DATE

NAME

Info

CATEG.

WEB

Trend Micro

Trend Micro

Trend Micro

Trend Micro

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

Jumpy Pisces Engages in Play Ransomware

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Eset

Trend Micro

Trend Micro

Eset

Eset

Eset

McAfee

Trend Micro

Trend Micro

Trend Micro

Trend Micro

Eset

Eset

Eset

Eset

Eset

Trend Micro

Trend Micro

SonicWall

SonicWall

Cisco Blog

Cisco Blog

Cisco Blog

Cisco Blog

Cisco Blog

Cisco Blog

Cisco Blog

Cisco Blog

Eset

Eset

Eset

Trend Micro

Trend Micro

Trend Micro

Eset

Eset

Eset

Eset

Trend Micro

Trend Micro

Trend Micro

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Vulnerebility blog

Trend Micro

CVE-2024-7928: FastAdmin Unauthenticated Path Traversal Vulnerability

The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe than it initially appears.

Vulnerebility blog

SonicWall

AutoIT Bot Targets Gmail Accounts First

This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox.

Malware blog

SonicWall

TLD Tracker: Exploring Newly Released Top-Level Domains

We investigated 19 new top-level domains (TLDs) released in the past year, which revealed large-scale phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and even pranking and meme campaigns.

Phishing blog

Palo Alto

The Emerging Dynamics of Deepfake Scam Campaigns on the Web

Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.

Spam blog

Palo Alto

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic

To improve our detection of suspicious network activity, we leveraged a deep learning method to profile and detect malicious DNS traffic patterns.

Hacking blog

Palo Alto

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Unit 42 researchers found an extortion campaign's cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications.

Hacking blog

Palo Alto

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.

Hacking blog

Palo Alto

Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats

Explore in-depth defense strategies against ViperSoftX with the Trellix suite, and unpack why AutoIt is an increasingly popular tool for malware authors

AI blog

Trelix

The Bug Report - August 2024 Edition

August 2024 Bug Report: Explore seven critical vulnerabilities—Ivanti vTM, Windows CLFS, Apache OFBiz, and more. Stay ahead of the threats, patch now!

Cyber blog

Trelix

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.

Ransom blog

Cisco Blog

What kind of summer has it been?

As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.

Cyber blog

Cisco Blog

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.

Vulnerebility blog

Cisco Blog

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

Vulnerebility blog

Cisco Blog

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.

Vulnerebility blog

Cisco Blog

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.

Vulnerebility blog

Cisco Blog

No, not every Social Security number in the U.S. was stolen

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.

Incident blog

Cisco Blog

Stealing cash using NFC relay – Week in Security with Tony Anscombe

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become

Hacking blog

Eset

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Demystifying CVE-2024-7262 and CVE-2024-7263

Vulnerebility blog

Eset

Old devices, new dangers: The risks of unsupported IoT tech

In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors

IoT blog

Eset

Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

OS Blog

Eset

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.

Ransom blog

Trend Micro

Confidence in GenAI: The Zero Trust Approach

Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey.

AI blog

Trend Micro

Securing the Power of AI, Wherever You Need It

Explore how generative AI is transforming cybersecurity and enterprise resilience

AI blog

Trend Micro

Rogue AI is the Future of Cyber Threats

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.

AI blog

Trend Micro

Cisco Smart Software Manager On-Prem Account Takeover

The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability.

Vulnerebility blog

SonicWall

Understanding CVE-2024-38063: How SonicWall Prevents Exploitation

CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with the IPv6 stack, carrying a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets, potentially leading to full system compromise.

Vulnerebility blog

SonicWall

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

Malware blog

Cisco Blog

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

OS Blog

Cisco Blog

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

Phishing blog

Eset

NGate Android malware relays NFC traffic to steal cash

Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

OS Blog

Eset

How regulatory standards and cyber insurance inform each other

Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with

Ransom blog

Eset

Be careful what you pwish for – Phishing in PWA applications

ESET analysts dissect a novel phishing method tailored to Android and iOS users

OS Blog

Eset

Mario movie malware might maliciously mess with your machine

There are probably few among us who, never have they ever, downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source.

