As we explained in a previous blogpost, exploiting a prompt injection attack is conceptually easy to understand: There are previous instructions in the prompt, and we include additional instructions within the user input, which is merged together with the legitimate instructions in a way that the underlying model cannot distinguish between them.…
Tag: LEARN
Experience Level required: beginner
In this blog we will Learn how to analyze MS Office Macro enabled Documents.
1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99Let’s see the sample in Virus Total
37 of 63 security vendors detected this file as malicious.
Let’s open the file.
It uses a social engineering technique to persuade the user to enable the macros that lead to the infection of the user.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Phishing is one of the most common and effective cyberattack vectors that threat actors use to compromise email accounts, steal sensitive data, and deliver malware. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick users into visiting malicious links.…
Here are the key insights from the Halcyon Threat Research and Intelligence Team findings for March 2024. The evolving ransomware landscape continues to reveal intriguing trends when analyzed comprehensively.
Ransomware Prevented per Industry VerticalInformation Technology, Education and Manufacturing were the most targeted industry verticals in March 2024:
Information & Technology 32% (+13% mo/mo) Education 12% (-1% mo/mo) Manufacturing 11% (+6% mo/mo) Healthcare & Pharmaceutical 7% (+3% mo/mo) Finance & Insurance 6% (-25%% mo/mo) Professional, Scientific & Technical Services 6% (-2% mo/mo) State & Local Government 6% (+2% mo/mo) Retail Trade 6% (+4% mo/mo) Arts, Entertainment & Recreation 5% Transportation & Warehousing 5% (+2% mo/mo) other 3% (+2% mo/mo) Utilities 0.6% (-0.4% mo/mo) Accommodations & Food Services 0.2% (-0.1% mo/mo) Construction 0.1% (-0.3% mo/mo) Mining 0.1% (-0.2% mo/mo)Threat Types by CategoryHalcyon detected and blocked a wide variety of threats that were missed by other security layers in our client’s environments that are often precursors to the delivery of the ransomware payload:
Monero Coin Miner Trojan
This Trojan installs a Monero coin miner, effectively stealing processing resources from the victim and is capable of performing various evasion techniques to avoid detection and analysis by security tools.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Safeguarding sensitive data, maintaining brand reputation, and cultivating customer trust pose continuous challenges for enterprise organizations. However, the dark web, a hidden corner of the internet, poses unique challenges for cybersecurity professionals. Criminal activities such as the sale of stolen credentials and plans for targeted attacks thrive in this dark section of the internet.…
Summary: A previously unknown ransomware gang called Muliaka (or Muddy Water) has been targeting Russian businesses with malware based on the leaked source code from the Conti hacking group.
Threat Actor: Muliaka | Muliaka Victim: Unnamed Russian business | Unnamed Russian business
Key Point :
The Muliaka ransomware gang has been active since at least December 2023 and has been using malware based on the leaked source code from the Conti hacking group.…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
In the past couple of weeks, we have observed an ongoing campaign targeting system administrators with fraudulent ads for popular system utilities. The malicious ads are displayed as sponsored results on Google’s search engine page and localized to North America.
Victims are tricked into downloading and running the Nitrogen malware masquerading as a PuTTY or FileZilla installer.…
Threat actors have been abusing App Installer, a Windows 10 feature that makes installing applications more convenient. The abuse could lead to ransomware distribution and was likely carried out by financially motivated actors Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674. These malicious actors imitated the landing pages of popular software, such as Zoom, Microsoft OneDrive, Microsoft SharePoint, and Microsoft Teams, to lure target victims into downloading malicious installers.…
This post is also available in: 日本語 (Japanese)
Executive SummaryOur telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. This article reviews how attackers use infected hosts for malware-based scans of their targets instead of the more traditional approach using direct scans.…
Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files.…
What is WebDav?
Read More Attackers often place malicious payloads on remote servers, which are then downloaded and executed on the user’s PC using scripts or other methods. One type of server attackers can leverage is WebDAV (Web Distributed Authoring and Versioning) — a file transfer protocol built on top of HTTP.…
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes.
We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware.…
Threat detection and response are critical components of a robust cybersecurity strategy. However, simply relying on automated detections is no longer enough to protect your organization from downtime.
To reduce the chances of business disruption from advanced and unknown threats, security teams must operationalize threat intelligence by conducting proactive, hypothesis-driven threat hunts.…
Key takeawaysDating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues. Techniques like trilateration allow attackers to determine user coordinates using distance information.
Despite safety measures, the Hornet dating app (a popular gay dating app with over 10 million downloads) had vulnerabilities, allowing precise location determination, even if users disabled the display of their distances.…
Read More Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The stolen information can be used for future attackSeverity Level: High
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. While investigating this campaign, a report about it was published.…