BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(0) September(0) October(0) November(0) December(0)
DATE | NAME |
Info |
CATEG. |
WEB |
|
27.7.24 |
Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing) | |||
|
27.7.24 |
Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike |
On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. | ||
|
27.7.24 |
Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma |
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. | ||
|
27.7.24 |
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 |
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. | ||
|
27.7.24 |
This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code. | |||
|
27.7.24 |
Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies |
Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation. | ||
|
27.7.24 |
Proactive Protection: How SonicWall's security operations center (SOC) safeguards MSPs around the clock. | |||
|
27.7.24 |
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads |
The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared. | ||
|
27.7.24 |
Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware |
The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker. | ||
|
27.7.24 |
When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry. | |||
|
27.7.24 |
Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub: | |||
|
27.7.24 |
The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World. | |||
|
27.7.24 |
This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. | |||
|
27.7.24 |
We propose a new injection technique: Thread Name-Calling, and offer the advisory related to implementing protection. | |||
|
27.7.24 |
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack." | |||
|
27.7.24 |
Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe |
Attackers abusing the "EvilVideo" vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files | ||
|
27.7.24 |
Building cyber-resilience: Lessons learned from the CrowdStrike incident | |||
|
27.7.24 |
ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game | |||
|
27.7.24 |
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android | |||
|
27.7.24 |
How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe | |||
|
27.7.24 |
Beyond the blue screen of death: Why software updates matter | |||
|
27.7.24 | ||||
|
20.7.24 |
ClickFix Deception: A Social Engineering Tactic to Deploy Malware |
McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal. | ||
|
20.7.24 |
Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched. |
|||
|
20.7.24 |
Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike |
On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike. |
||
|
20.7.24 |
Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma |
Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more. |
||
|
20.7.24 |
The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 |
We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems. |
||
|
20.7.24 |
Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers | |||
|
20.7.24 |
In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | |||
|
20.7.24 |
Container Breakouts: Escape Techniques in Cloud Environments |
Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability. |
||
|
20.7.24 |
Beware of BadPack: One Weird Trick Being Used Against Android Devices |
This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files. |
||
|
20.7.24 |
NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS |
MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal. |
||
|
20.7.24 |
It's best to just assume you’ve been involved in a data breach somehow |
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers. |
||
|
20.7.24 |
A study of a sophisticated Chinese browser injector that leaves more doors open! | |||
|
20.7.24 |
Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills |
|||
|
20.7.24 |
Hello, is it me you’re looking for? How scammers get your phone number |
|||
|
20.7.24 |
Should ransomware payments be banned? – Week in security with Tony Anscombe |
|||
|
13.7.24 |
Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks... |
|||
|
13.7.24 |
Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England |
Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final... | ||
|
13.7.24 |
Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds |
We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website... | ||
|
13.7.24 |
Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024... |
|||
|
13.7.24 |
The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography... |
|||
|
13.7.24 |
French elections: political cyber attacks and Internet traffic shifts |
Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties... |
||
|
13.7.24 |
UK election day 2024: traffic trends and attacks on political parties |
Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party... |
||
|
13.7.24 |
On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak... |
|||
|
13.7.24 |
First round of French election: party attacks and a modest traffic dip |
How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage... |
||
|
13.7.24 |
Declare your AIndependence: block AI bots, scrapers and crawlers with a single click |
To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier... |
||
|
13.7.24 |
In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild. | |||
|
13.7.24 |
Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption. |
|||
|
13.7.24 |
The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution |
ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass. |
||
|
13.7.24 |
Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence |
Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime. |
||
|
13.7.24 |
Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant |
The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data. | ||
|
13.7.24 |
Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. | |||
|
13.7.24 |
The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation. | |||
|
13.7.24 |
In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise. | |||
|
13.7.24 |
Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important. |
|||
|
13.7.24 |
Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses. | |||
|
13.7.24 |
With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year. |
|||
|
13.7.24 |
This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware. |
|||
|
13.7.24 |
This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware. |
|||
|
13.7.24 |
The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data. |
|||
|
13.7.24 |
In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. |
