IM
IronMonkey Threat Research
LIVE
|
Articles 27,093
|
CVEs 348,840
|
APT Groups 800
|
Tools 2,196
|
Updated recently
Today Yesterday All 27,061 articles — Page 834 of 903
Wiz Blog | RSS feed ·

Strategies for tracking and defending against malicious activity and threats in the cloud using atomic indicators of compromise (IOCs).

Information Technology Financial Services
Infostealers Archives | InfoStealers ·

Sextortion schemes are about to take a much darker turn. With the rise of Infostealer malware, the game is changing. Hackers will no longer rely on fake threats or generic scare tactics like...

Financial Services Transportation Systems
Recorded Future ·

Learn how DORA enhances operational resilience for financial institutions in the EU, focusing on ICT risk management, third-party oversight, and more.

Financial Services Food and Agriculture
Cloud Threat Landscape ·

Datadog Security Research has uncovered a sophisticated cryptojacking campaign targeting microservice technologies, specifically Docker and Kubernetes. The threat actors exploit exposed Docker...

Financial Services
@BushidoToken Threat Intel ·

Introduction Based on feedback I have received from fellow CTI researchers, incident responders, and managed detection and response teams around my Ransomware Tool Matrix project, I decided to...

Cozy Bear Fancy Bear Financial Services Energy
@BushidoToken Threat Intel ·

Introduction Russian state-sponsored threat groups, such as Fancy Bear (APT28), Cozy Bear (APT29), Turla, and Sandworm, among others, are well-known for complex cyber-espionage operations,...

Sandworm Cozy Bear Fancy Bear Defense Industrial Base Communications
McAfee Labs | McAfee Blogs ·

Authored by Yashvi Shah and Aayush Tyagi Executive summary McAfee Labs recently observed an infection chain where fake CAPTCHA pages... The post Behind the CAPTCHA: A Clever Gateway of Malware...

Financial Services Commercial Facilities
WeLiveSecurity ·

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process

Infostealers Archives | InfoStealers ·

German authorities recently took down 47 cryptocurrency exchanges used by ransomware groups, money launderers, and botnet operators. Although the domains have been seized, no arrests have been...

Financial Services
Cloud Threat Landscape ·

UNC1860 is an Iranian state-sponsored threat actor, likely affiliated with Iran's Ministry of Intelligence and Security (MOIS). This group specializes in gaining persistent access to high-priority...

UNC1860 Communications
Maxwell Dulin's Resources ·

The author found several weird quirks and behaviors that were not useful individually. By combining all of these together, they were able to steal files on Google Slides with YouTube. Google...

Maxwell Dulin's Resources ·

Simple Serialize (SSZ) is used by Ethereum clients in the consensus protocol and in P to P communication. The SSZ soundness depends on the involutive and injective property. The involutive...

Transportation Systems
Blue Team Archives - Black Hills Information Security, Inc. ·

Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the...

Blue Team Incident Response
McAfee Labs | McAfee Blogs ·

Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are being found. One... The post Cracked Software or Cyber Trap? The Rising Danger of...

Financial Services Commercial Facilities
WeLiveSecurity ·

How do analyst relations professionals sort through the noise to help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out.

Recorded Future ·

Close detection gaps with actionable threat intelligence. Integrate diverse data sources for comprehensive visibility and proactive cybersecurity defense.

Transportation Systems Information Technology
WeLiveSecurity ·

Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help

Financial Services
maxwelldulin ·

Fuzzing is a technique that many of us know and love. But why is it so effective? This talk aims to go through the origins of fuzzing and why it works as well as it does. The origins stem back to...

Maxwell Dulin's Resources ·

SSH has a problem where a passive observer is able to deduce some information via the metadata, which violates most cryptographic principles. By default, each keystroke is clearly identified and...

Wiz Blog | RSS feed ·

Getting the most value out of your cloud logs

Information Technology Communications
Data and computer security | The Guardian ·

Alternative relationships site says it has resolved concerns about data security that tech firm claims to have uncoveredBusiness live – latest updatesUsers of Feeld, a dating app aimed at...

Financial Services
WeLiveSecurity ·

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

Communications
Recorded Future ·

The "Marko Polo" cybercriminal group has rapidly expanded its operations, employing infostealer malware and social engineering tactics to target cryptocurrency influencers, online gaming...

Cloud Threat Landscape ·

On 2024-09-17, an incident was reported, involving 0ktapus, gaining initial access via Unknown, while using Create or modify firewall or security group rules, OS password reset, Create SSH...

Cloud Threat Landscape ·

On 2024-09-17, an incident was reported, involving 0ktapus, gaining initial access via End-user compromise, while using Vishing, MFA enrollment, Cloud API e, to achieve RansomOp.

Cloud Threat Landscape ·

On 2024-09-17, an incident was reported, involving an unknown actor, gaining initial access via Exposed secret, targeting GitHub to achieve Data exfiltration.

Wiz Blog | RSS feed ·

Wiz collaborates with Microsoft on the quest to make the cloud more secure for everyone.

Information Technology
WeLiveSecurity ·

Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one

Maxwell Dulin's Resources ·

macOS calendar is paired with all of the other macOS services like Mail. The author found a bug in it to get RCE, which is terrifying. They don't just show the bug - they show how to get steal...

Maxwell Dulin's Resources ·

URLs are notoriously hard to parse. This article is a list of easy to try URL domain bypasses. This includes absolute URLs, CORS bypasses and weird host headers. The domains contain different...