Tag: Threat Intelligence

Official Blog Threat Intelligence July 22, 2024

APT41 Has Arisen From the DUST

Gemini Official Blog Security Threat Intelligence July 22, 2024

AI-Powered Learning: Your NIST NICE Prompt Library (Built with Google Gemini) - The NIST NICE framework provides a roadmap for cybersecurity education and workforce development. It maps roles to specific tasks, knowledge, and skills (TKSs) necessary for successful responsibilities. AI-powered prompts can help you navigate this roadmap and accelerate your mastery of the essential competencies outlined in the NICE framework.

Gemini Official Blog Threat Intelligence July 22, 2024

Scaling Up Malware Analysis with Gemini 1.5 Flash - Google's Gemini 1.5 Flash model, designed for large-scale malware analysis, processes up to 1,000 requests per minute and 4 million tokens per minute. It analyzes decompiled binaries, providing accurate summary reports in human-readable language.

Security Threat Intelligence July 22, 2024

Google Cloud Security Threat Horizons Report #10 Is Out!

Official Blog Threat Intelligence July 15, 2024

Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO - NATO faces a barrage of malicious cyber activity from state-sponsored actors, hacktivists, and criminals. These threats include cyber espionage, disruptive and destructive cyberattacks, disinformation and information operations. The war in Ukraine has coincided with bolder and reckless cyber activity against NATO allies.

Official Blog Threat Intelligence July 1, 2024

Global Revival of Hacktivism Requires Increased Vigilance from Defenders - Hacktivism has seen a resurgence since early 2022, with actors using more sophisticated tactics and targeting a wider range of organizations. This new wave of hacktivism is driven by various motivations, including geopolitical conflicts, financial gain, and anti-establishment ideologies.

Official Blog Threat Intelligence June 24, 2024

Cloaked and Covert: Uncovering UNC3886 Espionage Operations

Official Blog Threat Intelligence June 17, 2024

UNC3944 Targets SaaS Applications - UNC3944, a financially motivated threat group, has shifted its focus from credential harvesting and ransomware to data theft extortion without ransomware. They target SaaS applications and use social engineering techniques to gain initial access, often by impersonating IT support and requesting MFA resets. UNC3944 abuses Okta permissions to expand intrusion beyond on-premises infrastructure to cloud and SaaS applications. To mitigate these threats, organizations should implement host-based certificates with multi-factor authentication for VPN access, create stricter conditional access policies, and monitor SaaS applications for suspicious activity.

Official Blog Threat Intelligence June 17, 2024

Insights on Cyber Threats Targeting Users and Enterprises in Brazil - Brazil faces a unique cyber threat landscape due to the interplay of global and local threats. Cyber espionage actors from various countries target Brazilian users and organizations, with PRC, North Korea, and Russia being the most prominent. Brazil also faces threats from domestic cybercriminals who engage in account takeovers, carding, fraud, and banking malware deployment. The rise of the Global South, with Brazil at the forefront, marks a shift in the geopolitical landscape that extends into the cyber realm, making Brazil an increasingly attractive target for cyber threats.

Official Blog Threat Intelligence June 17, 2024

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion - UNC5537, a financially motivated threat actor, has been targeting Snowflake customer database instances for data theft and extortion. The threat actor gains access to Snowflake customer instances using stolen customer credentials obtained from infostealer malware campaigns. UNC5537 has compromised multiple organizations' Snowflake instances, exfiltrated sensitive data, and attempted to extort the victims. The campaign highlights the importance of enforcing multi-factor authentication, rotating credentials regularly, and implementing network allow lists to protect against unauthorized access.

Official Blog Threat Intelligence June 10, 2024

Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics - The 2024 Paris Olympics face an elevated risk of cyber threats, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.

Official Blog Threat Intelligence June 10, 2024

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools

Official Blog Threat Intelligence May 27, 2024

IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders - China-nexus cyber espionage actors are increasingly using ORB networks to conduct espionage operations, making it more difficult for defenders to detect and attribute attacks. ORB networks are made up of compromised devices, such as routers and IoT devices, that are used to relay traffic and obfuscate the source of attacks. This trend is challenging traditional defense strategies that rely on blocking adversary infrastructure, as ORB networks are constantly evolving and difficult to track.

Official Blog Threat Intelligence May 27, 2024

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets - Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches. To protect your secrets, store them in a dedicated secrets manager, closely review Bitbucket artifact objects, and deploy code scanning throughout the full lifecycle of your pipeline.

Official Blog Security Threat Intelligence May 13, 2024

Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale

Official Blog Threat Intelligence May 6, 2024

Uncharmed: Untangling Iran's APT42 Operations

Official Blog Threat Intelligence May 6, 2024

Ransomware Protection and Containment Strategies: Practical Guidance for Hardening and Protecting Infrastructure, Identities and Endpoints

Official Blog Threat Intelligence May 6, 2024

From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis

Official Blog Threat Intelligence April 29, 2024

Poll Vaulting: Cyber Threats to Global Elections - Elections globally are under fire from cyberattacks targeting not just voting systems but campaigns, media, and social media too. State actors pose the biggest threat, but others join in. Strong defenses and awareness of diverse attack methods are crucial to safeguard elections.

Official Blog Security Threat Intelligence April 29, 2024

M-Trends 2024: Our View from the Frontlines - Mandiant's latest M-Trends report highlights a concerning trend: attackers are actively working to evade detection and stay on compromised systems longer. The report analyzes data from 2023, revealing a rise in tactics like targeting unmonitored devices, using zero-day exploits, and leveraging legitimate tools.

Official Blog Threat Intelligence April 29, 2024

FakeNet-NG Levels Up: Introducing Interactive HTML-Based Output - FakeNet-NG is a network analysis tool used to capture network traffic and simulate network services to help researchers understand malware behavior. Recently, FakeNet-NG was updated to generate interactive HTML reports to present captured data in a more user-friendly way.

Official Blog Threat Intelligence April 22, 2024

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm

Official Blog Security Threat Intelligence April 8, 2024

Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies - Mandiant has responded to incidents involving exploited Ivanti Connect Secure VPN appliances. This blog post outlines post-exploitation activity observed, including lateral movement and malware deployment. Mandiant recommends patching and following Ivanti's guidance to mitigate the vulnerabilities.

Official Blog Threat Intelligence April 1, 2024

Trends on Zero-Days Exploited In-the-Wild in 2023

Official Blog Threat Intelligence April 1, 2024

SeeSeeYouExec: Windows Session Hijacking via CcmExec - In this blog post, we delve into how the CcmExec service can be utilized for session hijacking and introduce CcmPwn, a tool designed to facilitate this technique.