Search cyberveille.decio.ch

Found 4 bookmarks

Newest

Hide Your RDP: Password Spray Leads to RansomHub Deployment

Initial access was via a password spray attack against an exposed RDP server, targeting numerous accounts over a four-hour period. Mimikatz and Nirsoft were used to harvest credentials, with evidence of LSASS memory access. Discovery was accomplished using living-off-the-land binaries as well as Advanced IP Scanner and NetScan. Rclone was used to exfiltrate data to a remote server using SFTP. The threat actor deployed RansomHub ransomware network wide, which spread over SMB and was executed using remote services.

#thedfirreport #EN #2025 #incident-response #report #RDP #password-spray #RansomHub

·thedfirreport.com·Jun 30, 2025

Hide Your RDP: Password Spray Leads to RansomHub Deployment

RansomHub Affiliate leverages Python-based backdoor

In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.

#guidepointsecurity #EN #2025 #incident-response #Python-based #backdoor #ransomware #RansomHub #SocGholish #FakeUpdate

·guidepointsecurity.com·Jan 19, 2025

RansomHub Affiliate leverages Python-based backdoor

Leaked LockBit builder in a real-life incident response case | Securelist

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

#securelist #EN #2024 #builder #Data-Encryption #Incident-response #LockBit #Malware #Malware-Technologies #Ransomware #Targeted-attacks #Trojan

·securelist.com·Apr 16, 2024

Leaked LockBit builder in a real-life incident response case | Securelist

SP 800-61 Rev. 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile

Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. The six Functions of the NIST Cybersecurity Framework (CSF) 2.0 all play vital roles in incident response. NIST is releasing the initial public draft of Special Publication (SP) 800-61r3 (Revision 3), Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile, for public comment. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities, as described by CSF 2.0. Doing so can help organizations prepare for incident responses, reduce the number and impact of incidents that occur, and improve the efficiency and effectiveness of their incident detection, response, and recovery activities.

#NIST #2024 #EN #Recommendations #Incident-response #risk-management #SP-800-61

·csrc.nist.gov·Apr 10, 2024

SP 800-61 Rev. 3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile