Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.
Cutting edge threat intelligence and research
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Google SecOps customers can now access and use Intel 471’s library of advanced behavioral threat hunt packages on the HUNTER behavioral threat hunting content platform. HUNTER hunt packages go beyond reactive detections for indicators of compromise (IOCs) and provide threat hunters with security platform queries verified to identify advanced threat behaviors and adversary tactics, techniques and procedures (TTPs).
The Medusa gang is one of the most active ransomware-as-a-service groups. Here's how to threat hunt for a User Account Control bypass, one of the tactics, techniques and procedures this group and its affiliates use.
Cyber incidents pose not only technical challenges but communications challenges. Tom Bolitho of FTI Consulting shares guidance on successful strategies to manage complex stakeholder demands and minimize reputational damage.
Remote monitoring and management software is useful for administrators and threat actors, who often abuse or install it. Here's a briefing on RMM platform misuse and guidance for how to threat hunt for misbehavior.
In this Studio 471, Jeremy Kirk sits down with Luca Allodi and Koen Teuwen of Eindhoven University of Technology who co-authored a recent academic study that examines how to write lower-noise rules for intrusion detection systems (IDSs).
Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.
Cozy Bear is a Russian, state-sponsored group that has conducted operations on behalf of Russia’s Foreign Intelligence Service aka SVR. Here's how to use the HUNTER471 platform to threat hunt for this group.
Australia holds regular exercises to test the cyber resiliency of the financial services sector. In this Studio 471, two experts from the cybersecurity consultancy CyberCX discuss how these exercises are developed using cyber threat intelligence.