CyberAlerts

Description: Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in many modern families. This complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution. Google SecOps reverse engineers ensure precise indicators of compromise (IOC) extraction, empowering security teams with actionable threat intelligence to proactively neutralize attacks. Overview The ability to quickly detect and respond to threats has a significant impact on potential outcomes. Indicators of compromise (IOCs) serve as crucial breadcrumbs, allowing cybersecurity teams to identify and mitigate potential attacks while expanding their search for related activity. VirusTotal's existing suite of tools to analyze and understand malware IOCs, and thus the Google Threat Intelligence platform by extension, is further enhanced with Backscatter. VirusTotal has traditionally utilized dynamic analysis methods, like sandboxes, to observe malware behavior and capture IOCs. However, these methods can be time-consuming and may not yield actionable data if the malware employs anti-analysis techniques. Backscatter, a service developed by the Mandiant FLARE team, complements these methods by offering a static analysis capability that di...

Source: Google Threat Intelligence

January 14th, 2025 (6 months ago)

A Threat Actor Claims to be Selling Access to a Bot with an Unidentified RAT that has Compromised a Schwab Trading Account with $1.5M USD

Description: A Threat Actor Claims to be Selling Access to a Bot with an Unidentified RAT that has Compromised a Schwab Trading Account with $1.5M USD

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

A Threat Actor Claims to be Selling VPN Access to an Unidentified Spanish Company

Description: A Threat Actor Claims to be Selling VPN Access to an Unidentified Spanish Company

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

A Threat Actor Claims to be Selling Admin, Shell, and Database Access to an Unidentified Italian Cosmetics Company

Description: A Threat Actor Claims to be Selling Admin, Shell, and Database Access to an Unidentified Italian Cosmetics Company

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Description: Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]

Source: BleepingComputer

January 14th, 2025 (6 months ago)

New Startups Focus on Deepfakes, Data-in-Motion & Model Security

Description: In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers.

Source: Dark Reading

January 14th, 2025 (6 months ago)

miyako is Allegedly Selling Access to a Cyber Threat Intelligence Company in the USA

Description: miyako is Allegedly Selling Access to a Cyber Threat Intelligence Company in the USAv

Source: DarkWebInformer

January 14th, 2025 (6 months ago)

U.S. SEC Fines Robinhood $45 Million for Cybersecurity Failures

Description: The Securities and Exchange Commission (SEC) announced that Robinhood Securities LLC and Robinhood Financial LLC, two broker-dealers under the Robinhood brand, will pay $45 million in combined civil penalties for violating several provisions of U.S. securities laws. The firms admitted to the SEC's findings and agreed to several remedial measures in addition to the financial … The post U.S. SEC Fines Robinhood $45 Million for Cybersecurity Failures appeared first on CyberInsider.

Source: CyberInsider

January 14th, 2025 (6 months ago)

Microsoft 365 apps crash on Windows Server after Office update

Description: Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems. [...]

Source: BleepingComputer

January 14th, 2025 (6 months ago)

Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason

Source: TheRegister

January 14th, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Written by: Josh Triplett Description: Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in many modern families. This complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution. Google SecOps reverse engineers ensure precise indicators of compromise (IOC) extraction, empowering security teams with actionable threat intelligence to proactively neutralize attacks. Overview The ability to quickly detect and respond to threats has a significant impact on potential outcomes. Indicators of compromise (IOCs) serve as crucial breadcrumbs, allowing cybersecurity teams to identify and mitigate potential attacks while expanding their search for related activity. VirusTotal's existing suite of tools to analyze and understand malware IOCs, and thus the Google Threat Intelligence platform by extension, is further enhanced with Backscatter. VirusTotal has traditionally utilized dynamic analysis methods, like sandboxes, to observe malware behavior and capture IOCs. However, these methods can be time-consuming and may not yield actionable data if the malware employs anti-analysis techniques. Backscatter, a service developed by the Mandiant FLARE team, complements these methods by offering a static analysis capability that di... Source: Google Threat Intelligence January 14th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling Access to a Bot with an Unidentified RAT that has Compromised a Schwab Trading Account with $1.5M USD Description: A Threat Actor Claims to be Selling Access to a Bot with an Unidentified RAT that has Compromised a Schwab Trading Account with $1.5M USD Source: DarkWebInformer January 14th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling VPN Access to an Unidentified Spanish Company Description: A Threat Actor Claims to be Selling VPN Access to an Unidentified Spanish Company Source: DarkWebInformer January 14th, 2025 (6 months ago)
	A Threat Actor Claims to be Selling Admin, Shell, and Database Access to an Unidentified Italian Cosmetics Company Description: A Threat Actor Claims to be Selling Admin, Shell, and Database Access to an Unidentified Italian Cosmetics Company Source: DarkWebInformer January 14th, 2025 (6 months ago)
	Fortinet warns of auth bypass zero-day exploited to hijack firewalls Description: Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] Source: BleepingComputer January 14th, 2025 (6 months ago)
	New Startups Focus on Deepfakes, Data-in-Motion & Model Security Description: In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers. Source: Dark Reading January 14th, 2025 (6 months ago)
	miyako is Allegedly Selling Access to a Cyber Threat Intelligence Company in the USA Description: miyako is Allegedly Selling Access to a Cyber Threat Intelligence Company in the USAv Source: DarkWebInformer January 14th, 2025 (6 months ago)
	U.S. SEC Fines Robinhood $45 Million for Cybersecurity Failures Description: The Securities and Exchange Commission (SEC) announced that Robinhood Securities LLC and Robinhood Financial LLC, two broker-dealers under the Robinhood brand, will pay $45 million in combined civil penalties for violating several provisions of U.S. securities laws. The firms admitted to the SEC's findings and agreed to several remedial measures in addition to the financial … The post U.S. SEC Fines Robinhood $45 Million for Cybersecurity Failures appeared first on CyberInsider. Source: CyberInsider January 14th, 2025 (6 months ago)
	Microsoft 365 apps crash on Windows Server after Office update Description: Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems. [...] Source: BleepingComputer January 14th, 2025 (6 months ago)
	Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason Source: TheRegister January 14th, 2025 (6 months ago)