CERT alerts

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise Release.

This document provides prescriptive guidance for establishing a secure configuration posture for Microsoft Windows 10 Enterprise Release 1511.

CERT alerts

Infomation about spear phishing attack against Indian Embassies and Ministry of external affairs

This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA).

CERT alerts

Russian Nation State Targeting of Government and Military Interests

The tr1adx team performs on-going research into Threat Actors, irrespective of their motivation, provenance, or targets. tr1adx Intelligence Bulletin #00003 shares intel on Russian Nation State Cyber Activity targeting Government and Military interests around the world.

CERT alerts

Information about a campaign targeting the World Anti Doping Agency (WADA)

The tr1adx team identified what we believe to be a new campaign, which we assess to be attributed to the Russian Nation State Threat Actor APT28 (a.k.a. Fancy Bear), yet again targeting the World Anti-Doping Agency (WADA) .

CERT alerts

A paper about APT28 targeting and intrusion activity

On December 29, 2016, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a Joint Analysis Report confirming FireEye’s long held public assessment that the Russian Government sponsors APT28.

CERT alerts

Iranian threat agent targeting other countries.

Iranian threat agent OilRig has been targeting multiple organisations in Israel and other countries in the Middle East since the end of 2015. In recent attacks they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office.

CERT alerts

A paper about foreign cyber threats to the United States

The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community.

CERT alerts

Information about "DigitalPlagiarist" campaign (mirroring legitimate sites)

We believe the "TelePort Crew" Threat Actor is operating out of Russia or Eastern Europe with the group's major motivations appearing to be financial in nature through cybercrime and/or corporate espionage.

CISCO

Cisco Annual Cybersecurity Report 2017

Cisco Annual Cybersecurity Report 2017

Microsoft

MS Security Bulletin Summary january 2017

This bulletin summary lists security bulletins released for January 2017.

CERT alerts

Information about APT28 group registering plenty of domains

Our APT28 (a.k.a. Fancy Bear, Sofacy) friends in the Russian Federation have been busy once again.

FireEye

The 2017 Security Landscape

It has been said that “the future is uncertain,” but in the cyber security industry we know that certain types of attacks and crime will continue unabated. FireEye and other experts in the industry have been making predictions about the year ahead for longer than a decade now

McAfee

Report december 2016

In late August, Intel security researchers joined with global law enforcement agencies to take down the WildFire ransomware botnet. In addition to assisting with the takedown, Intel Security developed a free tool that decrypts files encrypted by WildFire.

Microsoft

MS Security Bulletin Summary december 2016

This bulletin summary lists security bulletins released for December 2016.

Regulations

Security guidelines on the appropriate use of qualified website authentication certificates

On July 1st 2016, Regulation (EU) 910/2014 (hereafter called the eIDAS Regulation), which lays down the rules on electronic identification and trust services for electronic transactions in the internal market came into force covering across Europe in all 28 Member States.

CERT alerts

Information about a malware operation targeting members of the Tibetan Parliament

The Tibetan community has been targeted for over a decade by espionage operations that use malware to infiltrate communications and gather information. They are often targeted simultaneously with other ethnic minorities and religious groups in China.

CERT alerts

Information about PowerDuke: widespread post-election spear phishing campaigns targeting Think Tanks and NGOs

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns.

Microsoft

MS Security Bulletin Summary november 2016

This bulletin summary lists security bulletins released for November 2016.

CERT alerts

Information about BLACKGEAR espionage campaign

BLACKGEAR is an espionage campaign which has targeted users in Taiwan for many years. Multiple papers and talks have been released covering this campaign, which used the ELIRKS backdoor when it was first discovered in 2012.

CERT alerts

Information about BITTER, a targeted attack against Pakistan

Forcepoint Security Labs™ recently encountered a strain of attacks that appear to target Pakistani nationals. We named the attack "BITTER" based on the network communication header used by the latest variant of remote access tool (RAT) used

CERT alerts

Infomation about Moonlight – targeted attacks in the Middle East

Vectra Threat Labs researchers have uncovered the activities of a group of individuals currently engaged in targeted attacks against entities in the Middle East. We identified over 200 samples of malware generated by the group over the last two years.

CERT alerts

Information about deception tactics muddying attribution in targeted attacks

This paper takes a comprehensive look at the current state of attribution in targeted attack research and at deliberate attempts by the adversary to obstruct this process.

CERT alerts

A paper about APT reports help more to attackers than defenders

With the advancement of defensive cybersecurity practices and the regular release of reports exposing toolsets used in APT attacks, advanced threat actors have had to adapt.

CERT alerts

Information about StrongPity waterhole attacks targeting Italian and Belgian encryption users (WinRAR and TrueCrypt)

The StrongPity APT is a technically capable group operating under the radar for several years. The group has quietly deployed zero-day in the past, effectively spearphished targets, and maintains a modular toolset.

Microsoft

MS Security Bulletin Summary october 2016

This bulletin summary lists security bulletins released for October 2016.