Speed, Shakespeare Allow for Exploitation of Zero Days
This is a flavor of attackers who use remote code execution exploits (RCE) targeting Linux machines to upload crypto miners to vulnerable Linux systems.
APT Hides Among an Emerging Threat Land Grab
The ice cream blog series continues by documenting another activity cluster first observed in our dataset in 2019. This threat cluster has been well documented in the security community with, APT41, Lead, Wicked Panda, and Vanadinite demonstrating significant overlap in activity, making it likely that each represents activity involving the same threat group. We are grateful for the contributions of these and other threat researchers who have helped inform the security community’s understanding of this actor.
Explore Project Ice Cream Threat Activity Clusters
Human-led treat hunting is an integral part of our security analytics development, both to continuously improve coverage of the ever-expanding attack surface while also eliminating false positives. This approach enables us to catch the next occurrence as and when it happens. Over time we have developed a deep understanding of threat group activity clusters that have improved analysis time and informed comprehensive remediation plans.
Adversary Using Public Hosting Exploits Emerging Threats
Threat activity cluster, Strawberry, appears to favor two primary exploits for gaining entry onto a vulnerable machine, Apache Solr remote code execution (RCE) vulnerability (CVE-2019-17558) and a Confluence OGNL exploit (CVE-2021-26084).
Sophisticated Adversary Capitalizes on Citrix ADC Servers
The threat activity cluster, Mint with Sprinkles, exploits Windows machines following Mint’s earlier success in exploiting Linux machines running the Citrix Application Deliver Controller (ADC).
Cloud-Based Adversary Capitalizes on Confluence Servers
In the next edition of our ice cream activity cluster blog series, we’re shining the spotlight on another historic actor that undertook a significant remodeling of their tactics, techniques and procedures (TTPs) when they expanded their target scope to include Windows machines.
The Importance of Cloud Application Security for Your Business
Explore the imperative of cloud application security in today’s digital realm. Uncover the top 10 security challenges confronting organizations utilizing cloud applications.
Web App Security: Insights from the Frontline
What builds the most effective security posture for web application security? Expert Josh Davies shares his web app warning signs and best mitigation practices.
What Is Cloud Transformation and Why Is It Important?
Companies of all sizes are undergoing cloud transformation to keep up with the speed of modern business. Cloud services make it easier to efficiently deliver services, engage with customers, and manage other business operations, so it makes sense that cloud migration is a top priority for most companies around the world.
A Day in the Life of a SOC Team
Ever wondered how Fortra’s Alert Logic MDR protects your network with human hands at the wheel? Our SOC team discussion is a must-read.
What is SOC 2 Compliance?
SOC 2 compliance is voluntary, but it helps boost customers’ confidence in your organization’s ability to keep their private data safe and secure.
ChatGPT – Security Risk or Security Enabler?
How can we be more creative for the good, especially for cybersecurity challenges, with ChatGPT and other AI?