Introduction UNC3944 is a financially motivated threat group that carries significant overlap with public reporting of "0ktapus," "Octo Tempest," "Scatter Swine," and "Scattered Spider" and has been observed adapting its tactics to include data theft from
Continue ReadingAuthor: GRC Hive Admin
Insights on Cyber Threats Targeting Users and Enterprises in Brazil
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno Note: A Portuguese-language version of this blog post is available. Individuals and organizations in Brazil face a unique cyber threat landscape because it
Continue ReadingUNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
UPDATE (June 17): We have released our Snowflake threat hunting guide, which contains guidance and queries for detecting abnormal and malicious activity across Snowflake customer database instances. Default retention policies for the relevant views enable threat
Continue ReadingPhishing for Gold: Cyber Threats Facing the 2024 Paris Olympics
Written by: Michelle Cantos, Jamie Collier Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism,
Continue ReadingISC Stormcast For Thursday, June 27th, 2024 https://isc.sans.edu/podcastdetail/9038, (Thu, Jun 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary], (Wed, Jun 26th)
[This is a Guest Diary by Kelly Fiocchi-Tapani, an ISC intern as part of the SANS.edu BACS program] For the last several months I have been participating in the SANS Internet Storm Center. The Storm Center
Continue ReadingSSH “regreSSHion” Remote Code Execution Vulnerability in OpenSSH., (Mon, Jul 1st)
Qualys published a blog posts with details regarding a critical remote code execution vulnerability [1] This week is far from ideal to have to deal with a critical vulnerability in widely used software like OpenSSH. So
Continue ReadingSupport of SSL 2.0 on web servers in 2024, (Fri, Jun 28th)
We last discussed SSLv2 support on internet-exposed web servers about a year ago, when we discovered that there were still about 450 thousand web servers that supported this protocol left on the internet[1]. We also found
Continue ReadingISC Stormcast For Friday, June 28th, 2024 https://isc.sans.edu/podcastdetail/9040, (Fri, Jun 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingChinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
From November 2023 to April 2024, Insikt Group identified cyber-espionage activities conducted by RedJuliett, a likely Chinese state-sponsored group, primarily targeting government, academic, technology, and diplomatic organizations in Taiwan. RedJuliett exploited known vulnerabilities in network edge
Continue Reading