Category Archives: Threat intelligence

Data on 3.2 million DriveSure clients exposed on hacking forum

Hackers published data on 3.2 million users lifted from DriveSure data on the Raidforums hacking forum late last month. To prove the data’s quality, threat actor “pompompurin” detailed the leaked files and user information information in a lengthy post, according to researchers at Risk Based Security, who were the first to report the breach. The…

The post Data on 3.2 million DriveSure clients exposed on hacking forum appeared first on SC Media.

Continue reading

Posted in Data Protection, Data security, Security News, Threat intelligence | Comments Off on Data on 3.2 million DriveSure clients exposed on hacking forum

Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs

Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries still struggle to define what it actually means to them: which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.

The post Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs appeared first on SC Media.

Continue reading

Posted in Network Security, Security News, Security strategy, Threat intelligence | Comments Off on Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs

Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide

Some 250 servers were apparently breached by the Lebanese Cedar APT group, an organization with suspected links to the Hezbollah Cyber Unit in Lebanon. The target victims include companies from many countries, including the United States, United Kingdom, Saudi Arabia, Egypt, Jordan, Lebanon, Israel and the Palestinian Authority. Many more companies and organizations have been…

The post Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide appeared first on SC Media.

Continue reading

Posted in APTs/cyberespionage, Cyberespionage, Security News, Threat intelligence, Threat Security Intelligence | Comments Off on Lebanese APT group with suspected links to Hezbollah breached 250 servers worldwide

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.

The post Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers appeared first on SC Media.

Continue reading

Posted in DDoS, Security News, Threat intelligence, Vulnerabilities, Vulnerability Management | Comments Off on Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

BEC attack techniques exploit Microsoft 365 messages

Attackers exploit Microsoft 365 “read receipt” and “out of office” message loopholes to evade auto-remediation of a malicious email.

The post BEC attack techniques exploit Microsoft 365 messages appeared first on SC Media.

Continue reading

Posted in Email Security, Security News, Threat intelligence | Comments Off on BEC attack techniques exploit Microsoft 365 messages

Google discloses spearphishing targeting security researchers

Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.

The post Google discloses spearphishing targeting security researchers appeared first on SC Media.

Continue reading

Posted in Featured, Phishing, Security News, Threat intelligence | Comments Off on Google discloses spearphishing targeting security researchers

In second attack DDoS group demands 5 bitcoin payment

Five Radware customers received extortion letters in December and January threatening a DDoS attack if they did not pay five bitcoin (worth about $200,000) from a group that wanted the victims to believe they were from Fancy Bear, Lazarus Group and the Armada Collective. The threat group first attacked late last summer and in the…

The post In second attack DDoS group demands 5 bitcoin payment appeared first on SC Media.

Continue reading

Posted in DDoS, Security News, Threat intelligence | Comments Off on In second attack DDoS group demands 5 bitcoin payment

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.

Continue reading

Posted in APT, APTs/cyberespionage, Featured, Network Security, Security News, SolarWinds hack, Threat intelligence | Comments Off on Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.

Continue reading

Posted in Network Security, Security News, Threat intelligence, Vulnerabilities, Vulnerability Management | Comments Off on 7 vulnerabilities in popular DNS forwarding software open door to range of attacks