You may have rested over the December festive period, but cyber criminals were busy, looking to exploit more than 6,200 newly emerged vulnerabilities (aka CVEs—Common Vulnerabilities and Exposures). So now, having rung in 2023, let’s look back at some of the key vulnerability-related stories and events of 2022’s fourth quarter. Memory Corruption Led the Way […]
Editor’s note: The blogs and podcasts listed in this roundup were originally published on digitalshadows[.]com. 2022 has been an eventful year in the world of cyber threat intelligence. Organizations across the globe started the year by handling the aftermath of the Log4j disclosure, before being thrown into the turmoil of the ongoing Russia and Ukraine […]
Carding has always been seen as a gateway to the more involved and nuanced types of cybercrime. Traditionally, it required only low-level technical knowledge and the funds to purchase material from the vast number of carding shops and marketplaces available on the dark web. For years, it’s been a recommended starting point for beginner threat […]
Editor’s note: This blog was written by our teammates at Digital Shadows (now ReliaQuest). This blog is a deeper dive into advanced persistent threat (APT) groups. We aim to demystify APT groups around the world, including their motives, dynamics, and some of their tactics, techniques, and procedures (TTPs). What does APT stand for in cybersecurity? […]
This blog is the latest in our series taking a deeper dive into advanced persistent threat (APT) groups. Throughout this series, we aim to demystify APT groups around the world, including their motives, dynamics, and some of their tactics, techniques, and procedures (TTPs). The “A” stands for advanced technical sophistication, the “P” for persistent access […]
Editor’s Note: This blog was written by our teammates at Digital Shadows (now ReliaQuest). As the holiday season approaches, my family has a tradition of watching all of our favorite holiday movies—my favorite being Home Alone. It is the time for festive decorations, eggnog, and large heartwarming feasts with family and friends. Sadly, though, it […]
Note: This blog is part of a series of articles related to the use of Structured Analytic Techniques in Cyber Threat Intelligence (CTI). Previous examples include our Analysis of Competing Hypotheses (ACH) for REvil, a Cone of Plausibility exercise for ransomware development, and a Team A vs Team B exercise to study Lapsus$. Last week, […]
Ransomware activity decreased in the third quarter of 2022 (Q3 2022), as actors regrouped and refocused after a busy start to the year. Despite this, attacks on high-profile targets—as well as potentially politically motivated attacks—kept our eyes on ransomware this quarter. New tools and techniques emerged, while older tools resurfaced or were repurposed by ransomware […]
The fallout of the recent Optus breach got me thinking about a common occurrence: seller’s remorse… Most of us have experienced it. You feel like you’re getting a good deal, and then bang! You realize you could have got more for your money if you’d only just waited that extra day. Although this might be […]