News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Companies discover cyber attackers more quickly
Companies discover cyber attackers more quickly

Cyber ​​attackers prefer to exploit zero-day vulnerabilities, according to the M-Trends Report 2024. However, the average time until they are discovered has fallen significantly. The financial sector is most often affected by attacks. Mandiant, part of Google Cloud, released the 2024 M-Trend results. The annual report, now in its 15th year, provides expert trend analysis based on Mandiant's research into 2023 cyberattacks and how to mitigate them. This year's report shows that companies worldwide have significantly improved their defense capabilities and are detecting malicious activity affecting their business more quickly than in previous years...

Read more

Spearphishing from North Korea
B2B Cyber ​​Security ShortNews

The US government warns of threat actors from North Korea. As a result, they use weak email DMARC (Domain-based Message Authentication Reporting and Conformance) settings to send fake spearphishing emails as if they came from a legitimate email address. “We have observed that North Korean threat actors like APT43 are exploiting the flawed DMARC configurations to easily spoof well-known institutions at major universities, think tanks and NGOs. This allowed them to target prominent facilities in specific areas and collect high-priority intelligence for the North Korean regime. They did this by stealing the email addresses of legitimate users from legitimate…

Read more

Google names 97 observed zero-day vulnerabilities
B2B Cyber ​​Security ShortNews

There are many zero-day vulnerabilities, but not all of them are widely exploited. Google and Mandiant observed 97 zero-day vulnerabilities that were heavily exploited - an increase of 50 percent compared to the previous year. Google and Mandiant released a new study that observed 2023 zero-day vulnerabilities exploited in the wild in 97. That's over 50 percent more than in 2022 (62 vulnerabilities), but less than the record-breaking 106 vulnerabilities exploited in 2021. TAG and Mandiant were responsible for the original discovery of 29 of these…

Read more

Dinner with APT29
B2B Cyber ​​Security ShortNews

In late February 2024, Mandiant identified APT29 – a Russian Federation-backed threat group linked to the Russian Foreign Intelligence Service (SVR) by multiple governments – which ran a phishing campaign targeting German political parties. Consistent with APT29 operations dating back to 2021, this operation leveraged APT29's main ROOTSAW (also known as EnvyScout) payload to deliver a new backdoor variant known as WINELOADER. This activity represents a departure from APT29's typical targeting of governments, foreign embassies and other…

Read more

COSMICENERGY: OT malware is designed to cause power outages
B2B Cyber ​​Security ShortNews

Mandiant is reporting a new specialized Operational Technology (OT) malware being observed under the name COSMICENERGY. The malware targets remote terminal units (RTUs) and could cause power outages. According to Mandiant, the COSMICENERGY malware is designed to cause power outages. To do this, the malware interacts with remote terminal units (RTUs), which are commonly used for power transmission and distribution in Europe, Asia and the Middle East. European power distributors at risk Mandiant suspects that a contractor of Russian cybersecurity firm Rostelecom-Solar may have developed the malware as part of a red teaming tool to simulate power outages.

Read more

ALPHV ransomware targets old Veritas backup vulnerabilities
ALPHV ransomware targets old Veritas backup vulnerabilities

According to Mandiant, a ransomware partner of ALPHV is increasingly looking for old vulnerabilities in Veritas backup installations. The gaps have actually been known since 2021 – but many of them have not been patched. It should currently be possible to find over 8.500 backup instances on the web. Mandiant has observed a new ALPHV ransomware partner (a.k.a. BlackCat ransomware) tracked as UNC4466 targeting public facing Veritas Backup Exec installations for vulnerabilities CVE-2021-27876, CVE-2021-27877 and CVE -2021-27878 are vulnerable. These CVEs have been known since March 2021 and patches are also available. However, some administrators have the…

Read more

KRITIS: Outlook zero-day vulnerability exploited for months
B2B Cyber ​​Security ShortNews

Mandiant experts believe that the Outlook zero-day vulnerability (CVE-2023-23397) has been used in Organization and Critical Infrastructure (KRITIS) attacks for almost 12 months and was also used by Russian actors in the Ukraine attack. Mandiant has tracked and documented early exploitation of the vulnerability under the tentative group name UNC4697. The attacks have now been publicly attributed to APT28, a Russian actor associated with the GRU secret service. The vulnerability has been deployed against government agencies, logistics companies, oil and gas operators, defense contractors, and the transport industry in Poland, Ukraine, Romania, and Turkey since April 2022. Outlook vulnerability…

Read more

Chinese cyber attackers target zero-day vulnerabilities
B2B Cyber ​​Security ShortNews

Found zero-day vulnerabilities are often exploited by individual APT groups. According to Mandiant, Chinese cyberattackers are targeting more and more zero-day vulnerabilities. The report documents the role of the groups and the vulnerabilities exploited. Mandiant's new Fortinet vulnerability report reveals that routers and internet-connected devices on corporate networks are inadequately protected against cyberattacks. There are simply not enough tools to protect these systems. Chinese spies at work Suspected Chinese spies exploited a zero-day vulnerability with a new type of malware designed specifically for network security devices. Even devices used by government and…

Read more

Cyber ​​security decisions without background knowledge
Cyber ​​security decisions without background knowledge

According to a survey, organizations in Germany lack background knowledge about the different hacker groups and their procedures. The use of existing threat intelligence is a challenge in many organizations. Mandiant's Global Perceptions on Threat Intelligence report provides insight into how organizations are addressing the increasingly complex threat landscape. The report is based on a global survey of 1.350 cybersecurity decision-makers in 13 countries, including 100 in Germany, and 18 industries, including financial services, healthcare and government agencies. 40 percent of respondents from organizations in Germany stated that their organization in the…

Read more

APT Group Lazarus: North Korea captured $630 million

According to a UN expert report, North Korea was able to capture a record amount of money in 2022 through cyber attacks by the APT group Lazarus. North Korean cybercriminals are believed to have stolen at least $630 million. The sanctioned country uses the money mainly to finance its nuclear and missile programs. The state group Lazarus, among others, is held responsible for the cyber attacks. In public reporting, the Lazarus Group is often used as a generic term for numerous North Korean cyber actors. A blog post by Mandiant provides detailed insights into the various institutions within the hermit state and helps to understand how...

Read more