Security operations centers (SOCs) face an overwhelming reality: thousands of security alerts flood their systems daily, but only a fraction represent genuine threats. This comprehensive guide explores alert triage fundamentals, common challenges, and proven strategies to streamline your SOC’s response capabilities. As cybersecurity experts with deep experience in threat detection
Introduction DLL sideloading is a widely used attack technique that exploits how Windows applications load dynamic link libraries (DLLs). Threat actors use it to execute malicious payloads while evading traditional security measures. This post explores how this attack technique works, why it is attractive to attackers, and the best methods
VIEW VMRAY’S ANALYSIS REPORT Overview First identified in October 2023, Latrodectus malware has since evolved significantly, becoming a key player in the cybercriminal ecosystem. The malware works mainly as a loader/downloader. Latrodectus malware has strong ties with the former, infamous loader IcedID, which was taken down in May 2024,
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 3: Rhysida Another ransomware as a service
Three Ransomware attacks and data breaches in the healthcare industry over the last few weeks have been noteworthy. We’ve discussed the first incident that involves the BlackCat Ransomware as a Service (RaaS). Now, let’s continue with the second:the return of LockBit 3.0. Part 2: The End of LockBit? Not So
Ransomware. One word that keeps many IT Administrators and SOC Analysts awake at night. And when it comes to the healthcare industry, the recent ransomware attacks of 2024 have led many IT security practitioners to burn the midnight oil late into the night. Three Ransomware attacks and data breaches in
Overview Pikabot has posed significant challenges to many Endpoint Detection and Response (EDR) systems through its employment of an advanced technique to hide its malicious activities known as “indirect system calls” (or “indirect syscalls”). This is only one of multiple techniques this family employs to evade detection: Pikabot distinguishes itself
Family Overview Beginning November 2022 here at VMRay we noticed increased activity of the Amadey information stealer malware. Monitoring of the threat landscape over the past several months showed this trend in the malware activity continued and the family is active as we speak. Our observations, together with public reports
Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!