Tag: Threat Intelligence

Official Blog Threat Intelligence May 6, 2024

Uncharmed: Untangling Iran's APT42 Operations

Official Blog Threat Intelligence May 6, 2024

Ransomware Protection and Containment Strategies: Practical Guidance for Hardening and Protecting Infrastructure, Identities and Endpoints

Official Blog Threat Intelligence May 6, 2024

From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis

Official Blog Threat Intelligence April 29, 2024

Poll Vaulting: Cyber Threats to Global Elections - Elections globally are under fire from cyberattacks targeting not just voting systems but campaigns, media, and social media too. State actors pose the biggest threat, but others join in. Strong defenses and awareness of diverse attack methods are crucial to safeguard elections.

Official Blog Security Threat Intelligence April 29, 2024

M-Trends 2024: Our View from the Frontlines - Mandiant's latest M-Trends report highlights a concerning trend: attackers are actively working to evade detection and stay on compromised systems longer. The report analyzes data from 2023, revealing a rise in tactics like targeting unmonitored devices, using zero-day exploits, and leveraging legitimate tools.

Official Blog Threat Intelligence April 29, 2024

FakeNet-NG Levels Up: Introducing Interactive HTML-Based Output - FakeNet-NG is a network analysis tool used to capture network traffic and simulate network services to help researchers understand malware behavior. Recently, FakeNet-NG was updated to generate interactive HTML reports to present captured data in a more user-friendly way.

Official Blog Threat Intelligence April 22, 2024

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm

Official Blog Security Threat Intelligence April 8, 2024

Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - Mandiant has responded to incidents involving exploited Ivanti Connect Secure VPN appliances. This blog post outlines post-exploitation activity observed, including lateral movement and malware deployment. Mandiant recommends patching and following Ivanti's guidance to mitigate the vulnerabilities.

Official Blog Threat Intelligence April 1, 2024

Trends on Zero-Days Exploited In-the-Wild in 2023

Official Blog Threat Intelligence April 1, 2024

SeeSeeYouExec: Windows Session Hijacking via CcmExec - In this blog post, we delve into how the CcmExec service can be utilized for session hijacking and introduce CcmPwn, a tool designed to facilitate this technique.