Phishing from threat actor TA473 targets US and NATO officials

These phishing campaigns are exploiting a Zimbra vulnerability and affecting internet-facing webmail services. Learn how to protect your organization from this security threat.
The post Phishing from threat actor TA473 targets US and NATO officials app… Continue reading Phishing from threat actor TA473 targets US and NATO officials

Commenting on the SANS Threat Intelligence Summit 2021 Presentations – An Analysis and Practical Recommendations

Hi everyone,I recently came across to the entire portfolio of SANS Threat Intelligence Summit presentations which are currently online at YouTube and I’ve decided to take the time and effort to go through them and offer practical and relevant threat in… Continue reading Commenting on the SANS Threat Intelligence Summit 2021 Presentations – An Analysis and Practical Recommendations

Cybereason vs. Prometheus Ransomware

Prometheus is a relatively new variant of the Thanos ransomware that is operated independently by the Prometheus group, and was first observed in February of 2021. In just a short period of time, Prometheus caused a lot of damage, and breached over 40 … Continue reading Cybereason vs. Prometheus Ransomware

Deja Vu: What Do NotPetya and SolarWinds Have in Common?

As I was waking up in Boston on the morning of June 27, 2017, reports were being shared on social media that an electric power supplier in Ukraine was hit by a cyber attack. Within about an hour, a Danish power supplier was also knocked offline an… Continue reading Deja Vu: What Do NotPetya and SolarWinds Have in Common?

Malicious Life Podcast: China’s Unrestricted Cyberwarfare Part 3

For more than a decade, China orchestrated a sophisticated espionage campaign against Nortel Networks, using Huawei, Chinese civilians working in Canada, and even organized crime gangs to steal important technical and operational information. When… Continue reading Malicious Life Podcast: China’s Unrestricted Cyberwarfare Part 3

SolarWinds Threat Actors Behind New Email Attack Campaign

The threat actors behind last year’s SolarWinds supply chain attack have launched a new email attack campaign aimed at organizations around the world. This attack wave attracted the attention of the Microsoft Threat Intelligence Center (MSTIC) on … Continue reading SolarWinds Threat Actors Behind New Email Attack Campaign

The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow

In the past few months, we’ve faced massive attacks with SolarWinds and the HAFNIUM attacks targeting Microsoft Exchange, followed by the unprecedented ransomware attack by DarkSide that crippled US critical infrastructure. It is time to ask ourse… Continue reading The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow

Malicious Life Podcast: China’s Unrestricted Cyberwarfare Part 2

In China’s Unrestricted Cyberwarfare Part 1 we explored the story of two Chinese military officers, veterans of the semi-conflict with Taiwan, who helped shape the role of cyber in modern warfare in China and beyond with special guest Lieutenant C… Continue reading Malicious Life Podcast: China’s Unrestricted Cyberwarfare Part 2

Ransomware Trends: Six Notable Ransomware Attacks from 2021

The security community witnessed triple-digit growth in the number of publicly disclosed ransomware incidents in 2020. As noted in a previous blog post on Five Things You Need to Know About Ransomware Attacks, ransomware attacks grew 715% in H1 20… Continue reading Ransomware Trends: Six Notable Ransomware Attacks from 2021

Malicious Life Podcast: The Untold Story of the RSA Breach Part 2

In March of 2011, security vendor RSA was the target of an attack that compromised sensitive data related to the company’s flagship SecureID product, a solution that was in-use by thousands of high-profile clients around the world including the U…. Continue reading Malicious Life Podcast: The Untold Story of the RSA Breach Part 2