Malware blog

Avast Blog

Microsoft Security Bulletin Coverage For August 2024

Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities

OS Blog

SonicWall

Harnessing LLMs for Automating BOLA Detection

This post presents our research on a methodology we call BOLABuster, which uses large language models (LLMs) to detect broken object level authorization (BOLA) vulnerabilities. By automating BOLA detection at scale, we will show promising results in identifying these vulnerabilities in open-source projects.

AI blog

Palo Alto

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities

Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities.

Hacking blog

Checkpoint

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers.

Malware blog

Checkpoint

Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday

Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.

OS Blog

Cisco Blog

How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe

Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme

Spam blog

Eset

Why scammers want your phone number

Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data

Spam blog

Eset

The great location leak: Privacy risks in dating apps

What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance?

Security blog

Eset

Top 6 Craigslist scams: Don’t fall for these tricks

Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun

Spam blog

Eset

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States

The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even notice it, like a fish can’t see the ocean.

IoT blog

BitDefender

Fighting Ursa Luring Targets With Car for Sale

A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an advanced persistent threat (APT).

APT blog

Palo Alto

Ransomware Review: First Half of 2024

Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.

Ransom blog

Palo Alto

Sustained Campaign Using Chinese Espionage Tools Targets Telcos

Attackers were heavily focused on telecoms operators in a single Asian country.

BigBrother blog

Symantec

Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

In the past year, there has been a marked increase in the use of legitimate cloud services by attackers, including nation-state actors.

Malware blog

Symantec

Beware of Fake WinRar Websites: Malware Hosted on GitHub

A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application.

Malware blog

SonicWall

SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability

The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023.

Vulnerebility blog

SonicWall

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Vulnerebility blog

SonicWall

Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold

The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations.

Vulnerebility blog

SonicWall

No symbols? No problem!

This blog will share a tried and tested method for dealing with thousands of unknown functions in a given file to significantly decrease the time spent on analysis while improving accuracy. Once all theory is covered, an instance of the Golang based qBit stealer is analyzed with the demonstrated techniques to show what happens when the theory is put into practice.

Cyber blog

Trelix

Resilient Security Requires Mature Cyber Threat Intelligence Capabilities

We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI).

Cyber blog

Trelix

Black Hat USA 2024 recap – Week in security with Tony Anscombe

Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors

Cyber blog

Eset

Black Hat USA 2024: All eyes on election security

In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated

Cyber blog

Eset

Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies

Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards

Cyber blog

Eset

Why tech-savvy leadership is key to cyber insurance readiness

Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage

Cyber blog

Eset

GeoServer RCE Vulnerability (CVE-2024-36401) Being Exploited In the Wild

The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share and edit geospatial data

Vulnerebility blog

SonicWall

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability.

Vulnerebility blog

SonicWall

OneDrive Pastejacking

Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell script.

Hacking blog

Trelix

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

APT blog

Cisco Blog

Detecting evolving threats: NetSupport RAT campaign

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats.

Malware blog

Cisco Blog

There is no real fix to the security issues recently found in GitHub and other similar software

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.

Vulnerebility blog

Cisco Blog

Where to find Talos at BlackHat 2024

This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat.

Cyber blog

Cisco Blog

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.

OS Blog

Cisco Blog

AI and automation reducing breach costs – Week in security with Tony Anscombe

Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn't deploy these technologies, according to IBM

AI blog

Eset

The cyberthreat that drives businesses towards cyber risk insurance

Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide

Cyber blog

Eset

Phishing targeting Polish SMBs continues via ModiLoader

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Malware blog

Eset

Beware of fake AI tools masking very real malware threats

Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants

AI blog

Eset

QR Codes: Convenience or Cyberthreat?

Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing)

Phishing blog

Trend Micro

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

Cyber blog

Trend Micro

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransom blog

Trend Micro

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Vulnerebility blog

Trend Micro

Handala’s Wiper Targets Israel

This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code.

Malware blog

Trelix

Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies

Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation.

BigBrother blog

Cybereason

Something Phishy This Way Comes: How the SonicWall SOC Proactively Defended Partners Against a New Attack

Proactive Protection: How SonicWall's security operations center (SOC) safeguards MSPs around the clock.

Security blog

SonicWall

Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads

The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared.

Vulnerebility blog

SonicWall

Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware

The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker.

Ransom blog

SonicWall

The Windows Registry Adventure #3: Learning resources

When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry.

Cyber blog

Project Zero

Vulnerabilities in LangChain Gen AI

Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub:

AI blog

Palo Alto

From RA Group to RA World: Evolution of a Ransomware Group

The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World.

Ransom blog

Palo Alto

Stargazers Ghost Network

This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories.

Hacking blog

Checkpoint

Thread Name-Calling – using Thread Name for offense

We propose a new injection technique: Thread Name-Calling, and offer the advisory related to implementing protection.

Hacking blog

Checkpoint

The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."

Cyber blog

Cisco Blog

Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe

Attackers abusing the "EvilVideo" vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files

OS Blog

Eset

Building cyber-resilience: Lessons learned from the CrowdStrike incident

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

Cyber blog

Eset

The tap-estry of threats targeting Hamster Kombat players

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game

Malware blog

Eset

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos

Social blog

Eset

How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe

A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats

Security blog

Eset

Beyond the blue screen of death: Why software updates matter

The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them.

Security blog

Eset

The complexities of cybersecurity update processes

If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike

Security blog

Eset

ClickFix Deception: A Social Engineering Tactic to Deploy Malware

McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal.

Malware blog

McAfee

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Vulnerebility blog

Trend Micro

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

Cyber blog

Trend Micro

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransom blog

Trend Micro

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Vulnerebility blog

Trend Micro

Teaming up with IBM to secure critical SAP workloads

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers

Cyber blog

Trend Micro

An In-Depth Look at Crypto-Crime in 2023 Part 2

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Cryptocurrency blog

Trend Micro

Container Breakouts: Escape Techniques in Cloud Environments

Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability.

Vulnerebility blog

Palo Alto

Beware of BadPack: One Weird Trick Being Used Against Android Devices

This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files.

Malware blog

Palo Alto

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS

MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal.

Malware blog

Checkpoint

It's best to just assume you’ve been involved in a data breach somehow

Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.

Incident blog

Cisco Blog

HotPage: Story of a signed, vulnerable, ad-injecting driver

A study of a sophisticated Chinese browser injector that leaves more doors open!

Malware blog

Eset

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity

Cyber blog

Eset

Hello, is it me you’re looking for? How scammers get your phone number

Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

Security blog

Eset

Should ransomware payments be banned? – Week in security with Tony Anscombe

Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?

Ransom blog

Eset

Application Security report: 2024 update

Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks...

Cyber blog

Cloudflare

Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England

Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final...

BigBrother blog

Cloudflare

Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds

We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website...

Social blog

Cloudflare

DDoS threat report for 2024 Q2

Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024...

Attack blog

Cloudflare

RADIUS/UDP vulnerable to improved MD5 collision attack

The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography...

Attack blog

Cloudflare

French elections: political cyber attacks and Internet traffic shifts

Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties...

BigBrother blog

Cloudflare

UK election day 2024: traffic trends and attacks on political parties

Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party...

BigBrother blog

Cloudflare

Cloudflare 1.1.1.1 incident on June 27, 2024

On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak...

Incident blog

Cloudflare

First round of French election: party attacks and a modest traffic dip

How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage...

Attack blog

Cloudflare

Declare your AIndependence: block AI bots, scrapers and crawlers with a single click

To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier...

AI blog

Cloudflare

HardBit Ransomware version 4.0

In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild.

Ransom blog

Cybereason

Cactus Ransomware: New strain in the market

Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption.

Ransom blog

Trelix

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass.

Malware blog

Trelix

Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence

Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime.

APT blog

Trelix

Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant

The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data.

Malware blog

SonicWall

Microsoft Security Bulletin Coverage for July 2024

Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities.

Vulnerebility blog

SonicWall

Adobe Commerce Unauthorized XXE Vulnerability

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation.

Vulnerebility blog

SonicWall

An In-Depth Look at Crypto-Crime in 2023 Part 2

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Cryptocurrency blog

Trend Micro

Network detection & response: the SOC stress reliever

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Cyber blog

Trend Micro

An In-Depth Look at Crypto-Crime in 2023 Part 1

Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses.

Cryptocurrency blog

Trend Micro

The Top 10 AI Security Risks Every Business Should Know

With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year.

AI blog

Trend Micro

DarkGate: Dancing the Samba With Alluring Excel Files

This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware.

Malware blog

Palo Alto

Dissecting GootLoader With Node.js

This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware.

Malware blog

Palo Alto

The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention

The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data.

AI blog

Palo Alto

EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE

In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically.

Exploit blog

Checkpoint

RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112)

Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution.

Vulnerebility blog

Checkpoint

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.

Ransom blog

Cisco Blog

Impact of data breaches is fueling scam campaigns

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.

Incident blog

Cisco Blog

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Spam blog

Cisco Blog

How do cryptocurrency drainer phishing scams work?

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.

Cryptocurrency blog

Cisco Blog

Checking in on the state of cybersecurity and the Olympics

Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos.

Cyber blog

Cisco Blog

15 vulnerabilities discovered in software development kit for wireless routers

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router.

Vulnerebility blog

Cisco Blog

Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.

Vulnerebility blog

Cisco Blog

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

IoT blog

Eset

5 common Ticketmaster scams: How fraudsters steal the show

Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account

Spam blog

Eset

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Cryptocurrency blog

Trend Micro

Mekotio Banking Trojan Threatens Financial Systems in Latin America

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.

Malware blog

Trend Micro

High-Risk Path Traversal in SolarWinds Serv-U

The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures.

Vulnerebility blog

SonicWall

Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC

When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news.

Security blog

SonicWall

The Hidden Danger of PDF Files with Embedded QR Codes

The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

Malware blog

SonicWall

Attackers Exploiting Public Cobalt Strike Profiles

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository.

Exploit blog

Palo Alto

MODERN CRYPTOGRAPHIC ATTACKS: A GUIDE FOR THE PERPLEXED

Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details.

Attack blog

Checkpoint

Social media and teen mental health – Week in security with Tony Anscombe

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Social blog

Eset

No room for error: Don’t get stung by these common Booking.com scams

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Phishing blog

Eset

AI in the workplace: The good, the bad, and the algorithmic

While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table

AI blog

Eset

Hijacked: How hacked YouTube channels spread scams and malware

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Malware blog

Eset

Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe

Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year

Security blog

Eset

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign.

APT blog

Trend Micro

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

Cryptocurrency blog

Trend Micro

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO).

AI blog

Trend Micro

AI Coding Companions 2024: AWS, GitHub, Tabnine + More

AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before.

AI blog

Trend Micro

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat.

Ransom blog

Trend Micro

Omdia Report: Trend Disclosed 60% of Vulnerabilities

The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention.

Cyber blog

Trend Micro

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.

Phishing blog

Trend Micro

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups.

Cyber blog

Trend Micro

StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer.

Malware blog

SonicWall

New Orcinius Trojan Uses VBA Stomping to Mask Infection

This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware.

Malware blog

SonicWall

Attack Paths Into VMs in the Cloud

This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud.

Attack blog

Palo Alto

Attackers Exploiting Public Cobalt Strike Profiles

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure.

Malware blog

Palo Alto

RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally.

Malware blog

Checkpoint

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.

Malware blog

Cisco Blog

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login

Incident blog

Cisco Blog

Multiple vulnerabilities in TP-Link Omada system could lead to root access

Affected devices could include wireless access points, routers, switches and VPNs.

Vulnerebility blog

Cisco Blog

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

Malware blog

Cisco Blog

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.

Cryptocurrency blog

Cisco Blog

Tabletop exercises are headed to the next frontier: Space

More on the recent Snowflake breach, MFA bypass techniques and more.

Cyber blog

Cisco Blog

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.

Malware blog

Cisco Blog

How are attackers trying to bypass MFA?

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks

Security blog

Cisco Blog

How we can separate botnets from the malware operations that rely on them

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.

BotNet blog

Cisco Blog

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research.

Cyber blog

Project Zero

The Windows Registry Adventure #3: Learning resources

When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible.

Cyber blog

Project Zero

ESET Threat Report H1 2024

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Cyber blog

Eset

Cyber insurance as part of the cyber threat mitigation strategy

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies

Cyber blog

Eset

Buying a VPN? Here’s what to know and look for

VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes

Cyber blog

Eset

The long-tail costs of a data breach – Week in security with Tony Anscombe

Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents

Cyber blog

Eset

My health information has been stolen. Now what?

As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records

Cyber blog

Eset

Hacktivism is evolving – and that could be bad news for organizations everywhere

Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat

Cyber blog

Eset

Preventative defense tactics in the real world

Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack

Cyber blog

Eset

Microsoft Incident Response tips for managing a mass password reset

When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets.

Security blog

Microsoft Blog

How to achieve cloud-native endpoint management with Microsoft Intune 

In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution.

Security blog

Microsoft Blog

The four stages of creating a trust fabric with identity and network security 

The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture.

Security blog

Microsoft Blog

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices 

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.

Hacking blog

Microsoft Blog

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Malware blog

Trend Micro

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.

Exploit blog

Trend Micro

TargetCompany’s Linux Variant Targets ESXi Environments

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

Ransom blog

Trend Micro

SANS's 2024 Threat-Hunting Survey Review

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year.

Security blog

Trend Micro

It's Time to Up-Level Your EDR Solution

You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.

Security blog

Trend Micro

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers.

AI blog

Trend Micro

The Lifecycle of a Threat: The Inner Workings of the Security Operations Center

See how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog.

Security blog

SonicWall

Microsoft Security Bulletin Coverage for June 2024

Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege.

Vulnerebility blog

SonicWall

Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data

SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.

Exploit blog

SonicWall

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways.

Vulnerebility blog

SonicWall

Driving forward in Android drivers

Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware

OS Blog

Project Zero

DarkGate again but... Improved?

DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features.

Malware blog

Trelix

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018.

Malware blog

Cisco Blog

Only one critical issue disclosed as part of Microsoft Patch Tuesday

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.

Vulnerebility blog

Cisco Blog

How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app

Malware blog

Eset

ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023

APT blog

Eset

Arid Viper poisons Android apps with AridSpy

ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine

OS Blog

Eset

560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe

Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data

Incident blog

Eset

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult.

APT blog

Trend Micro

INC Ransomware Behind Linux Threat

This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago.

Ransom blog

SonicWall

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways.

Vulnerebility blog

SonicWall

Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data

SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.

BotNet blog

SonicWall

INSIDE THE BOX: MALWARE’S NEW PLAYGROUND

Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild.

Hacking blog

Checkpoint

The job hunter’s guide: Separating genuine offers from scams

$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data.

Spam blog

Eset

The murky world of password leaks – and how to check if you’ve been hit

Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look

Incident blog

Eset

What happens when facial recognition gets it wrong – Week in security with Tony Anscombe

A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability

Security blog

Eset

STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY

Packers or crypters are widely used to protect malicious software from detection and static analysis.

Malware blog

Checkpoint

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

APT blog

Cisco Blog

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

Vulnerebility blog

Cisco Blog

AI in HR: Is artificial intelligence changing how we hire employees forever?

Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?

AI blog

Eset

ESET World 2024: Big on prevention, even bigger on AI

What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.

AI blog

Eset

Beyond the buzz: Understanding AI and its role in cybersecurity

A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders

Cyber blog

Eset

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter.

APT blog

Palo Alto

BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL

Void Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations.

APT blog

Checkpoint

SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN

Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean.

APT blog

Checkpoint

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.

Hacking blog

Cisco Blog

Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe

As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?

Ransom blog

Eset

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings

Malware blog

Eset

What happens when AI goes rogue (and how to stop it)

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response

AI blog

Eset

Untangling the hiring dilemma: How security solutions free up HR processes

The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators.

Security blog

Eset

Payload Trends in Malicious OneNote Samples

In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files.

Malware blog

Palo Alto

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild.

Hacking blog

Palo Alto

FOXIT PDF “FLAWED DESIGN” EXPLOITATION

PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments

Exploit blog

Checkpoint

Talos releases new macOS open-source fuzzer

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.

OS Blog

Cisco Blog

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.

Vulnerebility blog

Cisco Blog

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.

BigBrother blog

Cisco Blog

Rounding up some of the major headlines from RSA

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

Cyber blog

Cisco Blog

A new alert system from CISA seems to be effective — now we just need companies to sign up

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.

Vulnerebility blog

Cisco Blog

The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

APT blog

Eset

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

APT blog

Eset

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

Cryptocurrency blog

Eset

ESET APT Activity Report Q4 2023–Q1 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024

APT blog

Eset

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.

Vulnerebility blog

Cisco Blog

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action

Security blog

Eset

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024

Security blog

Eset

It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET

Cyber blog

Eset

RSA Conference 2024: AI hype overload

Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.

AI blog

Eset

How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight

Security blog

Eset

The hacker’s toolkit: 4 gadgets that could spell security trouble

Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

Malware blog

Eset

It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise

Our telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks.

Malware blog

Palo Alto

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.

APT blog

Palo Alto

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.

Vulnerebility blog

Cisco Blog

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.

APT blog

Cisco Blog

Pay up, or else? – Week in security with Tony Anscombe

Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not

Ransom blog

Eset

Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Spam blog

Eset

MDR: Unlocking the power of enterprise-grade security for businesses of all sizes

We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth

Security blog

Eset

How space exploration benefits life on Earth: Q&A with David Eicher

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Phishing blog

Eset

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.

Cyber blog

Cisco Blog

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors.

Malware blog

Cisco Blog

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

Malware blog

Cisco Blog

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Phishing blog

Eset

Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity

Cyber blog

Eset

What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus

Security blog

Eset

The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe

Security blog

Eset

Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Security blog

Eset

The Windows Registry Adventure #2: A brief history of the feature

Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it.

Vulnerebility blog

Project Zero

The Windows Registry Adventure #1: Introduction and research results

In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs.

Vulnerebility blog

Project Zero

Redline Stealer: A Novel Approach

Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was...

Malware blog

Mcafee

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

Malware blog

Cisco Blog

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in brute

Attack blog

Cisco Blog

The many faces of impersonation fraud: Spot an imposter before it’s too late

What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?

Security blog

Eset

The ABCs of how online ads can impact children’s well-being

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.

Security blog

Eset

Bitcoin scams, hacks and heists – and how to avoid them

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe

Cryptocurrency blog

Eset

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly.

Vulnerebility blog

Palo Alto

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.

APT blog

Palo Alto

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.

Malware blog

Cisco Blog

Vulnerability in some TP-Link routers could lead to factory reset

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.

Vulnerebility blog

Cisco Blog

eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit

Malware blog

Eset

Beyond fun and games: Exploring privacy risks in children’s apps

Should children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.

Security blog

Eset

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps

Cyber blog

Eset

7 reasons why cybercriminals want your personal data

Here's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it

Cyber blog

Eset

THE ILLUSION OF PRIVACY: GEOLOCATION RISKS IN MODERN DATING APPS

Dating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues.

BigBrother blog

Checkpoint

BEYOND IMAGINING – HOW AI IS ACTIVELY USED IN ELECTION CAMPAIGNS AROUND THE WORLD

Deepfake materials (convincing AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates) are often disseminated shortly before election dates to limit the opportunity for fact-checkers to respond.

AI blog

Checkpoint

AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES

When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted.

Malware blog

Checkpoint

MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUX

In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America.

Malware blog

Checkpoint

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated.

Social blog

Cisco Blog

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.

Malware blog

Cisco Blog

The devil is in the fine print – Week in security with Tony Anscombe

Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today

Security blog

Eset

How often should you change your passwords?

Answering this question is not as straightforward as it seems. Here’s what you should consider when it comes to keeping your accounts safe.

Security blog

Eset

Malware hiding in pictures? More likely than you think

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

Malware blog

Eset

Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)

On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10.

Vulnerebility blog

Palo Alto

Exposing a New BOLA Vulnerability in Grafana

Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.

Vulnerebility blog

Palo Alto

RDP remains a security concern – Week in security with Tony Anscombe

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result