Portsuppe

IT news

5,431 items

Mandiant Blogolder05/22

IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders

Written by: Michael Raggi Mandiant Intelligence is tracking a growing trend among China-nexus cyber espionage operations where advanced persistent threat (APT) actors utilize proxy networks known as “ORB networks” (operational relay box networks) to gain an advantage when conducting espionage operations. ORB networks are akin to botnets and are made up of virtual private servers (VPS), as well as compromised Internet of Things (IoT) devices, smart devices, and routers that are often end of life

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder05/21

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets

Written by: Mark Swindle While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian's code repository tool, Bitbucket, and leveraged by threat actors to gain unauthorized access to AWS. This blog post illustrates how Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches. Background Bitbucket is a code hosting platform provided by Atlassian and i

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder05/01

Uncharmed: Untangling Iran's APT42 Operations

Written by: Ofir Rozmann, Asli Koksal, Adrian Hernandez, Sarah Bock, Jonathan Leathery APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists. Mandiant assesses APT42 operates on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). APT42 wa

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/30

Ransomware Protection and Containment Strategies: Practical Guidance for Hardening and Protecting Infrastructure, Identities and Endpoints

Written by: Matthew McWhirt, Omar ElAhdan, Glenn Staniforth, Brian Meyer Multi-faceted extortion via ransomware and/or data theft is a popular end goal for attackers, representing a global threat targeting organizations in all industries. The impact of a successful ransomware event can be material to an organization, including the loss of access to data, systems, and prolonged operational outages. The potential downtime, coupled with unforeseen expenses for restoration, recovery, and implementat

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/29

From Assistant to Analyst: The Power of Gemini 1.5 Pro for Malware Analysis

Executive Summary A growing amount of malware has naturally increased workloads for defenders and particularly malware analysts, creating a need for improved automation and approaches to dealing with this classic threat. With the recent rise in generative AI tools, we decided to put our own Gemini 1.5 Pro to the test to see how it performed at analyzing malware. By providing code and using a simple prompt, we asked Gemini 1.5 Pro to determine if the file was malicious, and also to provide a list

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/25

Poll Vaulting: Cyber Threats to Global Elections

Written by: Kelli Vanderlee, Jamie Collier Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations tar

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/23

M-Trends 2024: Our View from the Frontlines

Attackers are taking greater strides to evade detection. This is one of the running themes in our latest release: M-Trends 2024. This edition of our annual report continues our tradition of providing relevant attacker and defender metrics, and insights into the latest attacker tactics, techniques and procedures, along with guidance and best practices on how organizations and defenders should be responding to threats. This year’s M-Trends report covers Mandiant Consulting investigations of target

borderlinecybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/22

FakeNet-NG Levels Up: Introducing Interactive HTML-Based Output

Written by: Beleswar Prasad Padhi, Tina Johnson, Michael Bailey, Elliot Chernofsky, Blas Kojusner FakeNet-NG is a dynamic network analysis tool that captures network requests and simulates network services to aid in malware research. The FLARE team is committed to maintaining and updating the tool to improve its capabilities and usability. FakeNet is compatible across platforms and extensively customizable; however, we recognized a need to present captured network data in a more intuitive and us

cybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/17

Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm

Written by: Gabby Roncone, Dan Black, John Wolfram, Tyler McLellan, Nick Simonian, Ryan Hall, Anton Prokopenkov, Luke Jenkins, Dan Perez, Lexie Aytes, Alden Wahlstrom With Russia's full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group’s operations in support of Moscow’s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia’s conventional forces than

borderlinecybersecurity · government-security · unknown-it-category-15
Mandiant Blogolder04/09

Apache XML Security for C++ Library Allows for Server-Side Request Forgery

Written by: Jacob Thompson The Apache XML Security for C++ library, code named xml-security-c, is part of the Apache Santuario project. The library implements the XML Digital Signature and the XML Signature specifications, making them available to C++ developers. By default, the library resolves references to external URIs passed in Extensible Markup Language (XML) signatures, allowing for server-side request forgery (SSRF). There is no way to disable this feature through configuration alone, an

cybersecurity · government-security · unknown-it-category-15
PrevPage 178 / 182Next