Security research into an AI robot for kids revealed several vulnerabilities enabling a cybercriminal to take over device control and to video-chat with the kid. This article has been indexed from Securelist Read the original article: An educational robot security…
Category: Securelist
The mobile malware threat landscape in 2023
This report details statistics and key trends associated with mobile malware: Google Play Trojans, malicious messaging app mods, and others. This article has been indexed from Securelist Read the original article: The mobile malware threat landscape in 2023
Coyote: A multi-stage banking Trojan abusing the Squirrel installer
We will delve into the workings of the infection chain and explore the capabilities of the new Trojan that specifically targets users of more than 60 banking institutions, mainly from Brazil. This article has been indexed from Securelist Read the…
ICS and OT threat predictions for 2024
Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc. This article has been indexed from Securelist Read the original article: ICS and OT threat predictions for 2024
Privacy predictions for 2024
Kaspersky experts review their privacy predictions for 2023 and last year’s trends, and try to predict what privacy concerns and solutions are to come in 2024. This article has been indexed from Securelist Read the original article: Privacy predictions for…
Cracked software beats gold: new macOS backdoor stealing cryptowallets
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware. This article has been indexed from Securelist Read the original article: Cracked software beats gold: new macOS backdoor stealing cryptowallets
Dark web threats and dark market predictions for 2024
An overview of last year’s predictions for corporate and dark web threats and our predictions for 2024. This article has been indexed from Securelist Read the original article: Dark web threats and dark market predictions for 2024
A lightweight method to detect potential iOS malware
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator. This article has been indexed from Securelist Read the original article: A lightweight method to detect potential iOS…
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. This article has been indexed from Securelist…
Windows CLFS and five exploits used by ransomware operators (Exploit #1 – CVE-2022-24521)
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…
Windows CLFS and five exploits used by ransomware operators
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these…
Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist…
Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist Read…
Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. This article has been indexed from Securelist Read…
Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. This article has been indexed from Securelist Read the…
FakeSG campaign, Akira ransomware and AMOS macOS stealer
In this report, we share our latest crimeware findings: FakeSG malware distribution campaign delivering NetSupport RAT, new Conti-like Akira ransomware and AMOS stealer for macOS. This article has been indexed from Securelist Read the original article: FakeSG campaign, Akira ransomware…
What to do if your company was mentioned on Darknet?
We created a list of companies worldwide from different industries and searched through Darknet trying to find out how likely these companies have suffered a breach, what kind of data leaked, and what to do with it. This article has…
Story of the year: the impact of AI on cybersecurity
Generative AI has become the trendiest technology of 2023. Kaspersky reviews AI-related security concerns, and implementations of this technology in cyberdefense and red teaming, and provides predictions for 2024. This article has been indexed from Securelist Read the original article:…
New macOS Trojan-Proxy piggybacking on cracked software
A new macOS Trojan-Proxy is riding on cracked versions of legitimate software; it relies on DNS-over-HTTPS to obtain a C&C (command and control) address. This article has been indexed from Securelist Read the original article: New macOS Trojan-Proxy piggybacking on…
BlueNoroff: new Trojan attacking macOS users
BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. This article has been indexed from Securelist Read the original article: BlueNoroff: new Trojan attacking macOS users
Kaspersky Security Bulletin 2023. Statistics
Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. This article has been indexed from Securelist Read the original article: Kaspersky Security Bulletin 2023. Statistics
IT threat evolution in Q3 2023. Mobile statistics
Mobile threat statistics for Q3 2023 include data on malware, adware, banking Trojans and ransomware for Android devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2023. Mobile statistics
IT threat evolution in Q3 2023. Non-mobile statistics
PC malware statistics for Q3 2023 include data on miners, ransomware, banking Trojans and other threats to Windows, macOS and IoT equipment. This article has been indexed from Securelist Read the original article: IT threat evolution in Q3 2023. Non-mobile…
IT threat evolution Q3 2023
Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China. This article has been indexed from Securelist Read the original article: IT threat evolution Q3 2023
Consumer cyberthreats: predictions for 2024
Kaspersky experts review last year’s predictions on consumer cyberthreats and try to anticipate the trends for 2024. This article has been indexed from Securelist Read the original article: Consumer cyberthreats: predictions for 2024
HrServ – Previously unknown web shell used in APT attack
In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021. This article has been indexed from Securelist Read the original article:…
Crimeware and financial cyberthreats in 2024
Kaspersky assesses last year’s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024. This article has been indexed from Securelist Read the original article: Crimeware and financial cyberthreats in 2024
The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season
As Black Friday approaches, Kaspersky analyzes phishing and spam activity around major sales events, and reviews statistics on online shopping threats in 2023. This article has been indexed from Securelist Read the original article: The dark side of Black Friday:…
Advanced threat predictions for 2024
Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. This article has been indexed from Securelist Read the original article: Advanced threat predictions for…
Advanced threat predictions for 2024
Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. This article has been indexed from Securelist Read the original article: Advanced threat predictions for…
Ducktail fashion week
The Ducktail malware, designed to hijack Facebook business and ads accounts, sends marketing professionals fake ads for jobs with major clothing manufacturers. This article has been indexed from Securelist Read the original article: Ducktail fashion week
Modern Asian APT groups’ tactics, techniques and procedures (TTPs)
Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups. This article has been indexed from Securelist…
Gaming-related cyberthreats in 2023: Minecrafters targeted the most
Gaming-related threat landscape in 2023: desktop and mobile malware disguised as Minecraft, Roblox and other popular games, and the most widespread phishing schemes. This article has been indexed from Securelist Read the original article: Gaming-related cyberthreats in 2023: Minecrafters targeted…
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
A WhatsApp mod with a built-in spy module has been spreading through Arabic and Azeri Telegram channels since August 2023. This article has been indexed from Securelist Read the original article: WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
A cascade of compromise: unveiling Lazarus’ new campaign
We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns This article has been indexed from Securelist Read the original article: A cascade of compromise: unveiling Lazarus’ new campaign
How to catch a wild triangle
How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules. This article has been indexed from Securelist Read the original article: How to catch a wild…
StripedFly: Perennially flying under the radar
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was…
Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware
In this report, we share our latest crimeware findings: GoPIX targeting PIX payment system; Lumar stealing files and passwords; Rhysida ransomware supporting old Windows. This article has been indexed from Securelist Read the original article: Stealer for PIX payment system,…
The outstanding stealth of Operation Triangulation
In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules. This article has been indexed from Securelist Read the original article: The outstanding stealth…
Money-making scripts attack organizations
Cybercriminals attack government, law enforcement, non-profit organizations, agricultural and commercial companies by slipping a cryptominer, keylogger, and backdoor into their systems. This article has been indexed from Securelist Read the original article: Money-making scripts attack organizations
Updated MATA attacks industrial companies in Eastern Europe
In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense…
APT trends report Q3 2023
TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023 This article has been indexed from Securelist Read the original article: APT…
A hack in hand is worth two in the bush
We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff. This article has been indexed from Securelist Read the original article: A hack in hand is…
ChatGPT at work: how chatbots help employees, but threaten business
We look at how user data privacy is handled by large language model-based chatbots: ChatGPT, Microsoft Bing, Google Bard, Anthropic Claude, You.com, and Bing. This article has been indexed from Securelist Read the original article: ChatGPT at work: how chatbots…
ToddyCat: Keep calm and check logs
In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. This article has been indexed from Securelist Read the original…
A cryptor, a stealer and a banking trojan
In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan. This article has been indexed from Securelist Read the original article: A…
QR codes in email phishing
Scammers are camouflaging phishing links with QR codes and distributing them through email. This article has been indexed from Securelist Read the original article: QR codes in email phishing
Overview of IoT threats in 2023
IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023. This article has been indexed from Securelist Read the original article: Overview of IoT threats in 2023
Threat landscape for industrial automation systems. Statistics for H1 2023
In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. This article has been indexed from Securelist Read the original article: Threat landscape…
Free Download Manager backdoored – a possible supply chain attack on Linux machines
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years. This article has been indexed from Securelist Read the original article: Free Download Manager backdoored – a possible…
From Caribbean shores to your devices: analyzing Cuba ransomware
