We curate threat intelligence to provide situational awareness and actionable insights
Threat Identifier Detections
Atomic detections that serve as the foundation of our detection framework.
Threat Scenario Detections
Risk, pattern, and sequence-based detections utilizing the outputs of Threat Identifiers as a means of identifying actual threats.
Reports Hot Off the Forge
• Threat News Reports
• Trending Threat Reports
• ResearchArticles
Forge Report: First Half Threat Trends of 2024
Featured Threat Reports
All Threat Reports
Red Canary: Thwarts Ransomware From Early Signs of Malicious PowerShell
In June 2024, Red Canary prevented a ransomware attack on a major city hospital by detecting malicious PowerShell activity. The attack, originating from a webshell on a Microsoft Exchange server, was stopped before it could impact patient care. Key steps included monitoring for suspicious PowerShell activity and preventing the disabling of Windows Defender.
Cybersecurity Agencies Reveal Tactics of a Prolific Chinese Hacking Group
The ASD’s ACSC and CISA reveal the activities of APT40, a Chinese state-sponsored hacking group targeting global networks. Known for exploiting vulnerabilities in critical infrastructure, APT40 uses compromised devices to evade detection and exfiltrate sensitive data. Defensive measures include applying security patches, deploying web application firewalls, and replacing outdated networking devices.
New "regreSSHion" Vulnerability - CVE-2024-6387, Could Enable Remote Code Execution on Linux
The newly discovered regreSSHion vulnerability (CVE-2024-6387) in OpenSSH allows remote code execution on glibc-based Linux systems. Found by Qualys, this flaw affects versions 8.5p1 to 9.7p1. Updating to version 9.8p1 or later is essential to mitigate this severe threat and secure your systems.
GrimResource Attack Exploits Old XSS Flaw in Microsoft Management Console
Elastic researchers uncover GrimResource, a novel attack technique exploiting an old XSS flaw in Microsoft Management Console (mmc.exe). Attackers use this vulnerability to execute arbitrary code via a maliciously crafted MSC file, leading to unauthorized access and system takeover, ultimately deploying Cobalt Strike. Securing against this flaw is essential to prevent exploitation.
Misconfigured Ports Continue to Plague Docker Instances, Enabling Container Host Escapes via Bind
Datadog reports on Docker misconfigurations leading to host escapes and cryptojacking by the Spinning YARN campaign. Attackers exploit exposed Docker ports, bind containers to hosts, and deploy XMRig miners. This highlights the critical need for securing Docker instances and cloud assets against such vulnerabilities and attacks.
ASEC Unveils Xctdoor Malware Campaign Targeting South Korean Industries
ASEC has identified a cyber-espionage campaign by the North Korean group Andariel targeting South Korean defense and manufacturing sectors. The campaign uses Xctdoor malware to compromise enterprise environments, exfiltrate data, and monitor systems. The attackers exploit ERP software vulnerabilities to gain persistent access and execute further malicious activities.
About the Forge & Threat Reports
Our mission is to assess the operational behaviors of all threats to provide the community, and our customers, with actionable information and enterprise-ready detections in order to defend themselves in an ever- changing threat landscape.
Intelligence Levels for Threat Reports
Tactical
Detectable threat behaviors for response with threat scenarios or threat identifiers.
Strategic
General information security news, for awareness.
Whitepapers
The World's Best SOC Teams Use Anvilogic
.svg)
.svg)
.svg)
.png)
Build Detections You Want, Where You Want
