Response to CISA Advisory (AA24-060B): Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
In response to the recently published CISA Advisory (AA24-060B) that disseminates observed threat actor activities, Indicators of Compromise (IOCs), and mitigations associated with ongoing incident response activities in connection with the recent Ivanti Connect Secure and Ivanti Policy Secure Gateway vulnerabilities CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893, AttackIQ recommends that customers take ... Read More
Response to an Unknown Threat Actor Who Leveraged a Compromised Account to Access State Government Organization
In response to the recently published CISA Advisory (AA24-046A) that disseminates Tactics, Techniques, Procedures (TTPs) and mitigations associated with a recent incident response assessment of a state government organization’s network, AttackIQ recommends that customers take the following testing actions in alignment with this recently observed activity. The post Response to ... Read More

Ransomware and Targeted Attacks in the Healthcare Sector
Although ransomware can have devastating effects regardless of which industry vertical an organisation is part of, the healthcare industry has particularly paid a heavy price in recent times. The post Ransomware and Targeted Attacks in the Healthcare Sector appeared first on AttackIQ ... Read More

Azure Security Stack Mappings: The Top Native Security Controls for Ransomware
For the first time, organisations can visually see what Azure security controls can offer in terms of protection, detection and response. With 45 native Azure security control mappings, defenders can start focusing on not only TTPs in the context of Azure threats, but also how each native Azure security control ... Read More

The Kaseya VSA REvil Ransomware Supply Chain Attack: How It Happened, How It Could Have Been Avoided
On July 2, 2021, the REvil ransomware group successfully exploited a zero-day vulnerability in the on-premise Kaseya VSA server, enabling a wide-scale supply chain cyber attack. Let’s dig in and see how the attack happened, how attack emulation could have helped, and what you can do to implement a threat-informed ... Read More

Put MITRE ATT&CK® to work through Workbench
For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why. The post Put MITRE ATT&CK® to work through Workbench appeared first ... Read More