AI and the Five Phases of the Threat Intelligence Lifecycle

Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to Read More …

Danish cloud host says customers ‘lost all data’ after ransomware attack

Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups. The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut Read More …

DarkGate reloaded via malvertising and SEO poisoning campaigns

In July 2023, Malwarebytes researchers observed a malvertising campaign that lured potential victims to a fraudulent site for a Windows IT management tool. Unlike previous similar attacks, the final payload was packaged differently and not immediately recognizable. The decoy file Read More …

Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong

A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, Read More …

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems (ICS) advisories on August 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-234-01 Hitachi Energy AFF66x ICSA-23-234-02 Trane Thermostats Read more… Source: U.S. Cybersecurity and Infrastructure Read More …

Japanese watchmaker Seiko struck by BlackCat/ALPHV ransomware attack

Japanese watchmaker Seiko Group Corp. has been struck by a ransomware attack, with the BlackCat/ALPHV ransomware gang claiming responsibility. The attack, officially described as a data breach, was disclosed by Seiko on Aug. 10 and is said to have taken Read More …

Cyber attack on Aussie energy services firm may hit UK CNI

Operators of critical utility infrastructure across the UK may have been affected by a developing cyber attack on the systems of Energy One, an Australia-based supplier of software and services for the energy sector. The ongoing incident was disclosed via Read More …

Northern Ireland: Man arrested on suspicion of terror offence linked to PSNI data breach released

A man arrested by detectives investigating criminality linked to last week’s major PSNI data breach has been released on bail to allow for further police enquiries. The 39-year-old man had been detained following a search in Lurgan, Co Armagh on Read More …

Threat Actors are Interested in Generative AI, but Use Remains Limited

Since at least 2019, Mandiant has tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. Based on Mandiant own observations and open source accounts, adoption of AI in intrusion operations remains limited Read More …