|||
|
13.7.24 |
Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. |
|||
|
13.7.24 |
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs |
Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers. |
||
|
13.7.24 |
Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time. | |||
|
13.7.24 |
Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling |
Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments. |
||
|
13.7.24 |
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials. |
|||
|
13.7.24 |
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. |
|||
|
13.7.24 |
15 vulnerabilities discovered in software development kit for wireless routers |
Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router. | ||
|
13.7.24 |
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities |
This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities. |
||
|
13.7.24 |
Understanding IoT security risks and how to mitigate them | Cybersecurity podcast |
As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds? | ||
|
13.7.24 | ||||
|
6.7.24 |
Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective |
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly. | ||
|
6.7.24 |
Mekotio Banking Trojan Threatens Financial Systems in Latin America |
We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does. | ||
|
6.7.24 |
The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. |
|||
|
6.7.24 |
Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC |
When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news. |
||
|
6.7.24 |
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. | |||
|
6.7.24 |
In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. |
|||
|
6.7.24 |
Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details. |
|||
|
6.7.24 |
Social media and teen mental health – Week in security with Tony Anscombe |
Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick? |
||
|
6.7.24 |
No room for error: Don’t get stung by these common Booking.com scams |
|||
|
6.7.24 | ||||
|
6.7.24 |
Hijacked: How hacked YouTube channels spread scams and malware | |||
|
6.7.24 |
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe |
|||
|
29.6.24 |
Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework |
We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. |
||
|
29.6.24 |
Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer |
We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. | ||
|
29.6.24 |
ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites |
In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). |
||
|
29.6.24 |
AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before. | |||
|
29.6.24 |
To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. |
|||
|
29.6.24 |
The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention. |
|||
|
29.6.24 |
Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023. |
|||
|
29.6.24 |
The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. |
|||
|
29.6.24 |
StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe |
The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. |
||
|
29.6.24 |
This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. |
|||
|
29.6.24 |
This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. |
|||
|
29.6.24 |
In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. |
|||
|
29.6.24 |
RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS |
Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. |
||
|
29.6.24 |
SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques |
Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. |
||
|
29.6.24 |
Snowflake isn’t an outlier, it’s the canary in the coal mine |
By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login | ||
|
29.6.24 |
Multiple vulnerabilities in TP-Link Omada system could lead to root access |
Affected devices could include wireless access points, routers, switches and VPNs. |
||
|
29.6.24 |
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia |
The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. |
||
|
29.6.24 |
A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. |
|||
|
29.6.24 |
More on the recent Snowflake breach, MFA bypass techniques and more. |
|||
|
29.6.24 |
Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more |
As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. |
||
|
29.6.24 |
Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks |
|||
|
29.6.24 |
How we can separate botnets from the malware operations that rely on them |
A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. | ||
|
29.6.24 |
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models |
At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. | ||
|
29.6.24 |
When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. |
|||
|
29.6.24 |
A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | |||
|
29.6.24 |
Cyber insurance as part of the cyber threat mitigation strategy |
|||
|
29.6.24 | ||||
|
29.6.24 |
The long-tail costs of a data breach – Week in security with Tony Anscombe |
|||
|
29.6.24 | ||||
|
29.6.24 |
Hacktivism is evolving – and that could be bad news for organizations everywhere |
|||
|
29.6.24 | ||||
|
15.6.24 |
Microsoft Incident Response tips for managing a mass password reset |
When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets. |
||
|
15.6.24 |
How to achieve cloud-native endpoint management with Microsoft Intune |
In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution. |
||
|
15.6.24 |
The four stages of creating a trust fabric with identity and network security |
The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture. |
||
|
15.6.24 |
Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. |
|||
|
15.6.24 |
Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups |
This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. |
||
|
15.6.24 |
Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers |
We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. |
||
|
15.6.24 |
In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. |
|||
|
15.6.24 |
In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year. |
|||
|
15.6.24 |
You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more. |
|||
|
15.6.24 |
Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM |
Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. |
||
|
15.6.24 |
The Lifecycle of a Threat: The Inner Workings of the Security Operations Center |
See how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog. |
||
|
15.6.24 |
Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. |
|||
|
15.6.24 |
Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data |
SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. |
||
|
15.6.24 |
Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) |
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. |
||
|
15.6.24 |
Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware |
|||
|
15.6.24 |
DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features. |
|||
|
15.6.24 |
Operation Celestial Force employs mobile and desktop malware to target Indian entities |
Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. |
||
|
15.6.24 |
Only one critical issue disclosed as part of Microsoft Patch Tuesday |
The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. |
||
|
15.6.24 |
How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe |
The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app |
||
|
15.6.24 | ||||
|
15.6.24 | ||||
|
15.6.24 |
560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe |
|||
|
8.6.24 |
Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks |
Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. |
||
|
8.6.24 |
This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. |
|||
|
8.6.24 |
Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) |
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. |
||
|
8.6.24 |
Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data |
SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. |
||
|
8.6.24 |
Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. |
|||
|
8.6.24 |
The job hunter’s guide: Separating genuine offers from scams |
$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data. |
||
|
8.6.24 |
The murky world of password leaks – and how to check if you’ve been hit |
|||
|
8.6.24 |
What happens when facial recognition gets it wrong – Week in security with Tony Anscombe |
|||
1.6.24 |
STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY |
Packers or crypters are widely used to protect malicious software from detection and static analysis. |
||
1.6.24 |
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader |
Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups. |
||
1.6.24 |
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. |
|||
1.6.24 |
AI in HR: Is artificial intelligence changing how we hire employees forever? |
Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime? |
||
1.6.24 | ||||
1.6.24 |
Beyond the buzz: Understanding AI and its role in cybersecurity |
|||
25.5.24 |
A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. |
|||
25.5.24 |
BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL |
Void Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations. |
||
25.5.24 |
Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean. |
|||
25.5.24 |
From trust to trickery: Brand impersonation over the email attack vector |
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation. |
||
25.5.24 |
Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe |
As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond? |
||
25.5.24 |
Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries |
|||
25.5.24 | ||||
25.5.24 |
Untangling the hiring dilemma: How security solutions free up HR processes |
|||
18.5.24 |
In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. |
|||
18.5.24 |
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. |
|||
18.5.24 |
PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments |
|||
18.5.24 |
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. |
|||
18.5.24 |
The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server. |
|||
18.5.24 |
Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression. |
|||
18.5.24 |
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. |
|||
18.5.24 |
A new alert system from CISA seems to be effective — now we just need companies to sign up |
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog. |
||
18.5.24 |
The who, where, and how of APT attacks – Week in security with Tony Anscombe |
This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape |
||
18.5.24 |
To the Moon and back(doors): Lunar landing in diplomatic missions |
|||
18.5.24 | ||||
18.5.24 | ||||
11.5.24 |
Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution |
Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10. |
||
11.5.24 |
We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action |
|||
11.5.24 |
In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards |
|||
11.5.24 |
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe |
|||
11.5.24 | ||||
11.5.24 |
How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast |
|||
11.5.24 |
The hacker’s toolkit: 4 gadgets that could spell security trouble |
|||
|
4.5.24 |
It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise |
Our telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks. |
||
|
4.5.24 |
Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. |
|||
|
4.5.24 |
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files. |
|||
|
4.5.24 |
Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. |
|||
|
4.5.24 |
Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not |
|||
|
4.5.24 | ||||
|
4.5.24 |
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes |
We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth |
||
|
4.5.24 |
How space exploration benefits life on Earth: Q&A with David Eicher |
The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details |
||
|
28.4.24 |
Talos IR trends: BEC attacks surge, while weaknesses in MFA persist |
Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information. |
||
|
28.4.24 |
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices |
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. |
||
|
28.4.24 |
Suspected CoralRaider continues to expand victimology using three information stealers |
Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host. |
||
|
28.4.24 |
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe |
|||
|
28.4.24 |
Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals |
|||
|
28.4.24 |
What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller |
|||
|
28.4.24 |
The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian |
|||
|
28.4.24 |
Protecting yourself after a medical data breach – Week in security with Tony Anscombe |
|||
|
20.4.24 |
The Windows Registry Adventure #2: A brief history of the feature |
Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. |
||
|
20.4.24 |
The Windows Registry Adventure #1: Introduction and research results |
In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs. |
||
|
20.4.24 |
Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was... |
|||
|
