What the Uber Hack can teach us about navigating IT Security
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...]
Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.
For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...]
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats
A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021
Security researchers have discovered an npm timing attack that reveals the names of private packages so threat actors can release malicious clones publicly to trick developers into using them instead. [...]
We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine
Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively. [...]
A phishing-as-a-service (PhaaS) platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. [...]
The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets. [...]
Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware