Threat Actor Profile: Scattered Spider
Scattered Spider, also known by other names like Octo Tempest, 0ktapus, and UNC3944, has emerged as a significant threat in the cybersecurity landscape. This ransomware gang is known for its…
Incident Summary : MGM Resorts Ransomware Attack
The MGM Resorts International, a prominent player in the global hospitality and entertainment industry, experienced a devastating ransomware attack, orchestrated by the cybercriminal group Scattered Spider. This incident not only…
Understanding TIBER-EU: A Comprehensive Guide to Europe’s Cybersecurity Framework
In the rapidly evolving landscape of cyber threats, the importance of robust and sophisticated cybersecurity measures cannot be overstated. One of the key initiatives in this domain is TIBER-EU –…
JA4+ Plugin for Wireshark
JA3 hashes serve as unique fingerprints for SSL/TLS client-server communications, allowing for the identification of specific parameters used during the handshake process. This tool simplifies the process of visualizing and…
UCH Logistics Ransomware Attack by Black Basta
UCH Logistics, a leading provider of transport services in the UK, recently experienced a ransomware attack by the Black Basta group. This attack involved the exfiltration of approximately 895 GB…
Evading SIEM Rules – Academic Paper
The recent paper, “You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks” highlights the ongoing battle in cybersecurity between attackers’ evasion tactics and the defenders’ efforts to…
LummaC2 Malware’s Advanced Anti-Sandbox Techniques
LummaC2, a notorious malware-as-a-service (MaaS), has developed sophisticated evasion techniques to circumvent security measures and exfiltrate sensitive data from compromised systems. The malware, written in C, has been operational since…
NetSupport as a RAT – The Resurgence of a Covert Threat
The NetSupport RAT has emerged as a significant cyber threat, exploiting legitimate remote administration tools for malicious purposes. This report provides an in-depth analysis of recent incidents, targets, and the…
Uncovering SSH Vulnerability: Extracting RSA Keys from Server Signing Errors
Recent academic research has uncovered a significant vulnerability in Secure Shell (SSH) servers, a widely used protocol for secure communication in tasks like remote system access, file transfers, and system…
Russian APT29 Exploits WinRAR and Ngrok in Embassy Cyberattacks
APT29, a Russian hacker group, has strategically employed the CVE-2023-38831 vulnerability in WinRAR in a series of cyberattacks targeting embassies. Known for its various aliases, including Cozy Bear and SolarStorm,…