BLOG 2024  AI blog  APT blog  Attack blog  BigBrother blog  BotNet blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransom blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog  2024  2023

H  January(21) February(46) March(44) April(33) May(35) June(67) July(84) August(0) September(0) October(0) November(0) December(0) 

DATE

NAME

Info

CATEG.

WEB

21.12.24

The evolution and abuse of proxy networks Proxy and anonymization networks have been dominating the headlines, this piece discusses its origins and evolution on the threat landscape with specific focus on state sponsored abuse. Security blog

Cisco Blog

21.12.24

Exploring vulnerable Windows drivers This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers. Vulnerebility blog

Cisco Blog

21.12.24

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Vulnerebility blog

Cisco Blog

21.12.24

Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular a Vulnerebility blog

Cisco Blog

21.12.24

Something to Read When You Are On Call and Everyone Else is at the Office Party Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. Cyber blog

Cisco Blog

21.12.24

MC LR Router and GoCast unpatched vulnerabilities Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the explo Vulnerebility blog

Cisco Blog

21.12.24

The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. Cyber blog

Cisco Blog

21.12.24

Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of p Vulnerebility blog Cisco Blog

21.12.24

ESET Research Podcast: Telekopye, again Take a peek into the murky world of cybercrime where groups of scammers who go by the nickname of 'Neanderthals’ wield the Telekopye toolkit to ensnare unsuspecting victims they call 'Mammoths' Cyber blog

Eset

21.12.24

Unwrapping Christmas scams | Unlocked 403 cybersecurity podcast (ep. 9) ESET's Jake Moore reveals why the holiday season is a prime time for scams, how fraudsters prey on victims, and how AI is supercharging online fraud Cyber blog

Eset

21.12.24

Cybersecurity is never out-of-office: Protecting your business anytime, anywhere While you're enjoying the holiday season, cybercriminals could be gearing up for their next big attack – make sure your company's defenses are ready, no matter the time of year Cyber blog

Eset

21.12.24

ESET Threat Report H2 2024: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for staying secure in 2025

Cyber blog

Eset

21.12.24

ESET Threat Report H2 2024 A view of the H2 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Hacking a car – or rather, its infotainment system Our ‘computers on wheels’ are more connected than ever, but the features that enhance our convenience often come with privacy risks in tow Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Why a CVSS score of 7.5 may be a 'perfect' 10 in your organization Aggregate vulnerability scores don’t tell the whole story – the relationship between a flaw’s public severity rating and the specific risks it poses for your company is more complex than it seems Cyber blog

Eset

21.12.24

Black Hat Europe 2024: Can AI systems be socially engineered? Could attackers use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally? Cyber blog

Eset

21.12.24

How cyber-secure is your business? | Unlocked 403 cybersecurity podcast (ep. 8) As cybersecurity is a make-or-break proposition for businesses of all sizes, can your organization's security strategy keep pace with today’s rapidly evolving threats? Cyber blog

Eset

21.12.24

Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost Cyber blog

Eset

21.12.24

Philip Torr: AI to the people | Starmus Highlights We’re on the cusp of a technological revolution that is poised to transform our lives – and we hold the power to shape its impact AI blog

Eset

21.12.24

Achieving cybersecurity compliance in 5 steps Cybersecurity compliance may feel overwhelming, but a few clear steps can make it manageable and ensure your business stays on the right side of regulatory requirements Cyber blog

Eset

21.12.24

CVE-2024-55956: Zero-Day Vulnerability in Cleo Software Could Lead to Data Theft

A zero-day vulnerability, tracked as CVE-2024-55956, has been discovered in 3 Cleo products and is being exploited by CL0P ransomware group, leading to potential data theft

Vulnerebility blog

Cybereason

21.12.24

Your Data Is Under New Lummanagement: The Rise of LummaStealer

In this Threat Analysis report, Cybereason investigates the rising activity of the malware LummaStealer.

