Congrats James Lyne on your Difference Makers award and all you do for the sector! 🥇👾 #CyberThreat22

Chinese threat actor group #PlayfulTaurus aka #APT15 has created a new backdoor, #Turian. Analysis suggests several Iranian government networks have likely been compromised by it. bit.ly/3ZL2y8f

2023-01-18 (Wednesday) - Suspected #TridentUrsa / #Gamaredon targets Lithuanian government with Ukraine-themed lure. MD5 9f78eda28ac4d573467576a3942e8fa7 --> de4ecd1c85321f9f52e7993db7e8fae8 --> b8eee4ae87d45d698a7a08ed61b32451 --> hxxp://194.180.174[.]158/18.01/released.rtf

We observed multiple infections of #ApolloRAT using fake installers, creating persistence in the user’s startup folder with a binary called MicrosofOffice.exe (imphash: 5bd3497bfd913b30bbdb13331f9ba919)

2023-02-07 (Tuesday): Among the wave of #Qakbot malspam, we found an email with a #OneNote attachment pushing probable #Matanbuchus malware. IoCs from an infection run available at bit.ly/3I7jGOF

VB2023: 4 - 6 October, London, UK. Call for papers coming soon! virusbulletin.com/conference/vb2…

2023-03-07 (Tuesday) - Like Cryptolaemus and many others, we've also seen new #Emotet #malspam and the associated malware (inflated Word docs and inflated Emotet DLL files) - Some IoCs from today's Emotet are available at bit.ly/3IVOL7e

New #ransomware calling itself #CylanceRansomware targets #Windows and #Linux platforms. Mutex used in Windows: CylanceMutex. Extension used: .Cylance md5: 4601076b807ed013844ac7e8a394eb33(Linux), 31ed39e13ae9da7fa610f85b56838dde(Windows) #LinuxSecurity

#MicrosoftOutlook vulnerability CVE-2023-23397 uses a specially-crafted email to start a #RelayAttack. We detail the scope of the attack, interim guidance for those who cannot patch, our threat hunting queries, and more on the blog. bit.ly/3nDboqh

2023-05-17 (Wednesday): Today, this week's BB28 #Qakbot-style distribution chain pushed #Pikabot instead of Qakbot. Followed up with #CobaltStrike using #DNSTunneling. We later saw additional Cobalt Strike traffic over HTTPS. List of IOCs available at bit.ly/41OOKt2

.Volexity is aware of widespread exploitation of #MOVEIt software published by Progress. Organizations running MOVEIt should follow remediation advice in the advisory published here: community.progress.com/s/article/MOVE… #dfir #threatintel [1/3]

A Day in the Life of a CISO

At NCSC UK along with Cybersecurity and Infrastructure Security Agency we have released our 'Guidelines for secure AI system development' This release is co-sealed by various national agencies around the globe. Along with input from various academic and commercial organisations. ncsc.gov.uk/collection/gui…

Thank you once again to Black Hat for choosing Palo Alto Networks to provide network security, as well as a growing security automation and orchestration capability, for the operations centres of the conferences this year in Singapore, Las Vegas and London ♥

Nothing better than returning from some time off, and encountering this amazing news. 🔥

Our telemetry revealed an interesting case of #BoggySerpens (#MuddyWater) against a Middle East target: Persistence through scheduled task that runs PowerShell to abuse AutodialDLL registry key. AutodialDLL loads DLL for C2 framework. Details at bit.ly/4aIQDMU

Thank you to Black Hat for again choosing Palo Alto Networks for the operations centre of the Asia 2024 conference! It was awesome to see everyone again, build an infra in 1 day, and then a smooth operation for the week #OpsForLife #BlackHat #BHAsia #LifeatPaloAltoNetworks

💡#PIVOTcon24 or #RSAC ❔😉 #CTI #ThreatIntel

The National Crime Agency (NCA) smackdown on Lockbit continues with new updates and details on Operation Cronos. This is the way.

The team at NCSC UK inputted - go forth and defend..