Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Boundary Defense

Below you will find reports with the tag of “Boundary Defense”

image from Threat Intelligence: Cybersecurity's Best Kept Secret

Threat Intelligence: Cybersecurity's Best Kept Secret

The goal of this white paper is to bring clarity to cyber threat intelligence. It explains the different categories of CTI and discusses some use cases to illustrate ways it can be applied and utilized to augment security teams’ efficiency and gain an edge over the attackers. Finally, it discusses CrowdStrike’s approach to threat intelligence.

(more available)
Added: January 1, 2019
image from Intelligence Report: CSIR-18004 Nigerian Confraternities Emerge

Intelligence Report: CSIR-18004 Nigerian Confraternities Emerge

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

Added: January 1, 2019
image from The SpyRATs of OceanLotus

The SpyRATs of OceanLotus

This paper takes a look at several bespoke backdoors deployed by OceanLotus Group, as well as evidence of the threat actor using obfuscated CobaltStrik Beacon payloads to perform C2.

(more available)
Added: December 29, 2018
image from Operation Sharpshooter

Operation Sharpshooter

This report takes a look at a new global campaign targeting nuclear, defense, energy, and financial companies.

Added: December 29, 2018
image from The Domain Tools Report: Spring 2017

The Domain Tools Report: Spring 2017

In the DomainTools Reports, we explore various “hotspots” of malicious or abusive activity across the Internet. To date, we have analyzed such varied markers as top level domain (TLD), Whois privacy provider, domain age, patterns of registrant behavior, and more. In each case, we found patterns across our database of over 300 million (315M+ as of this writing) active domains worldwide; these patterns helped us pinpoint nefarious activity, at a large scale, in ways that are similar to methodologies used by security analysts and threat hunters at smaller scales to expose threat actor infrastructure.

(more available)
Added: December 5, 2018
image from Sentry MBA: A Tale On The Most Widespread Used Credential Stuffing Attack Tool

Sentry MBA: A Tale On The Most Widespread Used Credential Stuffing Attack Tool

This report describes the Sentry MBA, a credential stuffing attack tool, which has become the most popular cracking tool among threat actors in recent months. Among the reasons for its popularity, the Sentry MBA hacking tool is freely and publicly available, extremely effective, and easy to operate.

(more available)
Added: December 5, 2018
image from Cyber Threat Profile: Democratic People's Republic of Korea (DPRK)

Cyber Threat Profile: Democratic People's Republic of Korea (DPRK)

This report offers insight into the Cyber security landscape of The People’s Republic of Korea.

Added: November 29, 2018
image from Cyber Threat Brief: US Recognizes Jerusalem As Capital Of Israel

Cyber Threat Brief: US Recognizes Jerusalem As Capital Of Israel

This report takes a look at the cyber threats that occurred when the US recognized Jerusalem as the Capital of Israel.

(more available)
Added: November 29, 2018
image from Cyber Threat Brief: The 2018 FIFA World Cup

Cyber Threat Brief: The 2018 FIFA World Cup

Russia will host the 2018 FIFA World Cup from 14 June to 15 July 2018 at 12 different venues throughout 11 host cities, and thousands of foreign visitors are expected to travel to the games. With major sporting events increasingly targeted by physical and cyber threats, we believe that FIFA and their affiliates, spectators, athletes, officials, or other attendees are likely to be confronted by a range of security risks such as protests/demonstrations, hooliganism, financial fraud, and to a lesser extent hacktivism, terrorism, and cyber espionage.

(more available)
Added: November 29, 2018
image from CIO'S Guide to Modern Identity

CIO'S Guide to Modern Identity

These days, IAM is a moving target being moved by the forces of cloud, mobile and increasingly connected consumers. By keeping these five trends in mind, and understanding the security and access control needs of your enterprise, you can make decisions that’ll benefit you today, while providing a good foundation for future evolution.

(more available)
Added: November 27, 2018
image from The Art Of Cyber War: A Modern Defense Strategy

The Art Of Cyber War: A Modern Defense Strategy

This report offers this key insight, “The heart of the tension between security and efficiency is the key vulnerability within your organization’s cyber security policy: employee passwords.” Read on to discover more.

