A hunting query to identify post-exploitation activities Customized Detection Strategy (DeStra) to detect future exploitation attempts On the 11th of March, Microsoft reported an active exploitation campaign of several zero-day vulnerabilities affecting on-premise versions of Microsoft Exchange Servers allegedly from a state-sponsored adversary, HAFNIUM. The attack starts by exploiting vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and […]
ReaQta melds Endpoint Security EDR/XDR protection with forensic capabilities to form integrated cybersecurity offerings As COVID-19 continues to limit travel, remote forensic data collection offered by ReaQta-Hive will grow to become a staple for any organization Post-breach, every minute counts. The growing occurrence of grievous cyber breaches, coupled with tightening governmental regulations that dictate the […]
ReaQta Threat Intelligence Team identified the malware used in an exfiltration operation against the defence contractor Leonardo S.p.A. The analysis of the malware, which we dubbed Fujinama, highlights its capabilities for data theft and exfiltration while maintaining a reasonably low-profile.
Opting for MDR services goes a long way in protecting an organization, especially on a round-the-clock basis. Staying protected against cyber attacks, even in the dead of night, helps to detect and manage possible attackers very early in the process, reducing mitigation costs, containing any interruption to business continuity and preventing data from being exfiltrated. […]
Dridex is a well-known banking malware that evolves constantly. This time we analyze a new variant that uses an effective technique to bypass security solutions.
Introducing two new additions to the ReaQta suite of solutions, ReaQta-EON and Hive Guard.
ReaQta’s Anti-malware module Hive Guard adds pre-execution dynamic emulation, behavioral heuristics and signature-based prevention combined with a new A.I. based analysis module.
ReaQta has been tracking an extensive and long running spear-phishing campaign, targeting the supply-chain in the Oil & Gas industry, most likely for espionage purposes. The campaign started in 2018 and it’s still running today, with a new wave began on the first week of May. It is carefully prepared and executed, with attackers taking […]
The attack unfolded over 2 days in which the attackers gradually moved deeper into the network after obtaining initial access. The vast majority of operations were carried out using powershell, as opposed to custom tools and malware, in order to maintain a low detection profile. The evaluation goal is to show how tested solutions respond to the attack and what kind of visibility is provided along the entire kill-chain.
You’re probably reading this from your laptop, likely from home, while connected over WiFi to your corporate VPN and waiting for a remote meeting that’s about to start in 30 minutes. Welcome to the new normal. More than a billion people today are, like you and me, working from home – and chances are that […]