Attackers can hide a threat in nearly any part of a file, from content to metadata. You need a security solution designed to uncover threats, no matter where they hide. FileTAC, powered by our Deep File Inspection® (DFI) technology, is that solution.

Many security solutions are dependent on receiving constant updates and rely on broader public dissemination before they are capable of identifying emerging threats. FileTAC leverages machine learning and advanced analytical algorithms to empower you to hunt for publicly unknown threats, keeping you ahead of the curve.

Dig deeper, learn more, and give your SOC team the tools they need to go on the offensive. Our Deep File Inspection® technology will give your team everything they need to stop file-borne threats in their tracks.

Navigating the Evolving Landscape of File-Based Cyber Threats

One of the most significant trends in the realm of file-based attacks is the use of email as a primary delivery mechanism. Attackers are increasingly leveraging emails to deploy their malicious payloads, capitalizing on the ubiquity and essential nature of email communications in the business world.

Read more

Less is Not More: Sharing Better Indicators

Discover how to increase the effectiveness of threat information sharing by standardizing enriched indicators and review available tooling that can help with this endeavor.

Watch here

Nemesis

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments.

Read more

AVClass

AVClass is a Python package and command line tool to tag / label malware samples. You input the AV labels for a large number of malware samples (e.g., VirusTotal JSON reports) and it outputs a list of tags extracted from the AV labels of each sample.

Read more

Self-Operating Computer

A framework to enable multimodal models to operate a computer. Using the same inputs and outputs of a human operator, the model views the screen and decides on a series of mouse and keyboard actions to reach an objective.

Read more

MALWARE SPOTLIGHT - INTO THE TRASH: ANALYZING LITTERDRIFTER

Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional targets.

Read more

US seizes Sinbad crypto mixer used by North Korean Lazarus hackers

The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, which is mixed among many different wallet addresses to help prevent it from being accurately traced.

Read more

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply.

Read more