Operation Dream Job is a sophisticated cyber espionage campaign orchestrated by the Lazarus group, a North Korean threat actor known for its association with various high-profile attacks. This ongoing operation employs advanced tactics to compromise targets, primarily focusing on individuals working in software or decentralized finance (DeFi) platforms. Attack Methodology The attack methodology used by […]
Operation Dream Job Read More »
C0017 was an APT41 campaign conducted between May 2021 and February 2022 that successfully compromised at least six U.S. state government networks through the exploitation of vulnerable Internet facing web applications. During C0017, APT41 was quick to adapt and use publicly-disclosed as well as zero-day vulnerabilities for initial access, and in at least two cases
CVE-2024-21412 is about Internet Shortcut Files Security Feature Bypass Vulnerability (Microsoft Defender SmartScreen Vulnerability). The APT group Water Hydra (also known as DarkCasino) has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. Water Hydra has been exploiting CVE-2024-21412 in a sophisticated campaign targeting financial market traders, allowing the
Threat Advisory for CVE-2024-21412 Read More »
Phobos Ransomware operates on a ransomware-as-a-service (RaaS) model, and its impact has been notably felt across state, local, tribal, and territorial (SLTT) governments. Municipalities, emergency services, educational institutions, and critical infrastructure entities have fallen victim to Phobos, resulting in substantial ransom payouts. Attack Methodology The attack methodology used by Phobos ransomware can be outlined as
Windows environments are complex ecosystems comprising numerous objects such as files, processes, registry keys, and more. Security Descriptors, integral to managing access control, are often leveraged stealthily by attackers for privilege escalation. Understanding these descriptors is crucial for both offensive maneuvers and defensive strategies. This article, curated by the DARC team, explores the nuanced world
Detecting Windows Security Descriptors Exploitation Read More »
Effective risk management and security governance are essential for organizations looking to protect themselves against cyber threats. Security information and event management (SIEM) systems can play a crucial role in supporting these efforts by providing organizations with valuable insights and analytics that can inform their risk management and security governance strategies. One of the key
Role of SIEM in Supporting Risk Management & Security Governance Read More »
Table of Content Introduction Cyberattacks have been evolving, and so has your cybersecurity. Businesses are relying more on technologies to carry out their everyday operations. This has provided more opportunities and ways for cybercriminals to attack organizations. Because of these, staying ahead of cyberattacks has become crucial for organizations. An organization not having strong cybersecurity
7 Cyber Threats to Watch Out For and How DNIF HYPERCLOUD Helps Mitigate Them Read More »
Table of Content Introduction As the use of SIEM technology grows within organizations, it becomes increasingly important for Security Operations Center (SOC) teams to be well trained and educated on the latest best practices and techniques of SIEM solution. This is to maximize its potential and ensure it provides the desired outcomes. They are the first in
Training and Educating Soc Teams on SIEM Best Practices Read More »
Table of Content As the world evolves digitally, dependency on servers, networks, and other technologies has increased significantly. One such example is the cloud infrastructure, the cloud is a platform that provides various services like software, applications, servers, networks, and many more. Cloud computing has been increasing rapidly because it allows organizations to process huge
Understanding Cloud Attack: Threats and How to Protect Your Cloud Infrastructure Read More »
Table of Content Introduction Buying a SIEM solution is quite challenging, given the need to carefully evaluate the environment, organization’s IT Infrastructure and analyzing a SIEM solution that best fits the organization. When it comes to selecting a SIEM, it is a crucial decision as the solution should meet the organization’s security requirements and also
Role of In-house Expertise & Resources in the SIEM Selection Process Read More »
