The DeepSeas cyber threat intelligence crew has observed exploitation of a zero-day exploit in US-based Progress’s MOVEit Managed File Transfer Software service. Further investigation by DeepSeas has uncovered a possible overlap with infrastructure known to be operated by the Russian state-aligned advanced persistent threat group Fancy Bear (aka APT28). Whether
The Cloud to Firmware exploitation revealed by Otorio’s Research can be viewed as a chain in the same way so many cybersecurity events are described, showing that a cybersecurity program’s strength is often determined by its weakest link. In the case at hand, the links are represented by a collection
Questions related to how security leaders can create the best threat intelligence programs for their organizations were recently covered in an episode of Cybersecurity America with Josh Nicholson. While there are many questions an organization should address when adopting a threat intelligence program, below are three of the many that
DeepSeas analysts identified an unspecified cyber threat actor conducting post-compromise activities in a company within the Architecture and Engineering industry. The targeted system was a domain controller that did not have an EDR agent installed. The DeepSeas SOC detected the creation of a file on an adjacent system that did
OneNote Files Used for Malware Delivery, Actors Iterate Rapidly A DeepSeas Summary DeepSeas has identified a new technique involving the use of OneNote files in malware delivery, though activity of this nature was observed to have accelerated among cybercriminal groups in December 2022. The use of this new filetype has
Yesterday was the first Patch Tuesday of the year, which some may speculate to be the cause of the FAA System Failure Grounding US Flights. Currently there is no indication of a cyber attack. Summary: On 11 January 2023, reports on social media and news sites began circulating that the
Potential for Russia to respond with cyber-attacks against U.S. organizations, such as financial, oil and gas, or manufacturing. Executive Summary: In Mid-October, Russian President Vladimir Putin announced that the Russian Defense Ministry had almost reached its goal of 300,000 reservists activated to aid in his war effort in Ukraine. Russia
Summary: On 22 December 2022, a potential Remote Code Execution (RCE) vulnerability in Linux Kernel versions 5.15 – 5.18.x / 5.19.x which affects Linux Kernel products with ksmbd enabled. According to Zero Day Initiative, the vulnerability could allow remote attackers to execute arbitrary code on affected installations and authentication is
21% of the DeepSeas crew are Veterans or Active Military Reservists. Join our talented crew of cyber experts.
