There’s a new version …
Search Results for: play
First observed in late 2022, Rhadamanthys is an advanced info-stealer that targets Windows platforms. It is distributed through the malware-as-a-service (MaaS) model. This, in conjunction …
On May 10, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis …
Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our …
Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. …
Research by: Antonis Terefos
IntroductionPDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform …
Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between …
Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads …
Last updated at Thu, 16 May 2024 17:38:34 GMT
Executive SummaryRapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly …
This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Many game makers allow users to alter a game’s appearance or behavior …
Infostealers targeting macOS devices have been on the rise for well over a year now, with variants such as Atomic Stealer (Amos), RealStealer (Realst), MetaStealer and others widely distributed in …
Advanced Persistent Threat Group 31 (APT31), also known by aliases like ZIRCONIUM or Judgment Panda, represents a sophisticated cybersecurity threat with ties to state-sponsored activities.
Threat Actor Card of APT31…
As many people know, popular websites often display a dialog window when you first visit them. This could be a paywall to read an article, a notice about cookies, or …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn this post, we examine lateral movement techniques, showcasing some that we have observed in the wild within cloud environments. …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Summary: This content discusses a path traversal-affiliated vulnerability pattern found in multiple popular Android applications, which could lead to arbitrary code execution and token theft.
Threat Actor: Microsoft | Microsoft …
Huntress analysts have previously observed INC ransomware being deployed, and recently observed this specific ransomware variant being deployed in a customer environment. The ransomware variant was identified, in part, …
Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original …
This blog contains an excerpt of our new paper that unveils a previously unpublished multi-year operation using Domain Name System (DNS) queries, open DNS resolvers, and China’s Great Firewall. We …
The explosive growth of malware continues to challenge traditional, manual analysis methods, underscoring the urgent need for improved automation and innovative approaches. Generative AI models have become invaluable in some …
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary
The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety …
Summary: This content discusses the vulnerabilities found in Brocade’s SANnav Management Portal and SANnav Global View software, which can potentially impact the security and functionality of the SAN (Storage Area …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
We are investigating a ransomware campaign that abuses legitimate Sophos executables and DLLs by modifying their original content, overwriting the entry-point code, and inserting the decrypted payload as a resource …
Summary: The content discusses a new Android banking trojan called Brokewell that can capture user data and take control of infected devices, highlighting its capabilities and the threat actor behind …
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims …
Zscaler ThreatLabz researchers recently encountered a significant number of websites associated with fraudulent activities being hosted on popular web hosting and blogging platforms. Threat actors intentionally create these sites …
Apr 24, 2024
tldr:The Securonix Threat Research Team has been …
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed …
On April 18, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory …
Infostealers are one of the most lucrative types of malware employed by criminals. And because this is a tried and tested approach, there are still new players entering this illegal …
Summary: This content discusses the APT29 campaign targeting political parties using the WINELOADER backdoor, providing detailed analysis of the TTPs employed by APT29 and offering detection and response strategies.
Threat …
We have been tracking a threat actor who’s behind several malvertising campaigns impersonating popular software downloads. That advertiser uses different identities but their tactics, techniques and procedures are very similar …
Estimated reading time: 5 minutes
Ghost Locker is a Ransomware-as-a-Service (Raas) created by GhostSec [hacktivist groups]. In October 2023, GhostSec launched the GhostLocker framework. After their successful collaborative operations with …
Research by: Raman Ladutska
We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure …
Many people make banking transactions online now. And since mobile devices are one of the most popular and convenient ways to shop and make payments, criminals are naturally drawn to …
TransparentTribe primarily targets Indian government organizations, military personnel, and defense contractors. Its objective is usually to gather sensitive information, conduct cyber espionage, and compromise the security of its targets.
TransparentTribe …
In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it “DuneQuixote”; and our investigation uncovered over 30 DuneQuixote dropper samples …
Summary: This blog post discusses a threat actor that used malvertising and DNS tunneling to distribute a backdoor named “MadMxShell” to target IT professionals in the IT security and network …