Understanding PrintNightmare: The importance of having visibility over new attack vectors

What is PrintNightmare? PrintNightmare (CVE-2021-34527) is a recently discovered vulnerability, affecting the Microsoft Windows Print Spooler Service. It allows threat actors to run arbitrary code on any device with Print Spooler service enabled with SYSTEM level privileges via Remote Code Execution (RCE) after obtaining initial access. The vulnerability allows attackers to load a DLL into […]

The rising danger of ransomware: the Kaseya case, how it happened, and how to defend yourself

By Alberto Pelliccione, CEO – ReaQta The Revil hacker group managed to obtain a 0-Day to gain access to Kaseya VSA, a management software for IT infrastructures, using it as a conduit to spread ransomware to those MSPs using the platform. Supply-chain attacks are extremely effective and such threats are rising in frequency and complexity. […]

Understanding the Avaddon Ransomware: Is your organization equipped to stop zero-day threats?

Recently, The Financial Times reported that Asian subsidiaries of a French Global insurance company were hit by a latest ransomware attack known as Avaddon. Attackers seized 3TB of data, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines, taking hold of sensitive information like medical records and hospital data. What is Avaddon ransomware […]

MITRE ATT&CK Carbanak+FIN7 Evaluation: ReaQta-Hive Achieves 100% Detection Coverage across the Cyber Kill Chain Autonomously and in Real-Time

For the 2020 MITRE Engenuity evaluations, MITRE chose to evaluate two well-known threat actors: Carbanak and FIN7. While last year’s evaluation, covering APT29, was focused on governmental espionage, this last round was focused on financially-motivated threat actors and it included, for the first time, testing on both Windows and Linux endpoints. Both threat groups are […]

Defending attacks to the SWIFT network

Rising cyber fraud and insider threat cases continue to plague the financial industry growing the need to secure SWIFT networks  Leveraging behavioral analyses, ReaQta’s Detection Strategies enables banks to fully customize unique sets of detections to guard access to SWIFT networks As SWIFT cyber fraud rises in recent years, financial institutions today face a devastating […]

Detecting HAFNIUM Exchange Exploitation Campaign with ReaQta-Hive

A hunting query to identify post-exploitation activities Customized Detection Strategy (DeStra) to detect future exploitation attempts On the 11th of March, Microsoft reported an active exploitation campaign of several zero-day vulnerabilities affecting on-premise versions of Microsoft Exchange Servers allegedly from a state-sponsored adversary, HAFNIUM. The attack starts by exploiting vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and […]

Post-breach, what happens now? ReaQta’s all-in-one EDR and Forensic tool gathers information in minutes for effective post-breach recovery

ReaQta melds Endpoint Security EDR/XDR protection with forensic capabilities to form integrated cybersecurity offerings As COVID-19 continues to limit travel, remote forensic data collection offered by ReaQta-Hive will grow to become a staple for any organization Post-breach, every minute counts. The growing occurrence of grievous cyber breaches, coupled with tightening governmental regulations that dictate the […]

Leonardo S.p.A. Data Breach Analysis

ReaQta Threat Intelligence Team identified the malware used in an exfiltration operation against the defence contractor Leonardo S.p.A. The analysis of the malware, which we dubbed Fujinama, highlights its capabilities for data theft and exfiltration while maintaining a reasonably low-profile.

What is Managed Detection and Response (MDR)?

Opting for MDR services goes a long way in protecting an organization, especially on a round-the-clock basis. Staying protected against cyber attacks, even in the dead of night, helps to detect and manage possible attackers very early in the process, reducing mitigation costs, containing any interruption to business continuity and preventing data from being exfiltrated. […]

Close Bitnami banner