» Blog

Context On October 22, 2022, Bleeping Computer reported the technical details of a new Windows zero-day vulnerability that “allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings.” Bleeping Computer assesses that the zero-day was leveraged by ransomware threat actors to deliver the Magniber ransomware in a recent campaign. Technical Details…

DevSecOps is an approach to application development that emphasizes collaboration between the development, security, and operations teams. Security is introduced early and is continuously monitored throughout the development lifecycle so a secure application can be rapidly released with fewer security-related bottlenecks when it reaches production. Companies that adopt a DevSecOps approach need tools that can…

Context On October 18, 2022, Symentec researchers reported an extension to the Operation CuckooBees campaign leveraging the Spyder Loader to target government organizations in Hong Kong. Community Impact Operation CuckooBees is publicly attributed to APT41 (also known as Winnti), a Chinese state-backed threat group based on tactics, techniques, and procedures (TTPs). The campaign was initially…

October is Cybersecurity Awareness Month, an opportunity for organizations to spend a little extra effort educating their non-security staff on security best practices. This training generally focuses on basics such as enabling MFA, strengthening passwords, and teaching the warning signs of phishing. While these actions can improve your security posture when successfully adopted, training is…

The RH-ISAC is officially launching a community Malware Information Sharing Platform (MISP) instance for our core members. By utilizing an open-source threat intelligence platform (TIP) like MISP, we can share, store, enrich, vet, correlate, and analyze our shared intelligence. MISP includes many galaxy clusters containing the MITRE ATT&CK framework, Threat Actors, and Tools, to name…