@cchurchili #TTP

https://twitter.com/malmoeb/status/1669695092481830915?s=21&t=85zN4LJxuJCwlwBgrIFtCw

Unfortunate that its a twitter, but heres a new #TTP for #BEC where the threat actor is avoiding the AuditLogs table and alerts that depend on it by utilizing a blocked sender to junk mail technique. Worth the read.

5/3/23: 4 chilly runch break miles out at Sugar Bridge/Harmony Hill. 36:09.

#GrindLessGlideMore
#runnersofmastodon #TTP

#SharadPawar to rethink resignation | #TTP with @PreetiChoudhry| #ITLivestream https://t.co/1ppE9BLQvt

Play the damn song.

#TTP

#todayssoundtrack #TTP

https://play.stitcher.com/episode/301561758

Cong’s @drajoykumar slams the govt and the money spent on the new Parliament.
Full show of #TTP with @preetichoudhry: https://t.co/PsTl8TP4T0 https://t.co/0K86rhNu1v

#MastIndia #MastodonIndians #India @mastodonindians

We call ourselves 'mother of democracy', the world is watching 'the murder democracy':@JhaSanjay, political analyst.

Congress has a very convenient memory: @Sanju_Verma_, BJP spokesperson.

Watch #TTP with @Akshita_N: https://t.co/NQ9qVciGLK https://t.co/jWjkA0ene6

#MastIndia #MastodonIndians #India @mastodonindians

[Hint] Looking for IOC, TTP, and IOA? Check our GitHub repository: https://github.com/vuldb/cyber_threat_intelligence #vuldb #github #cti #ioc #ttp #ioa

MITRE has some big plans for this year:

• Focusing on Linux-specific TTPs similar to macOS from last year
• More defensive coverage to complement the addition of data sources
• Researching preventive measures to add to the mitigations section
• More coverage for ICS, mobile and cloud
• Adding more campaigns

https://medium.com/mitre-attack/2023-attack-roadmap-452fab541673
#ThreatIntel #ThreatHunting #MITRE #TTP

#Gootloader is a highly active banking Trojan-turned-loader #malware that has recently appeared on multiple vendors’ priority threat lists, attacking organizations in a wide range of verticals & countries. If your leadership or other stakeholders asked for a list of this threat's most common TTPs, would you be able to provide it quickly?

Now you can, with the Gootloader #TTP matrix available in Tidal’s free Community Edition: https://app.tidalcyber.com/share/796cacb6-3bb1-474b-9747-abcce2c47de2

Gootloader, also referred to by its related payload, #Gootkit, first emerged in 2014 but has been especially active since 2020. Despite this, technical reporting around its TTPs has been relatively light until even more recently. In the past two years alone, verticals including finance, #healthcare, defense, pharmaceutical, energy, & automotive have faced Gootloader campaigns, with victims across North America, Western Europe, & South Korea, and the malware is regularly used to deliver high-impact payloads, including Cobalt Strike, #IcedID (a common #ransomware precursor), & more. Industry-based #threat profiling can be a powerful tool, but even if your industry (or your corner of it) hasn’t yet directly observed Gootloader activity, we believe broad-based threats like this should be on most teams’ radars

Our matrix summarizes Gootloader TTPs detailed across several great recent technical reports. Reports from SentinelLabs, Cybereason, & The DFIR Report were helpfully pre-mapped to #mitreattack, and we mapped a couple other detailed analyses. Procedural details are even available for nearly all the included technique mappings – be sure to click the Technique Set’s label in the ribbon at the top of the screen to pivot into the Details page with this information & relevant source links throughout

Red Canary & The DFIR Report helpfully provided tool-agnostic suggested #detection logic for key behaviors observed during recent Gootloader campaigns here https://redcanary.com/blog/gootloader/ and here https://thedfirreport.com/2022/05/09/seo-poisoning-a-gootloader-story/. Take a wider view by layering entire segments of your defensive stack over the #CTI back in the Community Edition, by toggling on any of the mappings available in @tidalcyber's Product Registry https://app.tidalcyber.com/vendors

#SharedWithTidal #threatinformeddefense #CobaltStrike #initialaccess #blueteam

#Pakistan 🇵🇰: Pakistani Police released CCTV footage of the Tehreek-e #Taliban Pakistan (#TTP) militants who attacked #Karachi Police HQ.

Three militants appear to be armed with common 7.62x39mm AKM(S)/Type 56(-1) assault rifles —with side-folding and underfolding buttstocks.

#TTP varoval před dalšími útoky na policisty, den po sebevražedném útoku na policejní areál v Karáčí, který si vyžádal 4 oběti.

Policie je často napadána militanty kvůli své roli v boji proti Talibanu.

Sebevražedné komando zaútočilo na budovu policejního úřadu, přičemž byli zastřeleni dva útočníci a třetí se odpálil. Přestřelka trvala několik hodin.