Malware blog

Cybereason

21.12.24

Stellar Discovery of A New Cluster of Andromeda/Gamarue C2

In this Threat Analysis report, Cybereason investigates incidents relating to the Andromeda backdoor and a new cluster of C2 servers

Malware blog

Cybereason

21.12.24

Malicious Life Podcast: Operation Snow White, Part 2

Scientology spies were trained in all covert operations techniques: surveillance, recruiting agents, infiltrating enemy lines, and blackmail. However, a suspicious librarian and a determined FBI agent brought the largest single spy operation in US government history to an end.

BigBrother blog

Cybereason

21.12.24

THREAT ANALYSIS: Beast Ransomware

In this Threat Analysis report, Cybereason investigates the Ransomware-as-a-Service (RaaS) known as Beast and how to defend against it through the Cybereason Defense Platform.

Ransom blog

Cybereason

21.12.24

CUCKOO SPEAR Part 2: Threat Actor Arsenal

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques.

Phishing blog

Cybereason

21.12.24

Malicious Life Podcast: Operation Snow White, Part 1

In 1963, the FDA raided the headquarters of a budding new and esoteric religion - The Church of Scientology. In response to this and similar incidents to come, the church's founder - an eccentric science fiction author named L. Ron Hubbard - would go on to lead the single largest known government infiltration operation in United States history.

BigBrother blog

Cybereason

21.12.24

CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques.

Phishing blog

Cybereason

21.12.24

The Windows Registry Adventure #5: The regf file format

As previously mentioned in the second installment of the blog post series ("A brief history of the feature"), the binary format used to encode registry hives from Windows NT 3.1 up to the modern Windows 11 is called regf. In a way, it is quite special, because it represents a registry subtree simultaneously on disk and in memory, as opposed to most other common file formats.

Hacking blog

Project Zero

21.12.24

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs.

Exploit blog

Project Zero

21.12.24

Windows Tooling Updates: OleView.NET

This is a short blog post about some recent improvements I've been making to the OleView.NET tool which has been released as part of version 1.16. The tool is designed to discover the attack surface of Windows COM and find security vulnerabilities such as privilege escalation and remote code execution.

OS Blog

Project Zero

21.12.24

Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst

Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format (starting from Apple A17 iOS / M3 macOS), decoding is done in hardware

OS Blog

Project Zero

21.12.24

Safeguarding Election Integrity: Threat Hunting for the U.S. Elections

With 2024 being a major election year globally, the stakes for election security were and remain high. More than 60 countries, including the United States, Mexico, India, and Indonesia, held elections and engaged nearly 2 billion voters. The U.S. general election on November 5th, 2024, drew significant attention due to concerns over potential interference and cybersecurity threats.

BigBrother blog

Trelix

21.12.24

Hacktivist Groups: The Shadowy Links to Nation-State Agendas

The recent conflicts between Ukraine and the Middle East have seen a surge in hacktivist activity, with groups aligned with both sides engaging in cyberattacks. In this blog we will cover a large set of Hacktivist groups.

BigBrother blog

Trelix

21.12.24

Anatomy of Celestial Stealer: Malware-as-a-Service Revealed

During proactive hunting, Trellix Advanced Research Center found samples belonging to Celestial Stealer, a JavaScript-based infostealer which is packaged either as an Electron application or as a NodeJS single application for Windows 10 and Windows 11 operating system. It is a Malware-as-a-Service (MaaS) advertised on the Telegram platform. The stealer is marketed as a FUD (fully undetectable).

Malware blog

Trelix

21.12.24

Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now

On November 18th, the US Justice Department unsealed criminal charges against a Russian national for allegedly administering the sale, distribution, and operation of Phobos ransomware. Phobos is considered an evolution of Dharma Ransomware (aka CrySIS). Code similarities and ransom notes suggest that the creators are either the same or closely connected.

Ransom blog

Trelix

21.12.24

When Guardians Become Predators: How Malware Corrupts the Protectors

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us?

