Top news of the week: 06.11.2020.
#cybersecurity #ryuk #Kimsuky #Mil #riskmanagement #ransomware #NSSLabs #Cybereason #KGH_SPY #ITsecurity
Mitre Attack
More insight on the sudden shutdown of NSS Labs:
NSS Labs' Abrupt Shutdown Leaves Many Unanswered Questions
https://t.co/sLgD5Kzoza
OpenNSS Labs' Abrupt Shutdown Leaves Many Unanswered Questions
Former execs and employees share some insights into the testing firm's shutdown. What does it mean for the future of security product testing?
Rising Ransomware Breaches Underscore Cybersecurity Failures
Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect ...
FireEye releases ThreatPursuit, a Windows VM for threat intel analysts
ThreatPursuit VM comes packed with more than 50 tools threat intelligence analysts use to hunt adversaries.
RT @meansec: Late night publication but we got it out the door. Hopefully it will help some folks out dealing with #ryuk who use @splunk. Used lots of @redcanary and @likethecoins blogs and discussions! https://t.co/7ayd0No3ry
OpenRyuk and Splunk Detections
This blog discusses the current Ryuk ransomware campaign, methods for detection, and some upcoming releases from the Splunk Security Threat Research Team
RT @Nocturnus: Go check out our new blog post - "Back to the Future: Inside the Kimsuky KGH Spyware Suite" where we uncovered a new toolset used by the notorious #Kimsuky group!
https://t.co/z1cMOb6QnC
#KGH_SPY #Cybereason
OpenBack to the Future: Inside the Kimsuky KGH Spyware Suite
The Cybereason Nocturnus Team has been tracking a North Korean cyber espionage group known as Kimsuky and has identified a new spyware suite along with new attack infrastructure.
RT @TheDFIRReport: Ryuk Speed Run, 2 Hours to Ransom
➡️Discovery using Net, Nltest, and AdFind
➡️Cobalt Strike and Bazar for C2
➡️Zerologon for Privilege Escalation
➡️Credential Access via Rubeus
➡️Lateral Movement via SMB
https://t.co/9ZxaLOzSss https://t.co/12jrq7hyNe
OpenRyuk Speed Run, 2 Hours to Ransom
Intro Since the end of September Ryuk has been screaming back into the news. We’ve already covered 2 cases in that timeframe. We’ve seen major healthcare providers, managed service prov…
BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers
A threat actor specializing in business email compromise (BEC) attacks has been spotted exploiting a vulnerability to spoof the domains of Rackspace customers
In response to @CISAgov’s recent advisory warning of an Emotet malware resurgence, @brimsecurity’s @OliverRochford posted to enable #blueteam and #DFIR teams to familiarize themselves with this dangerous threat. #welldone https://t.co/jzlWJAEiKT
OpenHunting Emotet with Brim and Zeek
The US Cybersecurity and Infrastructure Security Agency recently released an advisory warning of a resurgence of the Emotet malware.