Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker […]

The post Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain appeared first on Security Intelligence.

Continue reading Attacker exploits vulnerability in Active Directory Certificate Services to take control of domain

BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

In late April through May 2023, IBM Security X-Force found several phishing emails leading to packed executable files delivering malware we have named BlotchyQuasar, likely developed by a group X-Force tracks as Hive0129. BlotchyQuasar is hardcoded to collect credentials from multiple Latin American-based banking applications and websites used within public and private environments. Similar operations […]

The post BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan appeared first on Security Intelligence.

Continue reading BlotchyQuasar: X-Force Hive0129 targeting financial intuitions in LATAM with a custom banking trojan

Is your browser betraying you? Emerging threats in 2023

Network attacks (IPS detections) have remained relatively flat over the last three quarters, technically down a bit more than 3%, according to WatchGuard. “Organisations need to pay more active, ongoing attention to the existing security solutions and … Continue reading Is your browser betraying you? Emerging threats in 2023

How to cultivate a culture of continuous cybersecurity improvement

Regulatory compliance and cybersecurity improvement are not two sides of the same coin: they are distinct pillars that demand specialized attention. Achieving compliance does not create an impenetrable fortress against threats, it merely creates a base… Continue reading How to cultivate a culture of continuous cybersecurity improvement

Cyware Snags $30M for Threat Intel Infrastructure Tech

New York startup $30 million in new financing to fuel plans to take advantage of the demand for AI-powered threat-intel security tools.
The post Cyware Snags $30M for Threat Intel Infrastructure Tech appeared first on SecurityWeek.
Continue reading Cyware Snags $30M for Threat Intel Infrastructure Tech

The Trickbot/Conti Crypters: Where Are They Now?

Despite Conti shutdown, operators remain active and collaborative in new factions In IBM Security X-Force, we have been following the crypters used by the Trickbot/Conti syndicate, who we refer to as ITG23, since 2021 and demonstrated the intelligence that can be revealed through tracking their use in a blog we published last May. One year […]

The post The Trickbot/Conti Crypters: Where Are They Now? appeared first on Security Intelligence.

Continue reading The Trickbot/Conti Crypters: Where Are They Now?

All About PowerShell Attacks: The No. 1 ATT&CK Technique

How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework. The study revealed that PowerShell Command & […]

The post All About PowerShell Attacks: The No. 1 ATT&CK Technique appeared first on Security Intelligence.

Continue reading All About PowerShell Attacks: The No. 1 ATT&CK Technique

Compromised ChatGPT accounts garner rapid dark web popularity

Compromised credentials were found within the logs of info-stealing malware traded on illicit dark web marketplaces over the past year, according to Group-IB. The number of available logs containing compromised ChatGPT accounts reached a peak of 26,802… Continue reading Compromised ChatGPT accounts garner rapid dark web popularity