» Threat Intelligence Blog

Context The Hive ransomware variant has been extremely active in the past year. The ransomware was originally discovered in June of 2021, and reportedly is responsible for more than 300 compromises since September 2021. The FBI released a notice warning the public of the threat in August 2021 after Hive ransomware compromised dozens of medical…

Context The Department of Energy (DOE), Cybersecurity and Infrastructure Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory on April 13, 2022 detailing new advanced persistent threat (APT) cyber tools targeting Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) devices. The advisory notes three key…

Summary Threat actors aligning to the FIN7 hacking group have maintained a multi-year, large-scale hacking campaign that compromised tens of millions of consumer debit and credit cards. The campaign, operating since 2015, has damaged banks, hospitality entities, card companies, and direct consumers more than an estimated $1,000,000,000 USD by targeting numerous entities in the restaurant,…

Recent research from Detectify found a 25% increase in vulnerabilities detected in its customers’ subdomain assets in 2021 than in 2020. Additionally, the study found a 100% increase in the median number of vulnerabilities per domain in 2021 than in 2020. Detectify researchers said that the subdomain attack surface continues to grow, and DNS is…

Updates: April 5, 2022, 12 p.m. ET The “Spring4Shell” RCE (CVE-2022-22965) has been added to CISA’s list of known exploited vulnerabilities. Due to the conditions required to exploit the vulnerability, security researchers are beginning to form a consensus that, while serious, Spring4Shell is not as critical or dangerous as the Log4Shell vulnerability. The conditions for…