Malware blog

Trelix

2.11.24

Attacker Abuses Victim Resources to Reap Rewards from Titan Network

In this blog entry, we discuss how an attacker took advantage of the Atlassian Confluence vulnerability CVE-2023-22527 to connect servers to the Titan Network for cryptomining purposes.

Vulnerebility blog

Trend Micro

2.11.24

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflicts damage to the system.

BotNet blog

Trend Micro

2.11.24

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

In this blog entry, we discuss how malicious actors are exploiting Docker remote API servers via gRPC/h2c to deploy the cryptominer SRBMiner to facilitate their mining of XRP on Docker hosts.

Cryptocurrency blog

Trend Micro

2.11.24

Attackers Target Exposed Docker Remote API Servers With perfctl Malware

We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.

Malware blog

Trend Micro

2.11.24

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network 

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777).

Hacking blog

Microsoft Blog

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval

The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment.

Ransom blog

SonicWall

2.11.24

Command Injection and Local File Inclusion in Grafana: CVE-2024-9264

The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce charts, graphs and alerts according to the data.

Vulnerebility blog

SonicWall

2.11.24

New Iranian-based Ransomware Group Charges $2000 for File Retrieval

The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations at this time as they only charge $2000 in BNB (Binance coin crypto) for file restoration. The price for file retrieval is also negotiable. During our analysis, we were able to converse directly with the malware operator and negotiate payment.

Ransom blog

SonicWall

2.11.24

Code Injection in Spring Cloud: CVE-2024-37084

The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability.

Vulnerebility blog

SonicWall

2.11.24

A Look Into Embargo Ransomware, Another Rust-based Ransomware

Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion tactics where they first exfiltrate sensitive data from their victims before encrypting their files. They then threaten to release the stolen data unless a ransom Is paid.

Malware blog

SonicWall

2.11.24

HORUS Protector Part 1: The New Malware Distribution Service

Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families propagated by Horus Protector including AgentTesla, Remcos, Snake, NjRat and many others.

Malware blog

SonicWall

2.11.24

VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability

CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server to send specially crafted packets, potentially leading to remote code execution (RCE). The vulnerability, classified under CWE-122 (Heap-based Buffer Overflow), arises when memory allocated in the heap is improperly overwritten, leading to unpredictable behavior that could be exploited.

Vulnerebility blog

SonicWall

2.11.24

Insecure Deserialization in Veeam Backup and Replication: CVE-2024-40711

The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV and Microsoft Hyper-V hypervisors.

Vulnerebility blog

SonicWall

2.11.24

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius).

Ransom blog

Palo Alto

2.11.24

Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction

This article introduces a simple and straightforward technique for jailbreaking that we call Deceptive Delight. Deceptive Delight is a multi-turn technique that engages large language models (LLM) in an interactive conversation, gradually bypassing their safety guardrails and eliciting them to generate unsafe or harmful content.

AI blog

Palo Alto

2.11.24

Jumpy Pisces Engages in Play Ransomware

Unit 42 has identified Jumpy Pisces, a North Korean state-sponsored threat group associated with the Reconnaissance General Bureau of the Korean People's Army, as a key player in a recent ransomware incident. Our investigation indicates a likely shift in the group’s tactics. We believe with moderate confidence that Jumpy Pisces, or a faction of the group, is now collaborating with the Play ransomware group (Fiddling Scorpius).

Ransom blog

Palo Alto

2.11.24

Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism

Unit 42 researchers have found that certain third-party utilities and applications pertaining to archiving, virtualization and Apple’s native command-line tools do not enforce the quarantine attribute. This can pose a threat to the integrity of a security feature on macOS known as Gatekeeper, which is responsible for ensuring that only trusted software runs on the system. A bypass of Gatekeeper could leave the user unprotected from risky applications that may attempt to execute malicious content.