(more available)
Added: November 24, 2018
image from 2018 State of Cybersecurity in Small & Medium Size Businesses

2018 State of Cybersecurity in Small & Medium Size Businesses

Ponemon Institute is pleased to present the results of The 2018 State of Cybersecurity in Small and Medium Size Businesses sponsored by Keeper Security. The goal of this study is to track how small and medium size companies address the same threats faced by larger companies. This report features the findings from 2018 and 2017.

(more available)
Added: November 23, 2018
image from A New Era Of Network Attacks: 2018 EfficientIP Global DNS Threat Report

A New Era Of Network Attacks: 2018 EfficientIP Global DNS Threat Report

We live in a new era of network attacks. Increasing frequency and varieties, together with the latest regulations which have global impact, makes 2018 the most important year in recent times for public and private sector organizations.

(more available)
Added: November 23, 2018
image from The Hunt For IOT

The Hunt For IOT

F5 Labs, in conjunction with our data partner Loryka, has been tracking “The Hunt for IoT” for two years. We have focused our hunt primarily around port 23 telnet brute force attacks—the “low-hanging fruit” method—as they are the simplest, most common way to compromise an IoT device. (Telnet was also the most prominent attack type when we started this research series.)

(more available)
Added: November 21, 2018
image from The Gamaredon Group Toolset Evolution

The Gamaredon Group Toolset Evolution

Unit 42 threat researchers have recently observed a threat group distributing new, custom developed malware. We have labelled this threat group the Gamaredon Group and our research shows that the Gamaredon Group has been active since at least 2013.

(more available)
Added: November 15, 2018
image from Dimnie: Hiding In Plain Sight

Dimnie: Hiding In Plain Sight

This post discusses the reports of open-source developers receiving malicious emails.

Added: November 15, 2018
image from From Shamoon To Stonedrill

From Shamoon To Stonedrill

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. 2. Details on the ransomware functionality found in Shamoon 2.0. This functionality is currently inactive but could be used in future attacks. 3. Details on the newly found StoneDrill functions, including its destructive capabilities (even with limited user privileges). 4. Details on the similarities between malware styles and malware components’ source code found in Shamoon, StoneDrill and NewsBeef.

(more available)
Added: November 15, 2018
image from Privileges and Credentials: Phished at the Request of Counsel

Privileges and Credentials: Phished at the Request of Counsel

In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. APT19 used three different techniques to attempt to compromise targets. In early May, the phishing lures leveraged RTF attachments that exploited the Microsoft Windows vulnerability described in CVE 2017-0199. Toward the end of May, APT19 switched to using macro-enabled Microsoft Excel (XLSM) documents. In the most recent versions, APT19 added an application whitelisting bypass to the XLSM documents. At least one observed phishing lure delivered a Cobalt Strike payload. As of the writing of this blog post, FireEye had not observed post-exploitation activity by the threat actors, so we cannot assess the goal of the campaign. We have previously observed APT19 steal data from law and investment firms for competitive economic purposes. This purpose of this blog post is to inform law firms and investment firms of this phishing campaign and provide technical indicators that their IT personnel can use for proactive hunting and detection.

(more available)
Added: November 15, 2018
image from APT29 Domain Fronting With TOR

APT29 Domain Fronting With TOR

This blog post takes a look at APT29 Domain Fronting with Tor.

Added: November 15, 2018
image from Win32/Industroyer

Win32/Industroyer

This report offers insight into the Win32/Industroyer a new threat for industrial control systems.

Added: November 15, 2018
image from Gazing at Gazer: Turla's New Second Stage Backdoor

Gazing at Gazer: Turla's New Second Stage Backdoor

Herein we release our analysis of a previously undocumented backdoor that has been targeted against embassies and consulates around the world leads us to attribute it, with high confidence, to the Turla group. Turla is a notorious group that has been targeting governments, government officials and diplomats for years. They are known to run watering hole and spearphishing campaigns to better pinpoint their targets. Although this backdoor has been actively deployed since at least 2016, it has not been documented anywhere. Based on strings found in the samples we analyzed, we have named this backdoor “Gazer”.

(more available)
Added: November 15, 2018
  • ««
  • «
  • 4
  • 5
  • 6
  • 7
  • 8
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 2, 2025 00:08 UTC (build b1d7be4)