You may have rested over the December festive period, but cyber criminals were busy, looking to exploit more than 6,200 newly emerged vulnerabilities (aka CVEs—Common Vulnerabilities and Exposures). So now, having rung in 2023, let’s look back at some of the key vulnerability-related stories and events of 2022’s fourth quarter. Memory Corruption Led the Way […]
Ransomware activity stayed at steady levels throughout 2022’s fourth quarter (Q4 2022). Since we bid farewell to ever-present groups like Conti, the world of ransomware has remained a game of whack-a-mole: For every group that disappears, there are always several waiting in the shadows to replace it. One major development was the use of ransomware […]
Editor’s note: The blogs and podcasts listed in this roundup were originally published on digitalshadows[.]com. 2022 has been an eventful year in the world of cyber threat intelligence. Organizations across the globe started the year by handling the aftermath of the Log4j disclosure, before being thrown into the turmoil of the ongoing Russia and Ukraine […]
Carding has always been seen as a gateway to the more involved and nuanced types of cybercrime. Traditionally, it required only low-level technical knowledge and the funds to purchase material from the vast number of carding shops and marketplaces available on the dark web. For years, it’s been a recommended starting point for beginner threat […]
Editor’s note: This blog was written by our teammates at Digital Shadows (now ReliaQuest). This blog is a deeper dive into advanced persistent threat (APT) groups. We aim to demystify APT groups around the world, including their motives, dynamics, and some of their tactics, techniques, and procedures (TTPs). What does APT stand for in cybersecurity? […]
This blog is the latest in our series taking a deeper dive into advanced persistent threat (APT) groups. Throughout this series, we aim to demystify APT groups around the world, including their motives, dynamics, and some of their tactics, techniques, and procedures (TTPs). The “A” stands for advanced technical sophistication, the “P” for persistent access […]
Editor’s Note: This blog was written by our teammates at Digital Shadows (now ReliaQuest). As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being Home Alone. It is the time for festive decorations, eggnog, and large heartwarming feasts with family and friends. Sadly, though, it […]
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber Threat Intelligence (CTI). Previous examples include our Analysis of Competing Hypotheses (ACH) for REvil, a Cone of Plausibility exercise for ransomware development, and a Team A vs Team B exercise to study Lapsus$. Last week, […]