OS Blog

Palo Alto

2.11.24

Talos IR trends Q3 2024: Identity-based operations loom large

Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance - read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions.

Cyber blog

Cisco Blog

2.11.24

Threat actors use copyright infringement phishing lure to deploy infostealers

* Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. * The decoy email and fake PDF filenames are designed to impersonate a company's legal department, attempting to lure the

Phishing blog

Cisco Blog

2.11.24

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

Malware blog

Cisco Blog

2.11.24

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.

Malware blog

Cisco Blog

2.11.24

NVIDIA shader out-of-bounds and eleven LevelOne router vulnerabilities

Cisco Talos' Vulnerability Research team recently discovered five Nvidia out-of-bounds access vulnerabilities in shader processing, as well as eleven LevelOne router vulnerabilities spanning a range of possible exploits. For Snort coverage that can detect the exploitation of

Vulnerebility blog

Cisco Blog

2.11.24

Writing a BugSleep C2 server and detecting its traffic with Snort

This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort.

Cyber blog

Cisco Blog

2.11.24

How LLMs could help defenders write better and faster detection

Can LLM tools actually help defenders in the cybersecurity industry write more effective detection content? Read the full research

AI blog

Cisco Blog

2.11.24

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

Cyber blog

Cisco Blog

2.11.24

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities

BigBrother blog

Cisco Blog

2.11.24

Protecting major events: An incident response blueprint

Go behind the scenes with Talos incident responders and learn from what we've seen in the field.

Incident blog

Cisco Blog

2.11.24

Ghidra data type archive for Windows driver functions

Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.

Malware blog

Cisco Blog

2.11.24

Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project

Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.

Vulnerebility blog

Cisco Blog

2.11.24

Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.

Vulnerebility blog

Cisco Blog

2.11.24

Are hardware supply chain attacks “cyber attacks?”

It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.

Hacking blog

Cisco Blog

2.11.24

Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks

Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that?

Vulnerebility blog

Checkpoint

2.11.24

Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum

Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the intent of influencing the outcome of the upcoming fall elections and national referendum.

BigBrother blog

Checkpoint

2.11.24

From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta's CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.

Vulnerebility blog

Project Zero

2.11.24

The Windows Registry Adventure #4: Hives and the registry layout

To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (abbreviated as HKCR, HKLM, HKCU, HKU and HKCC), and each of them contains a nested tree structure that serves a specific role in the system

Vulnerebility blog

Project Zero

2.11.24

Effective Fuzzing: A Dav1d Case Study

Late in 2023, while working on a 20% project with Project Zero, I found an integer overflow in the dav1d AV1 video decoder. That integer overflow leads to an out-of-bounds write to memory. Dav1d 1.4.0 patched this, and it was assigned CVE-2024-1580.

Vulnerebility blog

Project Zero

2.11.24

MacOS Malware Surges as Corporate Usage Grows

As more companies adopt macOS for their corporate needs, attackers are adapting their techniques to get what they want

OS Blog

Trelix

2.11.24

Cyber Threats Targeting the US Government During the Democratic National Convention

Trellix global sensors detected increased threat activities during the days that the Democratic National Convention (DNC) was held in August 2024, culminating into a massive spike in detections halfway through the convention. Our data indicate that these threat activities targeted a wide range of US government organizations, including regional democratic causes, state legislative offices, legislative data centers, election boards, local law enforcement agencies, and public transportation networks.

BigBrother blog

Trelix

2.11.24

Month in security with Tony Anscombe – October 2024 edition

Election interference, American Water and the Internet Archive breaches, new cybersecurity laws, and more – October saw no shortage of impactful cybersecurity news stories

Cyber blog

Eset

2.11.24

How to remove your personal information from Google Search results

Have you ever googled yourself? Were you happy with what came up? If not, consider requesting the removal of your personal information from search results.

