Mastodawn

🚨New ransom group blog post!🚨

Group name: SilentRansomGroup
Post title: P... C...
Info: https://cti.fyi/groups/SilentRansomGroup.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

Your org should be activating Entra ID conditional access policies to outright block device code authorizations with a carveout for very limited use cases such as meeting room conferencing devices. Even Microsoft knows this and has specific guidance on how to enforce it. Device code phishing is hot right now and these device code phishing-as-a-service platforms will likely lower the barrier of entry.

https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/

https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-block-authentication-flows

#phishing #eviltokens #soc #dfir #threathunting #cti #threatintel

New widespread EvilTokens kit: device code phishing as-a-service - Part 1

Uncover the new sophisticated EvilTokens device code phishing as-a-service, with AI-augmented features facilitating BEC fraud

Sekoia.io Blog

CTI.FYI 11h ago

🚨New ransom group blog post!🚨

Group name: qilin
Post title: SERVICE STAR FREIGHTWAYS
Info: https://cti.fyi/groups/qilin.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

CTI.FYI 11h ago

🚨New ransom group blog post!🚨

Group name: qilin
Post title: SEEING MACHINES
Info: https://cti.fyi/groups/qilin.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

CTI.FYI 11h ago

🚨New ransom group blog post!🚨

Group name: qilin
Post title: SERAM SPA
Info: https://cti.fyi/groups/qilin.html

#ransomware #cti #threatintelligence #cybersecurity #infosec

VulDB

11h ago

Added some more indicators for: AsyncRAT (+1), TinyNuke (+1), APT28 (+3), HellsUchecker (+5), Void Manticore (+8), SafePay (+10) and CastleRAT (+1). https://vuldb.com/actor #apt #cti #ioc