Advanced Persistent Threats

Advanced Persistent Threats | News, how-tos, features, reviews, and videos

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600
security threats and vulnerabilities

FBI Flag

FBI cleans web shells from hacked Exchange servers in rare active defense move

The FBI has been deleting backdoors placed by cyberespionage group Hafnium on Microsoft Exchange servers. The court order allowing them to do so signals a more active defense approach.

Russian hammer and sickle / binary code

US sanctions Russian government, security firms for SolarWinds breach, election interference

The Biden administration places economic sanctions on Russian government organizations, individuals, and companies including several security firms.

succession brain sharing intellectual knowledge sharing

US government calls for better information sharing in wake of SolarWinds, Exchange attacks

The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.

A broken link in a digital chaing / weakness / vulnerability

Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws

Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.

cyber attack alert

How to prepare for and respond to a SolarWinds-type attack

If you can perform these tasks on your Windows network, then you are properly prepared to respond to a nation-state attack like SolarWinds.

Binary Russian flag

SolarWinds hack is a wakeup call for taking cybersecurity action

Many questions are yet to be answered as the investigation and response continues, but one thing is clear: managing supply chain risks requires a level of sophistication similar to that of the attackers.

Security system alert, warning of a cyberattack.

How to prepare for the next SolarWinds-like threat

It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.

Russian hammer and sickle / binary code

SolarWinds attack explained: And why it was so hard to detect

A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.

cyber attack alert / data breach

FireEye breach explained: How worried should you be?

The theft of red team tools, allegedly by Russia's Cozy Bear group, poses only a small threat to other organizations. The real lesson: Anyone can be hacked.

Malware alert  >  United States Capitol Building

TrickBot gets new UEFI attack capability that makes recovery incredibly hard

Researchers discover a new TrickBot module that allows malware to persist even after reformatting or replacing a hard drive.

A group of anonymous hooded figures exist amid raining streams of binary code. [security threats]

Mercenary APT group CostaRicto hits organizations worldwide

This hacker-for-hire advanced persistent threat group uses its own custom malware and takes great effort to hide its activity.

vulnerable breach cyberattack hacker

Evilnum group targets FinTech firms with new Python-based RAT

The attack hides in Windows systems by impersonating several legitimate programs.

Security threat   >   One endpoint on a network has been compromised.

APT-style mercenary groups challenge the threat models of many organizations

APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.

A laptop with a virtual overlay of abstract code and a binary skull.

Protecting high-value research data from nation-state attackers

Recent nation-state campaigns to steal COVID-related research data underscores the threat to all research organizations. The best defense starts with knowing the enemy.

Global geopolitical vectors

How CISOs can best assess geopolitical risk factors

A recent report on Russian-affiliated advanced persistent threats provides a template to help CISOs evaluate risk from nation-state actors.

A binary map of china.

Chinese hacker group APT41 uses recent exploits to target companies worldwide

APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.

target threat hunting program sitting duck duck shooting gallery by roz woodward getty 2400x1600

How Target evolved its threat hunting program: 3 key steps

Target decided to re-evaluate its successful threat hunting program and found it could do better. This is what they did.

cyber threat security compromised vulnerable men on the street

Cybersecurity in 2020: Vigilance and the human element

Todd Inskeep, of Booz Allen Hamilton and the RSA Conference Advisory Board, writes that individuals must remain vigilant to stay a step ahead of those wishing to inflict chaos. Here’s how humans and technology can work together in...

Load More