Cyber blog

Eset

2.11.24

Don't become a statistic: Tips to help keep your personal data off the dark web

You may not always stop your personal information from ending up in the internet’s dark recesses, but you can take steps to protect yourself from criminals looking to exploit it

Cyber blog

Eset

2.11.24

Tony Fadell: Innovating to save our planet | Starmus highlights

As methane emissions come under heightened global scrutiny, learn how a state-of-the-art satellite can pinpoint their sources and deliver the insights needed for targeted mitigation efforts

Security blog

Eset

2.11.24

CloudScout: Evasive Panda scouting cloud services

ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services

APT blog

Eset

2.11.24

ESET Research Podcast: CosmicBeetle

Learn how a rather clumsy cybercrime group wielding buggy malicious tools managed to compromise a number of SMBs in various parts of the world

Cyber blog

Eset

2.11.24

Embargo ransomware: Rock’n’Rust

Novice ransomware group Embargo is testing and deploying a new Rust-based toolkit

Ransom blog

Eset

2.11.24

Google Voice scams: What are they and how do I avoid them?

Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers

Spam blog

Eset

2.11.24

Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year

Exploit blog

Eset

2.11.24

Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online – and even be the start of a predatory relationship

Cyber blog

Eset

2.11.24

Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Ever alert to fresh money-making opportunities, fraudsters are blending physical and digital threats to steal drivers’ payment details

Hacking blog

Eset

2.11.24

Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

The world needs more cybersecurity professionals – here are three great ways to give you an ‘in’ to the ever-growing and rewarding security industry

Cyber blog

Eset

2.11.24

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

GoldenJackal jumps the air gap … twice – Week in security with Tony Anscombe

Hacking blog

Eset

2.11.24

ESET Research shares new findings about Telekopye, a scam toolkit used to defraud people on online marketplaces, and newly on accommodation booking platforms

Telekopye transitions to targeting tourists via hotel booking scam

Spam blog

Eset

2.11.24

Cyber insurance, human risk, and the potential for cyber-ratings

Could human risk in cybersecurity be managed with a cyber-rating, much like credit scores help assess people’s financial responsibility?

Cyber blog

Eset

2.11.24

Mind the (air) gap: GoldenJackal gooses government guardrails

ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal

BigBrother blog

Eset

2.11.24

The complexities of attack attribution – Week in security with Tony Anscombe

Attributing a cyberattack to a specific threat actor is a complex affair, as evidenced by new ESET research published this week

Cyber blog

Eset

2.11.24

Separating the bee from the panda: CeranaKeeper making a beeline for Thailand

ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia

APT blog

Eset

2.11.24

Why system resilience should mainly be the job of the OS, not just third-party applications

Building efficient recovery options will drive ecosystem resilience

OS Blog

Eset

2.11.24

Cybersecurity Awareness Month needs a radical overhaul – it needs legislation

Despite their benefits, awareness campaigns alone are not enough to encourage widespread adoption of cybersecurity best practices

Cyber blog

Eset

2.11.24

Gamaredon's operations under the microscope – Week in security with Tony Anscombe

ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years

Cyber blog

Eset

28.9.24

Evolved Exploits Call for AI-Driven ASRM + XDR

AI-driven insights for managing emerging threats and minimizing organizational risk

AI blog

Trend Micro

28.9.24

Cybersecurity Compass: Bridging the Communication Gap

Discover how to use the Cybersecurity Compass to foster effective conversations about cybersecurity strategy between non-technical and technical audiences, focusing on the phases of before, during, and after a breach.

Cyber blog

Trend Micro

28.9.24

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge

SonicWall’s 2024 Healthcare Threat Brief reveals at least 14 million U.S. patients affected by malware breaches, as outdated systems leave healthcare providers vulnerable to evolving ransomware threats - underscoring the need for MSPs/MSSPs.

Ransom blog

SonicWall

28.9.24

Secure Access Unlocked: Exploring WNM 4.5 and Service Provider Monthly Program

Learn about exciting updates in WNM 4.5 plus new additions to our service provider program!

Security blog

SonicWall

28.9.24

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. We’ve named these infected software packages PondRAT. We’ve also found Linux variants of POOLRAT, a known macOS remote administration tool (RAT) previously attributed to Gleaming Pisces (aka Citrine Sleet, distributor of AppleJeus). Based on our research into both RAT families, we assess that the new PondRAT is a lighter version of POOLRAT.

Malware blog

Palo Alto

28.9.24

Inside SnipBot: The Latest RomCom Malware Variant

We recently discovered a novel version of the RomCom malware family called SnipBot and, for the first time, show post-infection activity from the attacker on a victim system. This new strain makes use of new tricks and unique code obfuscation methods in addition to those seen in previous versions of RomCom 3.0 and PEAPOD (RomCom 4.0).

Malware blog

Palo Alto

28.9.24

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz

We have been monitoring a widely popular phishing-as-a-service (PhaaS) platform named Sniper Dz that primarily targets popular social media platforms and online services. A large number of phishers could be using this platform to launch phishing attacks, since the group behind this kit has thousands of subscribers on its Telegram channel. Our research revealed over 140,000 phishing websites associated with the Sniper Dz PhaaS platform over the past year.

Phishing blog

Palo Alto

28.9.24

Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy

Unit 42 researchers discovered two malware samples used by the Sparkling Pisces (aka Kimsuky) threat group. This includes an undocumented keylogger, called KLogEXE by its authors, and an undocumented variant of a backdoor dubbed FPSpy. These samples enhance Sparkling Pisces' already extensive arsenal and demonstrate the group’s continuous evolution and increasing capabilities.

Malware blog

Palo Alto

28.9.24

Wallet Scam: A Case Study in Crypto Drainer Tactics

Check Point Research (CPR) uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. The app used a set of evasion techniques to avoid detection and remained available for nearly five months before being removed.

Cryptocurrency blog

Checkpoint

28.9.24

10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More

DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade as documented by MITRE.

Hacking blog

Checkpoint

28.9.24

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Many spammers have elected to attack web pages and mail servers of legitimate organizations, so they may use these “pirated” resources to send unsolicited email.

Spam blog

Cisco Blog

28.9.24

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

BigBrother blog

Eset

28.9.24

Don’t panic and other tips for staying safe from scareware

Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics

Spam blog

Eset

28.9.24

Time to engage: How parents can help keep their children safe on Snapchat

Here’s what parents should know about Snapchat and why you should take some time to ensure your children can stay safe when using the app

Social blog

Eset

21.9.24

Cracked Software or Cyber Trap? The Rising Danger of AsyncRAT Malware

Authored by Neil Tyagi In cybersecurity, threats constantly evolve, and new ways to exploit unsuspecting users are...

Malware blog

McAfee

21.9.24

How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Ransom blog

Trend Micro

21.9.24

Identifying Rogue AI

This is the third blog in an ongoing series on Rogue AI. Keep following for more technical guidance, case studies, and insights

AI blog

Trend Micro

21.9.24

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

APT blog

Trend Micro

21.9.24

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC), both of which have now been resolved and are discussed in this blog post.

Vulnerebility blog

Trend Micro

21.9.24

Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones

Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score

Vulnerebility blog

SonicWall

21.9.24

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool

This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network.

Exploit blog

Palo Alto

21.9.24

FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral process

BigBrother blog

Eset

21.9.24

Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

How do analyst relations professionals 'sort through the noise' and help deliver the not-so-secret sauce for a company's success? We spoke with ESET's expert to find out

Social blog

Eset

21.9.24

Understanding cyber-incident disclosure

Proper disclosure of a cyber-incident can help shield your business from further financial and reputational damage, and cyber-insurers can step in to help

Cyber blog

Eset

21.9.24

ESET Research Podcast: EvilVideo

ESET researchers discuss how they uncovered a zero-day Telegram for Android exploit that allowed attackers to send malicious files posing as videos

Malware blog

Eset

21.9.24

AI security bubble already springing leaks

Artificial intelligence is just a spoke in the wheel of security – an important spoke but, alas, only one

AI blog

Eset

21.9.24

The Iranian Cyber Capability

In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups.

