Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign

Credit to Author: Threat Intelligence Team| Date: Wed, 13 Jul 2022 16:17:09 +0000

While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group.

The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.

Read more

Karakurt extortion group: Threat profile

Credit to Author: Jovi Umawing| Date: Tue, 14 Jun 2022 16:00:29 +0000

An obscure group called Karakurt has extorted organizations in the US and elsewhere. Know how to keep it away from your network.

The post Karakurt extortion group: Threat profile appeared first on Malwarebytes Labs.

Read more

The Active Adversary Playbook 2022

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Read more

[updated]Unpatched Atlassian Confluence vulnerability is actively exploited

Credit to Author: Pieter Arntz| Date: Fri, 03 Jun 2022 14:41:58 +0000

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched.

The post [updated]Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

Read more

Unpatched Atlassian Confluence vulnerability is actively exploited

Credit to Author: Pieter Arntz| Date: Fri, 03 Jun 2022 14:41:58 +0000

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched.

The post Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

Read more

Conti Ransomware Group Diaries, Part III: Weaponry

Credit to Author: BrianKrebs| Date: Fri, 04 Mar 2022 20:20:29 +0000

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Read more