Ensuring your organization is secure has to start someplace. For most administrators this is a daunting task. Where do I start? What do I secure first? What would a Threat Actor look for? The sheer number of configuration capabilities in Windows Server and Windows 10 can make these questions hard to answer. This is where […]
Part 1 – The Ransomware Attack Truesec has documented how Russian ransomware gangs profit from being left alone by Russian law enforcement, but connections seem to go even deeper. Initial Attack and Takeover In October 2020, the Russian-based threat actor known as “Evil Corp” conducted a ransomware attack against a major corporation. The attack vector […]
We have recently seen an increase in ransomware targeting VMware vSphere ESXi hosts and encrypting all virtual machines at once. You can secure your ESXi hosts from ransomware by following these three simple steps, using TPM, Secure Boot and the ESXi setting execInstalledOnly.
It is hard to determine who is the actual perpetrator behind cybercrime operations, with enough confidence for law enforcement to issue warrants for arrest. Even pinpointing which country the actors are operating from is hard to do with 100% certainty. At the same time, there are more than enough indices to say with relatively high […]
This post contains information and data related to an on-going investigation of Microsoft Exchange Zero-Day ProxyLogon and associated vulnerabilities actively exploited and attributed to HAFNIUM. Any changes and edits made to this blog post will be noted at the top of the post. Update list 2021-03-08 16:29 CET – Added web shell details 2021-03-09 11:20 […]