Threat Watch

Read the latest cybersecurity news and insights from our industry experts

Daily articles & analysis by industry

Subscribe to Our Daily Newsletter

Outsmart your adversaries with daily views into the current threat landscape. The experts on our counterintelligence team analyze the latest cybersecurity news and offer insights that you can leverage to protect your business.

Latest Post

Cuba Ransomware Gains a Distribution Partner

The Cuba ransomware, active since early 2020, is now being distributed through the Hancitor malware according to a report released today by Group-IB. Hancitor is …

Daily summaries of threats, delivered straight to your inbox!

View All Posts

Babuk Extorts DC Police Department

The Metropolitan Police Department has confirmed that they were the victim of a cyberattack after the Babuk ransomware group posted screenshots and threatened to leak more than 250 gigabytes of …

Read More

Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities

Prometei is a cross-platform botnet first observed in July of 2020. Initially the botnet used SMB brute-forcing methods and exploits such as Eternal Blue to initially infect systems. Recently Cybereason …

Read More

Microsoft to Leverage Intel’s Threat Detection Technology to Detect Cryptomining Malware

Microsoft has announced plans to use a little-known Intel CPU feature to detect cryptominer malware, TheRecord reports.  Known as Intel Threat Detection Technology (TDT), this security feature gives security software …

Read More

Attackers Actively Exploiting CVE-2021-30657 on macOS

On April 26th, Apple published an update to macOS patching a security vulnerability disclosed to them by Security Researcher Cedric Owens. The vulnerability bypasses Gatekeeper checks by utilizing stolen Apple …

Read More

Ryuk Adding New Tools to Their Arsenal

Advintel has released a report detailing the Tactics, Techniques, and Procedures (TTPs) behind the Ryuk ransomware, including some new observations made by their team throughout 2021 so far. Remote Desktop …

Read More

Rowhammer Attacks Are Back on Stage

Researchers at Sopho’s have observed a sort of reboot to a classic, mostly theoretical, attack named Rowhammer. This attack involves repeatedly attack a specific address in memory enough to affect …

Read More

Multiple Sanctions Brought Down Against Russian-backed Organizations and Agencies

In response to the SolarWinds supply attack, the U.S. government issued sanctions against Russia. In the order, clear attribution was made, stating that teams in the Russian SVR were responsible …

Read More

Celsius Cryptocurrency Breach

The cryptocurrency rewards program platform Celsius network has disclosed a security breach that led to customer information being exposed. Celsius CEO Alex Mashinsky stated that a third-party marketing server was …

Read More