Tag: tactics
-
Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA
Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy reverse proxies as intermediary servers to forward victim traffic to legitimate websites, creating an illusion…
-
BSidesLV24 Proving Ground And What If It Was Hacked? Tactics And Impacts Of Adversarial Machine Learning
Author/Presenter: Larissa Fonseca Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-proving-ground-and-what-if-it-was-hacked-tactics-and-impacts-of-adversarial-machine-learning/
-
DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics
Russian companies have been targeted as part of a large-scale phishing campaign that’s designed to deliver a known malware called DarkWatchman.Targets of the attacks include entities in the media, tourism, finance and insurance, manufacturing, retail, energy, telecom, transport, and biotechnology sectors, Russian cybersecurity company F6 said.The activity is assessed to be the work of a…
-
Earth Kasha Refines Spear-Phishing Tactics in Espionage Campaign Targeting Taiwan and Japan
In a renewed cyber-espionage campaign observed in March 2025, the notorious APT group Earth Kasha, believed to operate First seen on securityonline.info Jump to article: securityonline.info/earth-kasha-refines-spear-phishing-tactics-in-espionage-campaign-targeting-taiwan-and-japan/
-
Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams
Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the previous year. These scams, often disguised as legitimate opportunities such as cryptocurrency exchanges, leverage advanced…
-
Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks
Tags: access, attack, communications, control, cyber, cybersecurity, espionage, group, infrastructure, malware, rat, russia, tacticsCybersecurity researchers have shed light on a Russian-speaking cyber espionage group called Nebulous Mantis that has deployed a remote access trojan called RomCom RAT since mid-2022.RomCom “employs advanced evasion techniques, including living-off-the-land (LOTL) tactics and encrypted command and control (C2) communications, while continuously evolving its infrastructure leveraging First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/nebulous-mantis-targets-nato-linked.html
-
Feel Relieved with Effective Least Privilege Tactics
Why are Least Privilege Tactics Crucial in the Cybersecurity Landscape? The question that frequently arises among cybersecurity experts is, “How can we effectively mitigate these risks?” One noteworthy strategy adopted by professionals across various industries, including financial services, healthcare, and travel, is the use of least privilege tactics. This approach is particularly valuable for organizations……
-
Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics
A new ransomware campaign is automating LockBit deployment via the Phorpiex botnet, according to Cybereason First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phorpiex-botnet-delivers-lockbit/
-
Beyond the Score: Rethinking AI Benchmarks for Real Utility
Analyzing Measuring What Matters, Not What Models Practice. In the frenzy to top leaderboards, AI teams optimize for benchmarks rather than genuine progress, and as a result, scores on static tests tell us more about a model’s memorization tactics than its ability to navigate real world environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/beyond-score-rethinking-ai-benchmarks-for-real-utility-a-28097
-
RSA Conference 2025, News and analysis
Tags: ai, automation, conference, cybercrime, cybersecurity, data, defense, detection, edr, identity, ransomware, regulation, tactics, threat, zero-trustAI in cybersecurity (both as a threat and a defense)Cloud security challenges and solutionsThe latest ransomware tactics and how to defend against themPrivacy regulations and data protectionEmerging threats like quantum computingKeep an eye out for emerging trends that will be highlighted at the conference. This year, expect a strong focus on topics such as XDR…
-
How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture
Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional role of post-incident investigation to become an essential proactive defense mechanism. Organizations today face an ever-expanding threat landscape, with attackers employing increasingly sophisticated tactics to breach defenses and compromise sensitive data. In this environment, digital forensics provides the technical foundation for…
-
Emulating the Hellish Helldown Ransomware
AttackIQ has released a new attack graph emulating the behaviors exhibited by Helldown ransomware since its emergence in August 2024. Helldown is operated by the eponymous and still largely undocumented adversary, which employs double extortion tactics by exfiltrating sensitive data prior to encrypting victim systems and threatening to leak the data on its Dedicated Leak…
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
Lessons from Ted Lasso for cybersecurity success
In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/lessons-from-ted-lasso-for-cybersecurity-success/
-
Adversarythe-Middle Attacks Persist Strategies to Lessen the Impact
