This post is also available in: 日本語 (Japanese)

Executive Summary

While the SugarCRM CVE-2023-22952 zero-day authentication bypass and remote code execution vulnerability might seem like a typical exploit, there’s actually more for defenders to be aware of. Because it’s a web application, if it’s not configured or secured correctly, the infrastructure behind the scenes can allow attackers to increase their impact.…

Read More

By Tom Hegel and Aleksandar Milenkoski 

Executive SummarySentinelLabs identified an intrusion into the Russian defense industrial base, specifically a missile engineering organization NPO Mashinostroyeniya.Our findings identify two instances of North Korea related compromise of sensitive internal IT infrastructure within this same Russian DIB organization, including a specific email server, alongside use of a Windows backdoor dubbed OpenCarrot.…
Read More

Affected platforms: WindowsImpacted parties: Any organizationImpact: Controls victim’s device and collects sensitive informationSeverity level: Critical

FortiGuard Labs recently detected a new injector written in Rust—one of the fastest-growing programming languages—to inject shellcode and introduce XWorm into a victim’s environment. While Rust is relatively uncommon in malware development, several campaigns have adopted this language since 2019, including Buer loader, Hive, and RansomExx.…

Read More

This is the third part of our research based on an investigation of a series of attacks against industrial organizations in Eastern Europe.

The attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.

In total we have identified over 15 implants and their variants planted by the threat actor(s) in various combinations.…

Read More
Key Takeaways

• The blog highlights a new infection technique for distributing STRRAT version 1.6. It involves a spam email with a PDF attachment that, when opened, downloads a zip file containing the malicious JavaScript, which drops STRRAT.• STRRAT version 1.6 employs two string obfuscation techniques: “Zelix KlassMaster (ZKM)” and “Allatori”, making it more challenging for security researchers to analyze and detect the malware.•…

Read More

Executive Summary

EclecticIQ analysts assess with high confidence that two observed PDF documents are part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries. The PDF files masquerade as coming from the German embassy and contained two diplomatic invitation lures. 

One of the PDFs delivered a variant of Duke – a malware that has been linked to Russian state-sponsored cyber espionage activities of APT29.…

Read More

August 09, 2023

Shachar Gritzman, Moshe Avraham, Tim Kromphardt, Jake Gionet and Eilon Bendet 

Key TakeawaysOver the last six months, Proofpoint researchers have observed a dramatic surge of over 100% in successful cloud account takeover incidents impacting high-level executives at leading companies. Over 100 organizations were targeted globally, collectively representing 1.5 million employees.…
Read More
Key TakeawaysThis blog sheds light on a new Tech Scam wherein scammers employ deceptive tactics to lure users into paying for non-existent antivirus solutions. Uncovering Tech Scammers possible involvement in different ransomware attacks. The IP address of a domain used in this scam is associated with both the TORZON MARKETPLACE, a DarkWeb marketplace, and the “Chai Urgent Care” phishing campaign.…
Read More

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

Kubernetes has gained immense popularity among businesses in recent years due to its undeniable prowess in orchestrating and managing containerized applications.…

Read More