Recent events, threats, and all things cyber
Introduction This is the second blog in the ‘Classifying Malicious Domains’ series, which aims to give insight into how to we at Tiberium use our knowledge of attacker’s techniques, tactics, and procedures to detect attacks before they occur. Today we’re going to talk about ‘dodgy’ looking domains – that is a domain that looks more like a plate of alphabet soup than a bona fide website. An early tl;dr … Read more
Microsoft has identified (more) Nation-State supply chain attacks We all know about supply chain attacks, the most recent example being the Solarwinds/FireEye debacle in which parties third, outed as the Russian state-sponsored APT-29 group (also called Nobelium) by none other than the FBI and associated American Government departments (they have so many, it’s too confusing). The long and short of these … Read more
How will SASE, SOAR, Zero Trust and SIEM technologies shake out? If you have been reading this blog regularly, read our note on, or visited Microsoft, Cisco etc. conferences you will be aware of the terms Zero Trust, SASE, SOAR and SIEM. In this blog, we explain (in summary, trying not to fall asleep) what … Read more
At least if you get patching The start of Autumn is always a quiet time for us Cyber bloggers. Presumably having taken time off over the summer to rest and recuperate on their islands with flip-top Volcano lairs or Yachts with a submarine, plane and another boat inside therm, we think that this must be planning … Read more
Using TTP-based intel to classify malicious domains Introduction This blog series will show how Tiberium harnesses intel around attackers’ tactics, techniques, and procedures to classify malicious domains as part of our FROST and MYTHIC 24/7 MSSP services. Preventative security is cool. Having the ability to think several moves ahead of an attacker, identifying their presence while they still think they are invisible, and manning the barricades … Read more
I can’t call Grandma! Facebook was down Apart from members of the Sentinelese, the most isolated people on the planet, and we are pretty sure that at least one of them will be on TikTok or YouTube, you will have noticed that Facebook, WhatsApp, and Instagram were down on 04/10/21 from about 15:50 UTC until 21:20 UTC. That would be a pretty major … Read more
Domain Name Services – Friend & Foe Every reader of this blog will know that the Domain Name Service is a program/component/server role (depending on how old you are and how you take your poison) which turns the names for Internet resources like websites, mail servers etc. into their registered IP addresses. More technical readers … Read more
Last week, cloud security outfit Wiz announced what they called a ‘secret agent’ group of vulnerabilities that enable takeover and privilege escalation of Linux servers in the Azure cloud. These have now collectively been called ‘OMIGOD’ which has a logo. We all know that means serious. This is. The issue is to do with the automatic installation of a software agent … Read more
Those of you who have read more than one of these missives (thank you, thank you) may have noticed our fascination with the activities of the REvil ransomware group. For those not up to speed, here is a REvil primer. REvil (Ransomware Evil, see what they did there) is a Russian speaking cybercriminal gang that, as the name suggests, focus on encrypting, … Read more