All posts by SECUINFRA Falcon Team
Cisco IOS XE Vulnerability CVE-2023-20198 – thousands of internet-exposed devices potentially compromised! - Edge infrastructure, such as internet-exposed firewalls, routers, VPN-Gateways etc. are a common initial access target for cybercrime and espionage actors since these appliances are challenging to defend. According to the… Weiterlesen >- Beijing Calling: Chinese APTs are targeting European Governments and Businessesw/m/d12.04.2023 - ENISA and CERT-EU warned about malicious activities against EU governments and businesses attributed to Chinese APTs. Weiterlesen >Artikel als PDF ansehen >
- The Whale surfaces again: Emotet Epoch4 Spam-Botnet returnsw/m/d10.03.2023 - In this news the SECUINFRA Falcon team informs about the current Epoch4 (E4) Cluster spam campaign and the threat it poses to businesses. Weiterlesen >Artikel als PDF ansehen >
- Hide your Hypervisor: Analysis of ESXiArgs Ransomware - Today many businesses rely on virtualization technology to run and scale their infrastructure. One of the most popular Hypervisor systems on the market is VMware ESXi, which is regularly targeted… Weiterlesen >
- Outdated VPN and remote access solutions: Don’t invite cybercriminals for Christmas! - Due to recent events, the SECUINFRA Falcon Team strongly recommends updating the firmware of VPN/remote access solutions from the manufacturers SonicWall, Fortinet and Citrix. Weiterlesen >
- Whatever floats your Boat – Bitter APT continues to target Bangladesh - The SECUINFRA Falcon Team analyzed a recent attack conducted by the south-Asian Advanced Persistent Threat group „Bitter“. Weiterlesen >
- When a Compromise Assessment makes sensew/m/d- Compromise assessment uses forensic methods to track down attackers in the system and can thus contribute to faster detection of incidents and security incidents. But is this expensive approach also… Weiterlesen >Erschienen auf: manage IT (German)
- What types of malware are there and how do I protect myself from them? - With the plethora of daily threats, an organization's cybersecurity teams need to be able to respond immediately and efficiently to existing threat situations. Weiterlesen >
- What is a Compromise Assessment and when is it useful? 5 FAQs - What can you do now to uncover existing compromises of your network in a timely manner and thus avert massive financial damage and reputational risks from your company? With a… Weiterlesen >
- Threat Hunting: Proactively search for attackersw/m/d- Tracking down cyber attacks with hypotheses Vulnerability Management, Security Information and Event Management (SIEM) or Advanced Persistent Threat Scanner: Companies monitor their IT infrastructure with various tools and focuses. Threat… Weiterlesen >Erschienen auf: line-of-biz (German)
- Digital Forensics: How to ensure prompt and efficient resolution of successful cyberattacks - The registered number of IT security incidents as a result of the rapid development of new and adapted cyber attack methods is worrying - and can sometimes have serious financial… Weiterlesen >
- N-W0rm analysis (Part 2) - We will first begin at the entry point of this RAT and analyze its executed code before we jump into all possible modules this RAT possesses. Weiterlesen >
- N-W0rm analysis (Part 1) - According to Malware Bazaar, samples have been distributed since around mid-January. The final payload is a .NET RAT, which allows the attacker to send commands to the infected system. Weiterlesen >
- Phishing as a gateway for cyber attacks: How companies can raise awareness among their teamsw/m/d- How companies can raise awareness among their teams The number of cyber attacks is increasing: Companies, public authorities and municipalities are affected, but also healthcare facilities such as hospitals. In… Weiterlesen >Erschienen auf: All About Security (German)
- Hacker attack! What now? Measures for companies in case of emergencyw/m/d- Hacker attack! What now? A company has been targeted by hackers, error messages are popping up, perhaps initial system parts have already been locked down and extortion messages have been… Weiterlesen >Erschienen auf: IT-Sicherheit (German)
- Help, hacker attack! What companies should do in case of emergencyw/m/d- Help, hacker attack! When companies notice an attack, panic quickly spreads: Employees are sent home and attempts are made to limit the damage. However, the key is to remain calm… Weiterlesen >Erschienen auf: Security Insight (German)
- Keep calm and let the incident response team workw/m/d- Keep Calm A company has been targeted by hackers, error messages are popping up, perhaps initial system parts have already been locked down and extortion messages have been sent. The… Weiterlesen >Erschienen auf: line-of.biz (German)
- Reporting obligations in the event of an IT security incident - This article is intended to provide a deeper insight into the important topic of reporting obligations in the event of an IT security incident. Weiterlesen >
- Digital threat: Phishing - In order to protect one's own company against phishing, awareness must first and foremost be created among employees. This can be done through workshops, phishing simulation or company policies. Weiterlesen >
- Incident Response Process Models using the Example of the Federal Office for Information Security (BSI) - BSI has set up a model that divides the procedure into 6 different phases, which is very finely granulated compared to other models. Weiterlesen >
- Using forensic methods to fully uncover attack vectorsw/m/d- Forensic methods Organizations face ongoing cybercrime from hackers and attackers targeting their data or money. Emails with infected attachments or links are a classic gateway. End users in particular are… Weiterlesen >Erschienen auf: it-management.today (German)
- Digital Threats: Ransomware - In order to shed some light on the subject, we would like to look at a few facts and figures about ransomware as well as a typical course of attack. Weiterlesen >
- Incident Response Diary – Compromised Email box - That a compromised mailbox is an extremely unpleasant situation is something everyone should be able to imagine. In a recent case we have investigated, attackers have been particularly clever. Weiterlesen >
- Digital Forensics – Triage - In this article, we will look at artifacts that should always be collected during an incident on a Windows-based system to get the best possible picture of what happened. Weiterlesen >
- Kaseya: Supply-Chain-Attack - Having previously made a name for itself on the criminal scene by attacking major companies such as Quanta Computer and Invernergy, REvil's latest attack on software company Kaseya and its… Weiterlesen >
- Use forensic methods to fully investigate attack vectors - In the event of an attack, companies should take appropriate countermeasures with professional help. The tool of choice here is Digital Forensics & Incident Response (DFIR). Weiterlesen >
- Incident Response Diary - In addition to the expected IOCs for the ProxyLogon/Hafnium vulnerability, our analysis identified one IOC of another vulnerability. Weiterlesen >
