-
LockBitSupp identified and sanctioned.
I don’t know if this is real, but if it is, it’s a huge win! The identity of the alleged leader of the infamous #Lockbit Ransomware-as-a-Service (RaaS) group has been revealed by the National Crime Agency (NCA) overnight. The individual has since been sanctioned by Australian, UK and US governments. More details here: https://nationalcrimeagency.gov.uk/news/lockbit-leader-unmasked-and-sanctioned
-
CISA’s take on Microsoft’s Storm-0558 incident
“Microsoft’s ubiquitous and critical products, which underpin essential services that support national security, the foundations of our economy, and public health and safety, require the company to demonstrate the highest standards of security, accountability, and transparency. “ A critical statement made by the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review board, regarding their review of the…
-
MFA Bypass – how frameworks like Evilginx are giving threat actors the tools to succeed.
Hopefully it is well known by now that two-factor/multi-factor authentication (MFA) is not a silver-bullet to all your cyber problems. The tooling – Evilginx I previously wrote about Evilginx and how we are starting to see it more and more, even though the original tool was developed back in 2017: https://github.com/kgretzky/evilginx2 What is it? Evilginx…
-
Dragos Cyber ‘breach’
Industrial cybersecurity company Dragos today disclosed what it describes as a “cybersecurity event” after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices. – Source: BleepingComputers
-
Uptycs research – MacStealer: New macOS-based Stealer Malware Identified
A breakdown of research done by the team at Uptycs of a macOS stealer that is contorlled over Telegram, which they’ve dubbed: MacStealer. https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
-
CISA’s new tool: Untitled Goose Tool
Cybersecurity & Infrastructure Security Agency (CISA) have published a new tool to assist responders to detect malicious activity in Microsoft Cloud environments (Azure) using multiple sources for analysis; Azure sign in, Azure audit, M365 unified audit log, Microsoft Defender for IoT, Microsoft Defender for Endpoint Links: https://github.com/cisagov/untitledgoosetool https://www.cisa.gov/resources-tools/resources/untitled-goose-tool-fact-sheet
-
BreachedForums operator “Pompompurin”
Notorious Pompompurin has allegedly been arrested with charges of computer crime: https://news.bloomberglaw.com/privacy-and-data-security/dark-web-breachforums-operator-charged-with-computer-crime RIP 💀
-
OneNote Malware Delivergy
Interesting write up by Micah Babinski regarding the simplicity of malware delivery to unsuspecting persons using offline OneNote files – .one https://micahbabinski.medium.com/detecting-onenote-one-malware-delivery-407e9321ecf0
-
InverseCos: Detecting Fake Events in Azure Sign-in Logs
Write up by Lina L. about fake sign-in activity that can be generated by TA’s in Azure tenancies. https://www.inversecos.com/2023/01/detecting-fake-events-in-azure-sign-in.html?m=1
NPD4n6: Nicks DFIR blog 