars

A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Sysrv-K, a new variant of the Sysrv botnet includes new exploits

Finnish intelligence warns of Russia’s cyberespionage activities

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Microsoft blocked Polonium attacks against Israeli organizations

SolarWinds Serv-U bug exploited for Log4j attacks

New InfectedSlurs Mirai-based botnet exploits two zero-days

Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware

The number of ransomware attacks targeting Finland increased fourfold since it started the process to join NATO

Russia-linked IRIDIUM APT linked to Prestige ransomware attacks against Ukraine

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Updated Kmsdx botnet targets IoT devices

VMware urges customers to patch VMware Horizon servers against Log4j attacks

IT giants warn of ongoing Chromeloader malware campaigns

European firm DSIRF behind the attacks with Subzero surveillance malware

Mysterious Prestige ransomware targets organizations in Ukraine and Poland

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Stay Connected