indicators of compromise – Page 3 – Experimental News Clipping Site

Cisco Talos Blog: Writing a BugSleep C2 server and detecting its traffic with Snort

Oct 30, 2024

—

by

Source URL: https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/ Source: Cisco Talos Blog Title: Writing a BugSleep C2 server and detecting its traffic with Snort Feedly Summary: This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. AI Summary and Description: Yes Summary: The text provides an in-depth…

Cloud Blog: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Oct 28, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/ Source: Cloud Blog Title: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Feedly Summary: In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android…

Cloud Blog: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

Oct 24, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575/ Source: Cloud Blog Title: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575) Feedly Summary: Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices in various industries. The vulnerability,…

Cisco Talos Blog: Highlighting TA866/Asylum Ambuscade Activity Since 2021

Oct 23, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.talosintelligence.com/highlighting-ta866-asylum-ambuscade/ Source: Cisco Talos Blog Title: Highlighting TA866/Asylum Ambuscade Activity Since 2021 Feedly Summary: TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020. AI Summary and Description: Yes Summary: The text provides an extensive analysis of the threat actor TA866 (Asylum Ambuscade),…

Cisco Talos Blog: UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Oct 17, 2024

—

by

system automation

in Uncategorized

Source URL: https://blog.talosintelligence.com/uat-5647-romcom/ Source: Cisco Talos Blog Title: UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Feedly Summary: By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura. Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian…

Tag: indicators of compromise

Cisco Talos Blog: Writing a BugSleep C2 server and detecting its traffic with Snort

Cloud Blog: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

Cloud Blog: Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)

Cisco Talos Blog: Highlighting TA866/Asylum Ambuscade Activity Since 2021

Cisco Talos Blog: UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants