BLOG 2024 AI blog APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog 2024 2023
H January(21) February(46) March(44) April(33) May(35) June(67) July(12) August(0) September(0) October(0) November(0) December(0)
DATE | NAME |
Info |
CATEG. |
WEB |
29.6.24 | Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework | We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. | APT blog | Trend Micro |
29.6.24 | Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer | We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner. | Cryptocurrency blog | Trend Micro |
29.6.24 | ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites | In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO). | AI blog | Trend Micro |
29.6.24 | AI Coding Companions 2024: AWS, GitHub, Tabnine + More | AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before. | AI blog | Trend Micro |
29.6.24 | Attackers in Profile: menuPass and ALPHV/BlackCat | To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. | Ransom blog | Trend Micro |
29.6.24 | Omdia Report: Trend Disclosed 60% of Vulnerabilities | The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention. | Cyber blog | Trend Micro |
29.6.24 | Worldwide 2023 Email Phishing Statistics and Examples | Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023. | Phishing blog | Trend Micro |
29.6.24 | Not Just Another 100% Score: MITRE ENGENUITY ATT&CK | The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. | Cyber blog | Trend Micro |
29.6.24 | StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe | The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. StrelaStealer specifically steals Outlook and Thunderbird email credentials. | Malware blog | SonicWall |
29.6.24 | New Orcinius Trojan Uses VBA Stomping to Mask Infection | This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. | Malware blog | SonicWall |
29.6.24 | Attack Paths Into VMs in the Cloud | This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud. | Attack blog | Palo Alto |
29.6.24 | Attackers Exploiting Public Cobalt Strike Profiles | In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. | Malware blog | Palo Alto |
29.6.24 | RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS | Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally. | Malware blog | Checkpoint |
29.6.24 | SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques | Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023. | Malware blog | Cisco Blog |
29.6.24 | Snowflake isn’t an outlier, it’s the canary in the coal mine | By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login | Incident blog | Cisco Blog |
29.6.24 | Multiple vulnerabilities in TP-Link Omada system could lead to root access | Affected devices could include wireless access points, routers, switches and VPNs. | Vulnerebility blog | Cisco Blog |
29.6.24 | Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia | The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. | Malware blog | Cisco Blog |
29.6.24 | We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there | A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop. | Cryptocurrency blog | Cisco Blog |
29.6.24 | Tabletop exercises are headed to the next frontier: Space | More on the recent Snowflake breach, MFA bypass techniques and more. | Cyber blog | Cisco Blog |
29.6.24 | Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more | As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs. | Malware blog | Cisco Blog |
29.6.24 | How are attackers trying to bypass MFA? | Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks | Security blog | Cisco Blog |
29.6.24 | How we can separate botnets from the malware operations that rely on them | A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. | BotNet blog | Cisco Blog |
29.6.24 | Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models | At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. | Cyber blog | Project Zero |
29.6.24 | The Windows Registry Adventure #3: Learning resources | When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. | Cyber blog | Project Zero |
29.6.24 | ESET Threat Report H1 2024 | A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts | Cyber blog | Eset |
29.6.24 | Cyber insurance as part of the cyber threat mitigation strategy | Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies | Cyber blog | Eset |
29.6.24 | Buying a VPN? Here’s what to know and look for | VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes | Cyber blog | Eset |
29.6.24 | The long-tail costs of a data breach – Week in security with Tony Anscombe | Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents | Cyber blog | Eset |
29.6.24 | My health information has been stolen. Now what? | As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records | Cyber blog | Eset |
29.6.24 | Hacktivism is evolving – and that could be bad news for organizations everywhere | Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat | Cyber blog | Eset |
29.6.24 | Preventative defense tactics in the real world | Cyber blog | Eset | |
15.6.24 | Microsoft Incident Response tips for managing a mass password reset | When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets. | Security blog | Microsoft Blog |
15.6.24 | How to achieve cloud-native endpoint management with Microsoft Intune | In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution. | Security blog | Microsoft Blog |
15.6.24 | The four stages of creating a trust fabric with identity and network security | The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture. | Security blog | Microsoft Blog |
15.6.24 | Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices | Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices. | Hacking blog | Microsoft Blog |
15.6.24 | Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups | This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime. | Malware blog | Trend Micro |
15.6.24 | Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. | Exploit blog | Trend Micro |
15.6.24 | TargetCompany’s Linux Variant Targets ESXi Environments | In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution. | Ransom blog | Trend Micro |
15.6.24 | SANS's 2024 Threat-Hunting Survey Review | In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year. | Security blog | Trend Micro |
15.6.24 | It's Time to Up-Level Your EDR Solution | You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more. | Security blog | Trend Micro |
15.6.24 | Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM | Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers. | AI blog | Trend Micro |
15.6.24 | The Lifecycle of a Threat: The Inner Workings of the Security Operations Center | See how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog. | Security blog | SonicWall |
15.6.24 | Microsoft Security Bulletin Coverage for June 2024 | Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. | Vulnerebility blog | SonicWall |
15.6.24 | Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data | SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. | Exploit blog | SonicWall |
15.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. | Vulnerebility blog | SonicWall |
15.6.24 | Driving forward in Android drivers | Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware. | OS Blog | Project Zero |
15.6.24 | DarkGate again but... Improved? | DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features. | Malware blog | Trelix |
15.6.24 | Operation Celestial Force employs mobile and desktop malware to target Indian entities | Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. | Malware blog | Cisco Blog |
15.6.24 | Only one critical issue disclosed as part of Microsoft Patch Tuesday | The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing. | Vulnerebility blog | Cisco Blog |
15.6.24 | How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe | The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app | Malware blog | Eset |
15.6.24 | ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024 | The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 | APT blog | Eset |
15.6.24 | Arid Viper poisons Android apps with AridSpy | ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine | OS Blog | Eset |
15.6.24 | 560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe | Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data | Incident blog | Eset |
8.6.24 | Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks | Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. | APT blog | Trend Micro |
8.6.24 | INC Ransomware Behind Linux Threat | This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. | Ransom blog | SonicWall |
8.6.24 | Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919) | The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. | Vulnerebility blog | SonicWall |
8.6.24 | Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data | SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. | BotNet blog | SonicWall |
8.6.24 | INSIDE THE BOX: MALWARE’S NEW PLAYGROUND | Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild. | Hacking blog | Checkpoint |
8.6.24 | The job hunter’s guide: Separating genuine offers from scams | $90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – | Spam blog | Eset |
8.6.24 | The murky world of password leaks – and how to check if you’ve been hit | Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look | Incident blog | Eset |
8.6.24 | What happens when facial recognition gets it wrong – Week in security with Tony Anscombe | A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability | Security blog | Eset |
1.6.24 | STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY | Packers or crypters are widely used to protect malicious software from detection and static analysis. | Malware blog | Checkpoint |
1.6.24 | LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader | Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” | APT blog | Cisco Blog |
1.6.24 | Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges | Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application. | Vulnerebility blog | Cisco Blog |
1.6.24 | AI in HR: Is artificial intelligence changing how we hire employees forever? | Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime? | AI blog | Eset |
1.6.24 | ESET World 2024: Big on prevention, even bigger on AI | What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference. | AI blog | Eset |
1.6.24 | Beyond the buzz: Understanding AI and its role in cybersecurity | A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders | Cyber blog | Eset |