Adversary-in-the-middle fraud (AiTM) represents a significant, ongoing challenge for businesses, with tactics like email hijacking, AI attacks and account takeovers becoming increasingly complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/adversary-in-the-middle-attacks-persist-strategies-to-lessen-the-impact/
-
Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
Google’s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection. Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities…
-
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools
Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
-
Researchers Uncover Stealthy Tactics and Techniques of StrelaStealer Malware
Cybersecurity experts have recently shed light on the sophisticated operations of StrelaStealer, also known by its alias Strela, revealing a suite of stealthy tactics employed in its information theft campaigns. This malware, spotlighted by IBM Security X-Force for its association with the HIVE-0145 threat actor group, targets email credentials from prominent clients like Microsoft Outlook…
-
How To Integrate MITRE ATTCK Into Your SOC For Better Threat Visibility
The evolving cybersecurity landscape demands advanced strategies to counter sophisticated threats that outpace traditional security measures. The MITRE ATT&CK framework emerges as a critical tool for Security Operations Centers (SOCs), offering a structured, knowledge-driven approach to understanding adversary behavior. By systematically mapping attacker tactics, techniques, and procedures (TTPs), it empowers organizations to enhance threat detection,…
-
Defending Against Web API Exploitation With Modern Detection Strategies
In today’s interconnected digital landscape, APIs serve as the critical building blocks of modern web applications, enabling seamless data exchange and functionality. However, as their usage has exploded in recent years, attackers have increasingly adapted their tactics to target these essential components. An API exploit a technique or program that takes advantage of vulnerabilities can…
-
Gamaredon’s PteroLNK Malware: Stealthy Espionage Tactics Uncovered
A recent deep-dive analysis by HarfangLab uncovers new insights into the persistent and ever-evolving operations of Gamaredon, a First seen on securityonline.info Jump to article: securityonline.info/gamaredons-pterolnk-malware-stealthy-espionage-tactics-uncovered/
-
Interlock ransomware evolves tactics with ClickFix, infostealers
First seen on scworld.com Jump to article: www.scworld.com/news/interlock-ransomware-evolves-tactics-with-clickfix-infostealers
-
Emulating the Stealthy StrelaStealer Malware
AttackIQ has released three new attack graphs designed to emulate the Tactics, Techniques, and Procedures (TTPs) associated with StrelaStealer observed in its most recent activities, enabling defenders to test and validate their detection and response capabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/emulating-the-stealthy-strelastealer-malware/
-
LummaStealer Exploits Windows Utility to Run Remote Code Disguised as .mp4 File
The Cybereason Global Security Operations Center (GSOC) has shed light on the sophisticated tactics used by the LummaStealer malware to evade detection and execute malicious code. Originally spotted in 2022, this Russian-developed malware-as-a-service (MaaS) has continuously evolved its evasion techniques to target Windows systems. Advanced Evasion with mshta.exe LummaStealer’s operators have introduced a new technique…
-
Gamaredon’s PteroLNK VBScript Malware Infrastructure and TTPs Uncovered by Researchers
Researchers have unearthed details of the Pterodo malware family, notably the PteroLNK variant used by the Russian-nexus threat group, Gamaredon. The group, which is believed to be associated with Russia’s Federal Security Service (FSB), has been targeting Ukrainian entities, focusing on government, military, and critical infrastructure sectors as part of broader geopolitical conflicts. Tactics, Techniques,…
-
Russia-linked APT29 targets European diplomats with new malware
WINELOADER variant: While the Check Point researchers didn’t manage to obtain the final payload delivered by GRAPELOADER directly, they located a new variant of the WINELOADER backdoor that was uploaded to the VirusTotal scanning service around the same time and which has code and compilation time similarities to both AppvIsvSubsystems64.dll and ppcore.dll. As such, there…
-
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Tags: advisory, attack, cisa, computer, cve, cybersecurity, data, exploit, government, incident response, infrastructure, mitre, nvd, open-source, risk, tactics, update, vulnerability, vulnerability-managementConcerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As…
-
Windows Task Scheduler Vulnerabilities Allow Attackers Gain Admin Account Control
New vulnerabilities in Windows Task Scheduler’s schtasks.exe let attackers bypass UAC, alter metadata, modify event logs, and evade detection. These actions map to MITRE ATT&CK tactics: Persistence, Privilege Escalation, Execution, Lateral Movement, and Defense Evasion. Abuse of schtasks.exe enables stealthy task creation and manipulation without alerting defenders, making it a reliable tool for maintaining access…