attack

Ransomware Review – July 2021

The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear […]

Ransomware Review – July 2021 Read More »

SolarWinds Saga – Where Do We Stand?

The investigation into the SolarWinds supply-chain attack continues apace. In this follow-up to our previous blog published in the immediate aftermath of the attack (see here), we cover some of the major discoveries concerning what is quickly becoming one of the costliest cyberattacks in history, both monetarily and in terms of intelligence lost. The current

SolarWinds Saga – Where Do We Stand? Read More »

Credential harvesting campaigns target governments and cybersecurity companies

Threat analysts at Cyjax have uncovered multiple mass credential harvesting campaigns that have recently been targeting cybersecurity companies, government entities, and organisations in a range of other sectors. Reverse engineering these campaigns revealed the attacker’s infrastructure and stolen data store. Throughout July and August 2020, we detected two separate credential harvesting campaigns targeting accounts for

Credential harvesting campaigns target governments and cybersecurity companies Read More »

Winning with Cyber Threat Intelligence: Taking a More Personal View

In the final article of our trilogy (see the previous articles here and here), we investigate how a cyber threat intelligence (CTI) analyst and programmes associated with this specialism, provide insight about physical and cyber threats to your organisation. The value of these insights is reflected in the ‘wins’, which come as a result of

Winning with Cyber Threat Intelligence: Taking a More Personal View Read More »

Geopolitical and Cybersecurity Weekly – 18 May 2020

COVID-19 Cybersecurity Update The Financial Times reports that Chinese threat actors are targeting coronavirus research in the United States. This comes at a time of escalating tensions between Washington and Beijing over the pandemic. The FBI and CISA are investigating the “targeting and compromise” of US research groups by China and its affiliates and warned

Geopolitical and Cybersecurity Weekly – 18 May 2020 Read More »

Special delivery: common malware propagation methods

In this post, we hope to demystify some of the most common malware delivery methods that modern threat actors use to deliver their malicious payloads. Understanding how these methods work is essential to spotting malicious activity in your organisation and potentially saving both money and time spent on recovery. This is by no means an

Special delivery: common malware propagation methods Read More »

Elections, deepfakes, and technology breakdown

2020 is a big year for democracy and technology. The US Presidential Election is scheduled for 3 November 2020. One of the biggest and certainly most-watched exercises in democracy will be a prime target for malicious actors of all sorts, with attempts to misinform the populace about candidates and policies, as well as efforts to

Elections, deepfakes, and technology breakdown Read More »

Scroll to Top