A creative exploit of Palo Alto Networks’ extended detection and response (XDR) software could have allowed attackers to puppet it like a malicious multitool. In a briefing at Black Hat Asia this week, Shmuel Cohen, security researcher at SafeBreach, described how he not only reverse-engineered and cracked into the company’s signature Cortex product but also […]
Apr 18, 2024NewsroomIncident Response / Cyber Espionage Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. “The documents contained […]
The public draft – titled Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, was published by NIST on April 3. The agency is seeking public comments on the draft through May 20.
Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the likelihood of a successful phishing attack, since these sites often have a favorable […]
The European Union (EU) has agreed new rules to strengthen cyber incident response and recovery across member states, which has been dubbed the ‘cyber solidarity act.’ The provisional regulation aims to make the EU more resilient and reactive to cyber threats via new cooperation mechanisms. This includes the establishment of an EU-wide cybersecurity alert system, […]
Cybercrime , Endpoint Detection & Response (EDR) , Fraud Management & Cybercrime Qakbot Wouldn’t Be the First Trojan to Come Back After a Takedown Akshaya Asokan (asokan_akshaya) • February 13, 2024 Security researchers are seeing new examples of Qakbot malware. (Image: Shutterstock) Takedowns aren’t always forever in cyberspace. Months after a U.S. law […]
Incident response (IR) is a race against time. You engage your internal or external team because there’s enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files […]
Sashkinw/Getty Images Unit 42 is the threat intelligence and response arm of Palo Alto Networks and has recently released its Ransomware Retrospective 2024: Unit 42 Leak Site Analysis. In the report, Unit 42 found a “49% increase in in victims reported by ransomware leak sites” compared to 2022. According to Unit 42, 2023 saw specific […]
Feb 02, 2024NewsroomCryptojacking / Malware The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027. DirtyMoe, active since at least 2016, is capable of carrying […]