Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, […]
React to this headline:
Defenders must adapt to shrinking exploitation timelines Read More »
Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to
React to this headline:
Private US companies targeted by Stonefly APT Read More »
North Korea Hackers Linked to Breach of German Missile Manufacturer 2024-09-30 at 20:46 By Ryan Naraine The targeting of Diehl Defence is significant because the company specializes in the production of missiles and ammunition. The post North Korea Hackers Linked to Breach of German Missile Manufacturer appeared first on SecurityWeek. This article is an excerpt
React to this headline:
North Korea Hackers Linked to Breach of German Missile Manufacturer Read More »
Iranian APT Operating as Initial Access Provider to Networks in the Middle East 2024-09-24 at 19:01 By Ionut Arghire Iranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East. The post Iranian APT Operating as Initial Access Provider to Networks in the Middle East appeared first
React to this headline:
Iranian APT Operating as Initial Access Provider to Networks in the Middle East Read More »
Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers 2024-09-23 at 20:31 By Ryan Naraine Mandiant shines the spotlight on the growing infiltration of US and Western companies by North Korean fake IT workers. The post Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers appeared first on SecurityWeek.
React to this headline:
Mandiant Offers Clues to Spotting and Stopping North Korean Fake IT Workers Read More »
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released 2024-08-05 at 15:46 By Industry News A partnership of 28 industry leaders serving public and private organizations across the vendor and consumer community volunteered their time, effort, and experience to launch the first version of the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), designed as the first-of-its-kind
React to this headline:
Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) released Read More »
Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine 2024-07-25 at 14:16 By Ryan Naraine A fresh Mandiant report documents North Korea’s APT45 as a distinct hacking team conducting cyberespionage and ransomware operations. The post Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine appeared first on SecurityWeek. This article is
React to this headline:
Mandiant Shines Spotlight on APT45 Behind North Korea’s Digital Military Machine Read More »
Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns 2024-07-18 at 22:01 By Ryan Naraine Chinese government-backed hacking team caught breaking into organizations in shipping, logistics and automotive sectors in Europe and Asia. The post Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns appeared first on SecurityWeek. This
React to this headline:
Chinese Hacking Group APT41 Infiltrates Global Shipping and Tech Sectors, Mandiant Warns Read More »
YetiHunter: Open-source threat hunting tool for Snowflake environments 2024-06-14 at 13:31 By Zeljka Zorz Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage and
React to this headline:
YetiHunter: Open-source threat hunting tool for Snowflake environments Read More »
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that
React to this headline:
MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect
React to this headline:
MITRE breach details reveal attackers’ successes and failures Read More »
Accenture partners with Mandiant to improve cybersecurity operations 2024-05-08 at 10:46 By Industry News Accenture and Mandiant, part of Google Cloud, are teaming up to collaboratively deliver cyber resilience services to help organizations more efficiently detect, investigate, respond to and recover from cyberattacks. As part of the partnership, Accenture will utilize Mandiant Threat Intelligence, a
React to this headline:
Accenture partners with Mandiant to improve cybersecurity operations Read More »
Google Debuts New Security Products, Hyping AI and Mandiant Expertise 2024-05-06 at 21:21 By Ryan Naraine Google rolls out new threat-intel and security operations products and looks to the magic of AI to tap into the booming cybersecurity market. The post Google Debuts New Security Products, Hyping AI and Mandiant Expertise appeared first on SecurityWeek.
React to this headline:
Google Debuts New Security Products, Hyping AI and Mandiant Expertise Read More »
Global attacker median dwell time continues to fall 2024-04-24 at 14:01 By Help Net Security While the use of zero-day exploits is on the rise, Mandiant’s M-Trends 2024 report reveals a significant improvement in global cybersecurity posture: the global median dwell time – the time attackers remain undetected within a target environment – has reached
React to this headline:
Global attacker median dwell time continues to fall Read More »
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success 2024-04-23 at 17:16 By Kevin Townsend Mandiant’s M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand. The post The
React to this headline:
MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is
React to this headline:
MITRE breached by nation-state threat actor via Ivanti zero-days Read More »
Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from
React to this headline:
Zero-day exploitation surged in 2023, Google finds Read More »
Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit
React to this headline:
Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »
APT29 hit German political parties with bogus invites and malware 2024-03-25 at 11:46 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations
React to this headline:
APT29 hit German political parties with bogus invites and malware Read More »
Russian APT29 Hackers Caught Targeting German Political Parties 2024-03-22 at 18:47 By Ryan Naraine Russia’s APT29 hacking group is expanding targets to political parties in Germany using a new backdoor variant tracked as Wineloader. The post Russian APT29 Hackers Caught Targeting German Political Parties appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
React to this headline:
Russian APT29 Hackers Caught Targeting German Political Parties Read More »