The article analyzes the malicious tactics, techniques and procedures (TTP) used by the operator of the Cuba ransomware, and details a Cuba attack incident. This article has been indexed from Securelist Read the original article: From Caribbean shores to your…
Evil Telegram doppelganger attacks Chinese users
Spyware Telegram mod in Uighur and Chinese spreads through Google Play stealing messages and other user data. This article has been indexed from Securelist Read the original article: Evil Telegram doppelganger attacks Chinese users
IT threat evolution in Q2 2023
Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023
IT threat evolution in Q2 2023. Mobile statistics
The smartphone malware statistics for Q2 2023 includes data for Android malware, adware, banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023. Mobile statistics
IT threat evolution in Q2 2023. Non-mobile statistics
PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q2 2023. Non-mobile…
Lockbit leak, research opportunities on tools leaked from TAs
In September of 2022, multiple security news professionals wrote about and confirmed the leakage of a builder for Lockbit 3 ransomware. In this post we provide the analysis of the builder and recently discovered builds. This article has been indexed…
Phishing with hacked sites
Scammers are hacking websites powered by WordPress and placing phishing pages inside hidden directories. We share some statistics and tips on recognizing a hacked site. This article has been indexed from Securelist Read the original article: Phishing with hacked sites
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. This article has…
Common TTPs of attacks against industrial organizations
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. This article has been indexed from…
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot
In this report, we share our recent crimeware findings: the new DarkGate loader, new LokiBot campaign and new Emotet version delivered via OneNote. This article has been indexed from Securelist Read the original article: What’s happening in the world of…
Anomaly detection in certificate-based TGT requests
I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. This…
APT trends report Q2 2023
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. This article has been indexed from Securelist Read the original article: APT trends report Q2 2023
Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public. This article has been indexed from Securelist Read the original article: Comprehensive analysis of initial attack samples…
Email crypto phishing scams: stealing from hot and cold crypto wallets
Here is how email phishing scams targeting hot and cold crypto wallets, such as Trezor and Ledger, work. This article has been indexed from Securelist Read the original article: Email crypto phishing scams: stealing from hot and cold crypto wallets
Andariel’s silly mistakes and a new malware family
In this crimeware report, Kaspersky researchers provide insights into Andariel’s activity targeting organizations: clumsy commands executed manually, off-the-shelf tools and EasyRat malware. This article has been indexed from Securelist Read the original article: Andariel’s silly mistakes and a new malware…
How cybercrime is impacting SMBs in 2023
This report contains statistics on cybersecurity threats to small and medium-sized businesses in 2023, and examples of cyberattacks on SMBs. This article has been indexed from Securelist Read the original article: How cybercrime is impacting SMBs in 2023
LockBit Green and phishing that targets organizations
In this crimeware report, Kaspersky researchers provide insights into the Conti-based LockBit Green variant, ransomware samples for macOS, FreeBSD, etc. and phishing campaigns targeting organizations. This article has been indexed from Securelist Read the original article: LockBit Green and phishing…
Dissecting TriangleDB, a Triangulation spyware implant
In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details. This article has…
A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
We analyzed smart pet feeders by Dogness, and discovered serious vulnerabilities such as hard-coded credentials and insecure update process. This article has been indexed from Securelist Read the original article: A bowl full of security problems: Examining the vulnerabilities of…
Understanding Malware-as-a-Service
What Malware-as-a-Service includes, on what terms cybercriminals offer it, and what malware they most often distribute under this model This article has been indexed from Securelist Read the original article: Understanding Malware-as-a-Service
Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency
Kaspersky researchers share insight into multistage DoubleFinger loader attack delivering GreetingGhoul cryptocurrency stealer and Remcos RAT. This article has been indexed from Securelist Read the original article: Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency
IT threat evolution Q1 2023. Mobile statistics
The smartphone threat statistics for Q1 2023 includes data for Android malware, adware, banking Trojans and ransomware. This article has been indexed from Securelist Read the original article: IT threat evolution Q1 2023. Mobile statistics
IT threat evolution Q1 2023
Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser This article has been indexed from Securelist Read the original article: IT…
IT threat evolution in Q1 2023. Non-mobile statistics
PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. This article has been indexed from Securelist Read the original article: IT threat evolution in Q1 2023.…
Satacom delivers browser extension that steals cryptocurrency
