Each year brings innovations in threats from cyber criminals. Following breakthroughs in 2023 that changed the threat environment, 2024 promises a new generation of threats leveraging AI, data theft, spear phishing, sophisticated ransomware, and more. Leveraging research from TechTarget’s Enterprise Strategy Group and real-world expertise from DeepSeas, the special report
DeepSeas is aware of reports that Russian nation-state actors, specifically APT29, have been exploiting an authentication bypass vulnerability in JetBrains’ TeamCity servers. Public and bespoke detection logic for the payloads associated with this activity have been deployed. Background – JetBrains TeamCity Vulnerability CVE-2023-42793 First identified and reported to JetBrains in
Background DeepSeas has identified new samples of the Russian, financially motivated cyber criminal group FIN7’s former flagship backdoor malware, Carbanak. The malware, which has not been seen for several years, reemerged in the last few weeks as a new variant that is being uploaded to public malware repositories. In the
In the intricate and ever-evolving landscape of cybersecurity, a particular term has been consistently dominating headlines and becoming a household name – ransomware. This blog post is specifically designed for those who are new to the field of cybersecurity or who have come across the term ‘ransomware’ in news headlines
On 18 July 2023, Citrix issued an advisory stating that a Remote Code Execution (RCE) vulnerability in older installations of NettScaler ADC was being actively exploited in the wild. The RCE vulnerability was assigned CVE-2023-3519 with a CVSS severity score of 9.8. There were 2 additional CVEs disclosed in the
Let’s do a deeper dive into the nuances of service hijacking – specifically the two primary variations of the technique and practical insights on how to detect them. The aim here is to equip you with the knowledge needed to identify these stealthy attacks and fortify your defenses. Awareness and knowledge
MalasLocker is a novel ransomware operation that has been active since the end of March 2023. It targets Zimbra servers, exfiltrating email data and encrypting files. Unlike traditional ransomware, MalasLocker doesn’t demand a direct ransom payment but requires the victim to make a donation to an approved non-profit charity. They
In the ever-evolving landscape of cyber threats, a new storm is brewing. The state-sponsored actor, Volt Typhoon, has been quietly infiltrating critical infrastructure organizations in the United States since mid-2021. This group, based in China, is known for its stealthy techniques and focus on espionage and information gathering. Their modus
In a fascinating article about Turla, the enigmatic hacker group, Andy Greenberg, spins a tale in the murky depths of the internet, woven through with threads of brilliant invention, stealth, and resilience. It starts in the shadowy corners of Russia’s cyberspace, where Turla has carved its notorious name. Lauded as
21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.
