Blog

Context On April 6, 2023, CSO reported on a research report from ESG on the challenges that face cyber security leaders when making decisions based on cyber threat intelligence. According to the report, “95% of enterprise organizations (those with more than 1,000 employees) have a threat intelligence budget, and 98% plan to increase spending on…

Context On March 29, 2023, Trend Micro security researchers reported a new malware they named “OpcJacker.” According to the report, OpcJacker includes multiple capabilities such as: Keylogging Taking screenshots Stealing sensitive data from browsers Loading additional modules Replacing cryptocurrency addresses in the clipboard for hijacking purposes Trend Micro researchers assessed that: The primary objective of…

Context On March 29, 2023, multiple cybersecurity firms began reporting that 3CXDesktopApp, a Voice Over Internet Protocol (VOIP) Private Automatic Branch Exchange (PABX) enterprise call routing software, is currently compromised in a supply chain attack. Multiple investigations have reported that an unknown threat actor has trojanized installers for 3CXDesktopApp, to install an information stealing malware….

Context On March 27, 2023, the Federal Investigation Bureau released the IC3 2022 Internet Crime Report. The report covers major trends found across complaints investigated by the IC3, which the FBI defines as “an intelligence-driven and threat focused national security organization with both intelligence and law enforcement responsibilities.” Key Takeaways According to the report key…

This month’s member spotlight is Jeffrey (Jeff) Davidhizar, security analyst at Crutchfield Corporation. We asked Jeff to tell us more about how he transitioned from teaching math to middle and high school students to his career in cybersecurity. Can you introduce yourself? Tell us a little bit about your background and what you do at…

On March 20, 2023, Metabase Q security researchers reported the technical details of more than 20 different campaigns targeting organizations in Chile, Mexico, Peru, and Portugal with the Mispandu bank trojan. According to the report, the campaigns attempt to “steal credentials from users when accessing online banking, schools, government services, social media, gaming, ecommerce, public…

On March 16, 2023, SentinelLabs researchers reported the technical details of a cyberespionage campaign against government and telecommunications companies in multiple enterprises which they attribute to the Winter Vivern threat group. Context SentinelLabs researchers assess that current Winter Vivern activities align closely with Belarussian and Russian government interests. The SentinelLabs report is based on recent…

Digital transformation efforts continue to accelerate and are pivotal for industries to sustain business and ensure growth. The major challenge is securing applications against malicious bots. Marshalling the resources to achieve this requires explaining the quantitative and qualitative impacts bots have on your business in terms your board and C-Suite will understand. As a business…

Context During the second half of 2022, multiple RH-ISAC member analysts reported observing increases in fraud and phishing activity targeting popular social media figures and user-generated content (UGC) creators (i.e. “influencers”) leveraging member brand names as part of the scams. The fraud activity spikes observed in the past few months have been both prolific and…

The RH-ISAC intelligence team is publishing a catalog of the most prominent and prolific threat groups targeting our community as a resource for analysts. The catalog will be available via the RH-ISAC MISP instance and will include useful data on threat groups, including: Known aliases Background information and a brief history Prominent open-source incidents attributed…