20.4.24 |
OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal |
The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. |
||
|
20.4.24 |
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials |
Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in brute |
||
|
20.4.24 |
The many faces of impersonation fraud: Spot an imposter before it’s too late |
What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be? |
||
|
20.4.24 | ||||
|
20.4.24 | ||||
|
13.4.24 |
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 |
Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly. |
||
|
13.4.24 |
Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. |
|||
|
13.4.24 |
Starry Addax targets human rights defenders in North Africa with new malware |
Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware. |
||
|
13.4.24 |
Vulnerability in some TP-Link routers could lead to factory reset |
There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11. |
||
|
13.4.24 |
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe |
Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit |
||
|
13.4.24 |
Beyond fun and games: Exploring privacy risks in children’s apps |
|||
|
13.4.24 |
eXotic Visit campaign: Tracing the footprints of Virtual Invaders |
|||
|
13.4.24 | ||||
|
6.4.24 |
THE ILLUSION OF PRIVACY: GEOLOCATION RISKS IN MODERN DATING APPS |
Dating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues. |
||
|
6.4.24 |
BEYOND IMAGINING – HOW AI IS ACTIVELY USED IN ELECTION CAMPAIGNS AROUND THE WORLD |
Deepfake materials (convincing AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates) are often disseminated shortly before election dates to limit the opportunity for fact-checkers to respond. |
||
|
6.4.24 |
AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES |
When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore – all paths traced, all words said, all “i”s dotted. |
||
|
6.4.24 |
In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. |
|||
|
6.4.24 |
Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated. |
|||
|
6.4.24 |
Adversaries are leveraging remote access tools now more than ever — here’s how to stop them |
While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns. |
||
|
6.4.24 |
The devil is in the fine print – Week in security with Tony Anscombe |
Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today |
||
|
6.4.24 | ||||
|
6.4.24 | ||||
|
31.3.24 |
On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10. |
|||
|
31.3.24 |
Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5. |
|||
|
31.3.24 |
RDP remains a security concern – Week in security with Tony Anscombe |
Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result |
||
|
31.3.24 |
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world |
|||
|
31.3.24 | ||||
|
31.3.24 |
Cybersecurity starts at home: Help your children stay safe online with open conversations |
|||
|
23.3.24 |
StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server. |
|||
|
23.3.24 |
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention |
This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens |
||
|
23.3.24 |
Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor |
This article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP). |
||
|
23.3.24 |
ETHEREUM’S CREATE2: A DOUBLE-EDGED SWORD IN BLOCKCHAIN SECURITY |
Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. |
||
|
23.3.24 |
New details on TinyTurla’s post-compromise activity reveal full kill chain |
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. |
||
|
23.3.24 |
Netgear wireless router open to code execution after buffer overflow vulnerability |
There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak. |
||
|
23.3.24 |
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions |
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later. |
||
|
23.3.24 |
Threat actors leverage document publishing sites for ongoing credential and session token theft |
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks. |
||
|
23.3.24 |
“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years |
In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package. |
||
|
23.3.24 |
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word |
Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution. |
||
|
23.3.24 |
There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!” |
|||
|
23.3.24 |
Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft |
March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.” |
||
|
23.3.24 |
It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April. |
|||
|
23.3.24 |
AceCryptor attacks surge in Europe – Week in security with Tony Anscombe |
The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT |
||
|
23.3.24 | ||||
|
23.3.24 |
A prescription for privacy protection: Exercise caution when using a mobile health app |
|||
|
17.3.24 |
This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities. |
|||
|
17.3.24 |
Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe |
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in |
||
|
17.3.24 |
Threat intelligence explained | Unlocked 403: A cybersecurity podcast |
|||
|
17.3.24 | ||||
|
17.3.24 |
Election cybersecurity: Protecting the ballot box and building trust in election integrity |
|||
|
9.3.24 |
Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. |
|||
|
9.3.24 |
MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES |
Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector. |
||
|
9.3.24 |
GhostSec’s joint ransomware operation and evolution of their arsenal |
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. |
||
|
9.3.24 |
The 3 most common post-compromise tactics on network infrastructure |
We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements. |
||
|
9.3.24 |
The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics. |
|||
|
9.3.24 |
APT attacks taking aim at Tibetans – Week in security with Tony Anscombe |
Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor |
||
|
9.3.24 |
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans |
|||
|
9.3.24 |
Top 10 scams targeting seniors – and how to keep your money safe |
|||
|
9.3.24 |
Irresistible: Hooks, habits and why you can’t put down your phone |
Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices. |
||
|
3.3.24 |
Palo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM. |
|||
|
3.3.24 |
The Art of Domain Deception: Bifrost's New Tactic to Deceive Users |
First identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address. |
||
|
3.3.24 |
We explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments. |
|||
|
3.3.24 |
TimbreStealer campaign targets Mexican users with financial lures |
Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023. |
||
|
3.3.24 |
Deceptive AI content and 2024 elections – Week in security with Tony Anscombe |
As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year |
||
|
3.3.24 |
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses |
|||
|
3.3.24 | ||||
|
3.3.24 | ||||
|
25.2.24 |
Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns |
On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology. |
||
|
25.2.24 |
Dynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. |
|||
|
25.2.24 |
2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics |
Our annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures. |
||
|
25.2.24 |
Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) |
Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. |
||
|
25.2.24 |
Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023. |
|||
|
25.2.24 |
TinyTurla-NG in-depth tooling and command and control analysis |
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. |
||
|
25.2.24 |
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity |
While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context. |
||
|
25.2.24 |
Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns |
Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. |
||
|
25.2.24 |
PSYOP campaigns targeting Ukraine – Week in security with Tony Anscomber |
Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects |
||
|
25.2.24 | ||||
|
25.2.24 |
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war |
|||
|
25.2.24 |
Watching out for the fakes: How to spot online disinformation |
|||
|
18.2.24 |
Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) |
Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors. |
||
|
18.2.24 |
This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. |
|||
|
18.2.24 |
THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURE |
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. |
||
|
18.2.24 |
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation. |
|||
|
18.2.24 |
How are attackers using QR codes in phishing emails and lure documents? |
QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after. |
||
|
18.2.24 |
Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe |
Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals |
||
|
18.2.24 | ||||
|
18.2.24 |
The art of digital sleuthing: How digital forensics unlocks the truth |
|||
|
18.2.24 |
Deepfakes in the global election year of 2024: A weapon of mass deception? |
|||
|
10.2.24 |
The ransomware landscape experienced significant transformations and challenges in 2023. |
|||
|
10.2.24 |
Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time. |
|||
|
10.2.24 |
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization |
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. |
||
|
10.2.24 |
You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense. |
|||
|
10.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges |
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. |
||
|
10.2.24 |
Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe |
Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year |
||
|
10.2.24 | ||||
|
10.2.24 |
Left to their own devices: Security for employees using personal devices for work |
|||
|
10.2.24 |
Could your Valentine be a scammer? How to avoid getting caught in a bad romance |
|||
|
4.2.24 |
Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019. |
|||
|
4.2.24 |
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign |
Unit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. Among these PUPs, we have identified several adware programs including a rogue browser and different browser extensions. |
||
|
4.2.24 |
Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered. |
|||
|
4.2.24 |
During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud. |
|||
|
4.2.24 |
Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter. |
|||
|
4.2.24 |
OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges |
Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve |
||
|
4.2.24 |
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers |
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system. |
||
|
4.2.24 |
Grandoreiro banking malware disrupted – Week in security with Tony Anscombe |
The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows |
||
|
4.2.24 | ||||
|
4.2.24 |
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora |
|||
|
4.2.24 |
ESET takes part in global operation to disrupt the Grandoreiro banking trojan |
|||
|
4.2.24 | ||||
|
4.2.24 |
Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe |
|||
|
4.2.24 | ||||
|
4.2.24 |
NSPX30: A sophisticated AitM-enabled implant evolving since 2005 |
|||
|
4.2.24 |
Break the fake: The race is on to stop AI voice cloning scams |
|||
20.1.24 |
This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders. |
|||
20.1.24 |
A traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat. |
|||
20.1.24 |
Why many CISOs consider quitting – Week in security with Tony Anscombe |
The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings |
||
20.1.24 | ||||
20.1.24 |
Is Temu safe? What to know before you ‘shop like a billionaire’ |
|||
20.1.24 |
The 7 deadly cloud security sins and how SMBs can do things better |
|||
14.1.24 |
During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. |
|||
14.1.24 |
Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. |
|||
14.1.24 |
Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer |
Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine. |
||
14.1.24 |
For a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process. |
|||
14.1.24 |
New decryptor for Babuk Tortilla ransomware variant released |
Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. |
||
14.1.24 |
Lessons from SEC's X account hack – Week in security with Tony Anscombe |
The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs |
||
14.1.24 |
A peek behind the curtain: How are sock puppet accounts used in OSINT? |
|||
14.1.24 |
Attack of the copycats: How fake messaging apps and app mods could bite you |
|||
14.1.24 |
Love is in the AI: Finding love online takes on a whole new meaning |
Is AI companionship the future of not-so-human connection – and even the cure for loneliness? |
||
14.1.24 | ||||
14.1.24 |
Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe |
|||
14.1.24 | ||||
14.1.24 |
Say what you will? Your favorite speech-to-text app may be a privacy risk |