A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera. This article has been indexed from Securelist Read the original article: Satacom delivers browser extension that steals cryptocurrency
In search of the Triangulation: triangle_check utility
We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators. This article has been indexed from Securelist Read the original article: In search of the Triangulation: triangle_check utility
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise. This article has been indexed from…
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and…
CloudWizard APT: the bad magic story goes on
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. This article has been indexed from Securelist Read the original article: CloudWizard APT: the bad magic story goes on
Minas – on the way to complexity
Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection. This article has been indexed from Securelist Read the original article: Minas – on…
The nature of cyberincidents in 2022
Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. This article has been indexed from Securelist Read the original article: The nature of cyberincidents in 2022
New ransomware trends in 2023
On the eve of the global Anti-Ransomware Day, Kaspersky researchers share an overview of the key trends observed among ransomware groups. This article has been indexed from Securelist Read the original article: New ransomware trends in 2023
Not quite an Easter egg: a new family of Trojan subscribers on Google Play
The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services. This article has been indexed from Securelist Read the original article: Not quite an Easter egg: a new family…
Managed Detection and Response in 2022
Managed Detection and Response in 2022: number and severity of incidents, detection rate, breakdown by country and industry, data on cyberattacks in different regions. This article has been indexed from Securelist Read the original article: Managed Detection and Response in…
What does ChatGPT know about phishing?
Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name. This article has been indexed from Securelist Read the original article: What does ChatGPT know…
APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot…
Tomiris called, they want their Turla malware back
We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we…
QBot banker delivered through business correspondence
In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mails that were based on real business letters the attackers had…
Uncommon infection methods—part 2
Kaspersky researchers discuss infection methods used by Mirai-based RapperBot, Rhadamantys stealer, and CUEMiner: smart brute forcing, malvertising, and distribution through BitTorrent and OneDrive. This article has been indexed from Securelist Read the original article: Uncommon infection methods—part 2
Following the Lazarus group by tracking DeathNote campaign
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. This article has been indexed from Securelist Read the original article: Following the Lazarus group…
Nokoyawa ransomware attacks with Windows zero-day
In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. This article has been indexed from Securelist…
Overview of Google Play threats sold on the dark web
Kaspersky research into dark web offers related to Android malware and its distribution via Google Play: hacked app developer accounts, malicious loaders, etc. This article has been indexed from Securelist Read the original article: Overview of Google Play threats sold…
The Telegram phishing market
Phishing bots and services on Telegram: how malicious actors use the messaging app to automate the process of generating phishing pages, and sell phishing kits and data. This article has been indexed from Securelist Read the original article: The Telegram…
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020. This article has been indexed from Securelist Read the…
Selecting the right MSSP: Guidelines for making an objective decision
This paper aims to provide guidance for organizations looking to select an MSSP and help to identify the benefits and drawbacks of using an MSSP. This article has been indexed from Securelist Read the original article: Selecting the right MSSP:…
Financial cyberthreats in 2022
This report shines a spotlight on the financial cyberthreat landscape in 2022. We look at phishing threats commonly encountered by users and companies, as well as the dynamics of various Windows and Android-based financial malware. This article has been indexed…
Copy-paste heist or clipboard-injector attacks on cryptousers
Clipboard injector malware targeting cryptocurrencies such as Bitcoin, Ethereum, Litecoin, Dogecoin and Monero, is distributed under the guise of Tor Browser. This article has been indexed from Securelist Read the original article: Copy-paste heist or clipboard-injector attacks on cryptousers
How scammers employ IPFS for email phishing
Attackers put phishing HTML files in IPFS thus cutting back on web hosting costs. IPFS is used in both mass phishing and targeted (spearphishing) campaigns. This article has been indexed from Securelist Read the original article: How scammers employ IPFS…
Understanding metrics to measure SOC effectiveness
How do we ensure the services being provided by SOCs are meeting expectations? How do we know continuous improvement is being incorporated in daily operations? The answer lies in the measurement of SOC internal processes and services. This article has…
Developing an incident response playbook
Incident response playbooks help optimize the SOC processes, and are a major step forward to SOC maturity, but can be challenging for a company to develop. In this article, I want to share some insights on how to create the…