Most Recent

Response to CISA Advisory (AA23-349A): Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

In response to the recently published CISA Advisory (AA23-349A) that disseminates Tactics, Techniques and Procedures (TTPs), mitigation and detection methods associated with a Risk and Vulnerability Assessment (RVA) carried out by CISA as requested by a Healthcare and Public Health (HPH) sector organization, AttackIQ recommends that customers take the following testing actions in alignment with the RVA.

Response to CISA Advisory (AA23-347A): Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA23-347A) which assesses that cyber actors from the Russian Foreign Intelligence Service (SVR) have been observed targeting servers hosting JetBrains TeamCity software by exploiting vulnerability CVE-2023-42793 on a large scale, since September 2023.

Infecting the Infected: Rhysida’s Ruthless Ransomware Regime

As we’ve seen time and time again in our cybersecurity landscape, the wicked prey on the weary and take no prisoners along the way. Rhysida, an emerging ransomware group, serves as a perfect example of this. While their activities span across a variety of sectors and regions around the world, they have taken a keen taste to vulnerabilities found within the realm of healthcare.

CISA and NSA’s Top 10 Control Misconfigurations? Use BAS and MITRE ATT&CK to Defend Against Them

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released their top 10 list of common cybersecurity misconfigurations. Some of these include your standard slew of don’t use default software settings, don’t make weak passwords, and don’t practice poor MFA hygiene. No surprise there for most security teams, but apparently, it’s common enough that they all made the top 10 list of things people do anyway.

Response to CISA Advisory (AA23-339A): Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

AttackIQ has released two new attack graphs and one new scenario in response to the recently published CISA Advisory (AA23-339A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with the exploitation of CVE-2023-26360 at a Federal Civilian Executive Branch (FCEB). These attack graphs are based on two separate incidents that compromised at least two public-facing servers at a FCEB between June and July 2023.

Regulatory Revolution: Redefining Global Cybersecurity through Performance-Driven Standards

The landscape of global cybersecurity is undergoing a seismic shift, marked by a fervent departure from traditional compliance-based strategies towards a new era of performance-based fortification. Spearheaded by dynamic changes in the regulatory frameworks of powerhouse economies like the US and EU, this evolution aims not just for compliance checkboxes but tangible security outcomes that defy mounting threats and historical failures in defense mechanisms.

Response to CISA Advisory (AA23-325A): #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

AttackIQ has released a new assessment template in response to the recently published CISA Advisory (AA23-325A) that disseminates Indicators of Compromise (IOCs), Tactics, Techniques and Procedures (TTPs), and detection methods associated with LockBit 3.0. This assessment template is based on an incident in which LockBit affiliates were observed exploiting CVE-2023-4966 to gain access to Boeing infrastructure.

Tainted Defenses: Emulating Gallium’s Operation Tainted Love

Though the band Soft Cell may be considered a one-hit wonder with their 1981 hit song “Tainted Love”, the same cannot be said for Gallium, a Chinese-based threat actor that has continued to wreak havoc in the Middle Eastern telecommunications sector for over a decade now. Their most recent cyberespionage campaign? Operation Tainted Love.

Attack Graph Response to CISA Advisory (AA23-319A): #StopRansomware: Rhysida Ransomware

On November 15, 2023, CISA published an Advisory (AA23-319A) that disseminates known Indicators of Compromise (IOCs), Tactics, Techniques, and Procedures (TTPs), and detection methods associated with Rhysida ransomware identified through FBI investigations. In September 2023, AttackIQ released two new attack graphs in response to recent reports of activities involving Rhysida ransomware.