🚨Update Alert🚨 ConnectWise ScreenConnect advisory just got a refresh. We've detailed 8 unique attack scenarios, attributing one to FIN8 group, including all indicators of compromise. Detections are from clients (payload delivered by remote management). bitdefender.com/blog/businessi…

Coordinated ransomware attacks by CACTUS group on two companies, launched from their internal servers within 5 minutes from each other (companies are part of the same group). First workstations, then servers (Hyper-V/ESXi). This was a fascinating research bitdefender.com/blog/businessi…

🚨 Multiple U.S. agencies are warning about Phobos #ransomware, a RaaS deployed in widespread attacks against critical infrastructure. Organizations need up-to-date threat intelligence – read more: thehackernews.com/2024/03/phobos… #cybersecurity #malware #hacking

Wow Uber, my charge was 50% higher than at the time of the booking, and "Done" is the only option when reporting this? 😡

XZ backdoor vulnerability (CVSS 10/10) - major Linux distributions are not affected; vulnerable systems are rare (our telemetry). Complex, multi-year attack, probably by a state actor, with a very small impact. We were lucky 😅 sprou.tt/1jtqolvtHPl

Bitdefender Labs developed a new free tool to help identify XZ backdoor vulnerability (CVE-2024-3094). No additional software needed, runs on various Linux systems (written in Go), identifies vulnerable versions and searchers for malicious code. sprou.tt/1dzGhAdDBTY

Top 10 ransomware groups (based on number of claimed victims): 1. LockBit 2. Play 3. Black Basta 4. RA World 5. Medusa 6. RansomHub 7. Hunters 8. BianLian 9. 8Base 10. Qilin sprou.tt/1W4Q7IWioZt

Stay ahead of cyber threats with Bitdefender's May 2024 Threat Debrief. Get the latest insights on ransomware news and trends. 🔗 bitdefend.me/4dHlvQe #Bitdefender #Cybersecurity #Infosec

Chinese hackers hide on military and govt networks for 6 years - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Uncovered by Bitdefender Labs: A new APT, "Unfading Sea Haze," targeting gov't & military organizations in the South China Sea Seems like a mature group (5y+), our research was like a digital archaeology dig, uncovering generations of malware development: bitdefender.com/blog/businessi…

🌐 Researchers uncover a stealthy threat group, dubbed "Unfading Sea Haze," targeting high-level organizations in the South China Sea. Poor credential hygiene and outdated patches enable these attacks to succeed. Read: thehackernews.com/2024/05/resear… #cybersecurity #hacking

A look at China-aligned hacking group Unfading Sea Haze, which has targeted government and military organizations in South China Sea countries since 2018 (@martinzugec / Bitdefender Blog) bitdefender.com/blog/businessi… 📫 Subscribe: techmeme.com/newsletter?fro… techmeme.com/240523/p20#a24…

Meet Unfading Sea Haze, a new cyber threat actor in the South China Sea. In our latest deep dive, discover their tactics and learn how to defend against them. 🔗 bitdefend.me/3ywHUzG #threatintelligence #cybersecurity #infosec

MITRE ATT&CK Evaluations - Managed Services (Round 2) - Full data extract (JSON). Remember, some vendors like to cherry-pick metrics.

It's not DNS today

Let's cut through the noise and focus on what matters: - 2017 - Ransomware - 2019 - Ransomware + Data Exfil (double-extortion) - 2024 - Data Exfil + Ransomware (double-extortion) - 202? - Data Exfil

Do you want to prevent a full-blown ransomware attack? Understand this: Ransomware ops != data encryption Ransomware ops = manual hacking operation If you are focusing on the data encryption part, you'll lose.

Read the profile of Medusa, one of the rising RaaS groups with prediction of 200+ victims this year. One highlight - their clear web presence (including Facebook/Twitter accounts) sprou.tt/1C2K79PdTEu

Ransomware groups are targeting vulnerabilities instead of industries/companies. CVE with public PoC, leading to RCE, and high CVSS score? Expect weaponization in less than 24 hours. We had an investigation where 1 unpatched server was compromised 70x in less than a month.

Let's be honest: software supply chain attacks like SolarWinds are rare but get way too much hype. We should pay more attention to "soft" supply chain: contractors, partners, customers. Business Email Compromise is a huge problem, partly because we don't talk about it enough