“The Turla espionage group has been targeting various institutions for many years. Recently, we found several new versions of Carbon, a second stage backdoor in the Turla group arsenal. Last year, a technical analysis of this component was made by Swiss GovCERT.ch as part of their report detailing the attack that a defense firm owned by the Swiss government, RUAG, suffered in the past. This blog post highlights the technical innovations that we found in the latest versions of Carbon we have discovered.”

Dragos, Inc. was notified by the Slovak anti-virus firm ESET of an ICS tailored malware on June 8th, 2017. The Dragos team was able to use this notification to find samples of the malware, identify new functionality and impact scenarios, and confirm that this was the malware employed in the December 17th, 2016 cyber-attack on the Kiev, Ukraine transmission substation which resulted in electric grid operations impact. This report serves as an industry report to inform the electric sector and security community of the potential implications of this malware and the appropriate details to have a nuanced discussion.

“In an effort to expose a common problem we see happening in the industry, Cylance® would like to shed some light on just how easy it is to fake attribution. The key factor we should focus on, as an industry, is determining HOW an attacker can take down an organization, rather than focusing only on the WHO. Once we can identify how the attack happened, we can focus on what’s really important – prevention.”

This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims. We name this technique “tainted leaks.” The report illustrates how the twin strategies of phishing and tainted leaks are sometimes used in combination to infiltrate civil society targets, and to seed mistrust and disinformation. It also illustrates how domestic considerations, specifically concerns about regime security, can motivate espionage operations, particularly those targeting civil society.

The post contains Analysis on a wave of attacks targeting banks as well as the falsified origins of said attacks.

This report is a transcript of written Testimony provided to the House Comittee on Oversight and Government Reform, Subcomittee on Information Technology, by Sarah Cook Senior Research analyst for East Asia and China Media Bulletin Director.

The research department at TopSpin Security conducted an experiment to investigate the performance of deception technologies in a simulated corporate environment in which more than 50 professional hackers and security experts used their knowledge and skills to try to extract a pre-defined piece of data and stay undetected. The experiment sought to answer a number of questions, including: 1) What kind of attacker will be attracted to what different type of resources (traps)? 2) What deception mechanisms should the defending organization employ? 3) Where should they be placed? 4) What kind of traps should be used Every attack pattern was carefully monitored and upon completion the data logged was analyzed and aggregated. Trends, attack patterns and statistics were derived from the data logged.

In this paper, they explore the modern enterprise — a hybrid organization with infrastructure spread across on-premises data centers as well as hosted in the cloud and one where IT functions are split between internal and 3rd-party administrators. They look at these and related trends impacting our data security and specifically, best practices on how to manage and govern privileged user access to mitigate these risks.

SophosLabs takes a specific look at threats being downloaded on GooglePlay that mine a mobile phone’s resources while searching for cryptocurrency.

Read about the threat outlook for aerospace and defense sectors as threat groups seek to gain military and economic advantages.

This report is geared towards the healthcare community and seeks to provide helpful information to guide organizations in their Data Loss Prevention struggles.

This document reviews the primary CASB deployment modes and then describes the 20 most common CASB use cases, revealing which deployment mode best supports each of the use cases.

Given that the most important information resides in databases, organizations are increasingly turning their focus toward databases security technologies. To defend databases from attackers using stolen credentials, the industry is beginning to adopt a new security paradigm based on machine learning and behavior analysis. This white paper discusses that paradigm shift and the issues that go along with it.

The Qadars Banking Trojan has been observed globally targeting well-known banks since 2013. The research in this white paper provides a detailed analysis of the banking trojan, discussing the obfuscation techniques, domain generation algorithm (DGA), communication protocols and data formatting, and social engineering techniques employed by the trojan.

This report is based on a survey, that is intended to provide a community perspective on what security operations centers (SOCs) look like within organizations across the globe, as well as data and guidance to enable organizations to build, manage, maintain and mature effective and efficient SOCs.

This paper seeks to help organizations understand that Microsoft Azure (Azure) has a lot more to offer than cost savings. Enterprises with the highest levels of cloud adoption, typically, not only completely re-architect their applications, but also take advantage of automation to streamline the entire development and deployment process. They adopt DevOps pipelines and use CI/CD (continuous integration and continuous delivery) tools with the objective of nimbly meeting customer and business needs.

The goal of this book is to clarify the most frequently encountered concepts of inline security and be a resource as you develop your network security architecture. For each of the 20 terms included, they provide a simple definition, common use cases, and important considerations for deployment.

This eBook gives a detailed breakdown of the current state of the Kubernetes Ecosystem.

This industry report attempts to answer the question: Why are cyberattacks still successful? Along the way it examines the types of problems that enterprises face, common types of attacks, the true cost of data breaches to major organizations and the tools available today to mitigate these threats.

This is an annual report that discusses the latest malware and hacking trends in compromised websites.

This report asks the question, “The US Government is beginning the migration to cloud services with FedRAMP providers and other dedicated resources – what’s the best approach for your agency?”