[Hint] New free CTI indicators in our GitHub repository: https://github.com/vuldb/cyber_threat_intelligence #vuldb #github #cti #ioc #ttp #ioa

Malspam a tema Agenzia delle Entrate. Il malware URSNIF, cambia pelle. Fate attenzione!

Come abbiamo riportato qualche settimana fa, una #campagna di #malspam ai danni dell’#Agenzia delle #Entrate diffondeva il #malware #URSNIF.

Da quanto riporta il CERT-#AgID, sembrerebbe che tale campagna stia cambiando pelle e quindi stia modificando le proprie #tecniche #tattiche e #procedure (#TTP).

Nelle email che vengono inviati ai malcapitati, viene riportato un link dal nome “SCARICA IL DOCUMENTO”. Tale link nasconde l’utilizzo di #HTA che sfrutta #Certutil per il #download dell’#eseguibile.

Facciamo tutti molta attenzione.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/il-vecchio-malspam-sullagenzia-delle-entrate-che-diffondeva-il-malware-ursnif-cambia-pelle/

Er det en åbning for os? Eller vil vi bare blive betragtet som en endnu værre allieret for den pakistanske regering?

“Efter at man i årevis havde støttet Taliban under bordet, håbede den pakistanske regering på, at Afghanistans nye magthavere ville lægge deres allierede TTP i en spændetrøje. 
Men optimismen er siden taget af.”
#dkpol #Taliban #TTP #Afghanistan #Pakistan
https://jyllands-posten.dk/international/ECE14928309/voldsomt-terrorangreb-genantaender-en-simrende-konflikt/

Storie di #profilazione

Negli USA #Google profila le #donne che cercano informazioni per abortire.
Poi, a persone con reddito medio-basso vengono inviati spesso annunci pubblicitari di centri che si presentano come cliniche, ma che in realtà sono attività antiabortiste

È il risultato di un'indagine condotta da Tech Transaparency Project, che si trova qui: https://www.techtransparencyproject.org/articles/google-helps-fake-abortion-clinics-target-low-income-women

#digitalrigths #freedom #surveillance #surveillancecapitalism
#Ads #targeting #gender #abortion #ttp

We're starting a new blog series! Every month, look for our Making Waves blog post to review the #mitreattack techniques our adversary intelligence team observed in public threat research and reporting in the last month, and learn how you can reinforce your defenses.

In our first post of the series, we're looking back at January with information around Masquerading, Install Digital Certificate, and others. Check it out!

#cybersecurity #ttp #threatintel

https://www.tidalcyber.com/blog/making-waves-ttp-intelligence-highlights-in-january

As we've said in previous posts and in our 2023 threat landscape webinar, #infostealers are one of the top threats we're tracking this year. These pieces of malware are often thought of as more of a personal concern due to their association with pirated video games, but they're increasingly targeting enterprises for a bigger and more valuable information haul.

Today we're excited to release our Director of CTI's latest blog, in which he details specific ways you can defend against many of the techniques used by infostealer operators, and shows you how the Tidal Community Edition can help you with these defenses.

Check it out!

#threatintel #ttp #cybersecurity #threatintelligence #threatinformeddefense

https://hubs.la/Q01zZBvf0

With #Hive ransomware infrastructure taken down last week and speculation of similar action against #LockBit, which groups will likely take the “top” #RaaS spots in the first part of the year? If you don’t track #ransomware-as-a-service closely, you may not realize how many other groups regularly carry out attacks (or at least claim & extort victims publicly)

Since the takedown on Thursday, five RaaS groups have claimed nearly 30 victims publicly, with LockBit 3.0, #Clop, and #ViceSociety leading the pack. In our ransomware landscape briefing last week, a participant asked which group concerned us most into the new year. My answer is “most” seen in the slide here (but if I had to narrow, I choose LockBit in the short-term, and Vice Society in the medium/longer term)

Last week I argued that many, if not most, of the “top” groups (measured quickly by last year’s victim count) should be on most security teams’ radars. While there are some notable trends in victim sectors, like a relative increase in attacks on public services organizations, in general most of the leading groups are associated with a broad range of victim verticals (a similar trend holds for victim size too – a relative rise in mid-sized organizations, but still a notable number of large enterprises like in years past)

Rather than burn resources trying to track each new victim associated with each group every day, there is value in identifying top common tactics, techniques, & procedures among groups with generally similar motivations & victim patterns, and focusing response drills, defensive reinforcements, log source & detection tuning, and, where resources allow, unit testing or adversary simulation or emulation around that subset of TTPs

Our living matrix of top ransom & extortion group #TTPs is found here, covering nearly 30 groups and 175 techniques, although the cluster of top common ones is much smaller. Click the labels in the ribbon at the top to see source references for every mapping and procedural details for many: https://app.tidalcyber.com/share/9a0fd4e6-1daf-4f98-a91d-b73003eb2d6a

You can also catch the recording of last week’s session and slides with this and similar metrics & graphics on-demand here: https://www.brighttalk.com/webcast/19703/570527

#threatinformeddefense #TTP #risk