APT blog

Trelix

14.9.24

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Vulnerebility blog

Trend Micro

14.9.24

Earth Preta Evolves its Attacks with New Malware and Strategies

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Malware blog

Trend Micro

14.9.24

CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective

In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques

APT blog

Cybereason

14.9.24

Chinese APT Abuses VSCode to Target Government in Asia

Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks.

APT blog

Palo Alto

14.9.24

Key Group Russian Ransomware Gang Uses Extensive Multi-purpose Telegram Channel

The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. 

Ransom blog

SonicWall

14.9.24

Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers

While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from threat actors to achieve their motives, such as crypto mining, data exfiltration and backdoor installation

Vulnerebility blog

SonicWall

14.9.24

Microsoft Security Bulletin Coverage For September 2024

Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 and has produced coverage for 9 of the reported vulnerabilities.

OS Blog

SonicWall

14.9.24

Targeted Iranian Attacks Against Iraqi Government Infrastructure

Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks.

APT blog

Checkpoint

14.9.24

DragonRank, a Chinese-speaking SEO manipulator service provider

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation

APT blog

Cisco Blog

14.9.24

The 2024 Threat Landscape State of Play

Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.

Security blog

Cisco Blog

14.9.24

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.

Vulnerebility blog

Cisco Blog

14.9.24

Watch our new documentary, "The Light We Keep: A Project PowerUp Story"

The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.

Security blog

Cisco Blog

14.9.24

We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders

A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.

Security blog

Cisco Blog

14.9.24

Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API

CVE-2024-38257 is considered “less likely” to be exploited, though it does not require any user interaction or user privileges.

Vulnerebility blog

Cisco Blog

14.9.24

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.

Vulnerebility blog

Cisco Blog

14.9.24

The best and worst ways to get users to improve their account security

In my opinion, mandatory enrollment is best enrollment.

Security blog

Cisco Blog

14.9.24

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date Office versions and can still be vulnerable.

Malware blog

Cisco Blog

14.9.24

CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own ends

Ransom blog

Eset

14.9.24

6 common Geek Squad scams and how to defend against them

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks

Spam blog

Eset

14.9.24

CosmicBeetle steps up: Probation period at RansomHub

CosmicBeetle, after improving its own ransomware, tries its luck as a RansomHub affiliate

Ransom blog

Eset

11.9.24

Fake recruiter coding tests target devs with malicious Python packages

RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.

APT

ReversingLabs

7.9.24

TIDRONE Targets Military and Satellite Industries in Taiwan

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

BigBrother blog

Trend Micro

7.9.24

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.

Malware blog

Trend Micro

7.9.24

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.

Malware blog

Trend Micro

7.9.24

CVE-2024-23119: Critical SQL Injection Vulnerability in Centreon

Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon

Vulnerebility blog

SonicWall

7.9.24

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams

Spam blog

Eset

7.9.24

ESET Research Podcast: HotPage

ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver

Malware blog

Eset

7.9.24

The key considerations for cyber insurance: A pragmatic approach

Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options

Cyber blog

Eset

7.9.24

In plain sight: Malicious ads hiding in search results

Sometimes there’s more than just an enticing product offer hiding behind an ad

Malware blog

Eset

1.9.24

North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE).

Exploit blog

Microsoft Blog

31.8.24

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence

Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.

Malware blog

Trend Micro

31.8.24

AI Pulse: Sticker Shock, Rise of the Agents, Rogue AI

This issue of AI Pulse is all about agentic AI: what it is, how it works, and why security needs to be baked in from the start to prevent agentic AI systems from going rogue once they’re deployed.

AI blog

Trend Micro

31.8.24

Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool

Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.

APT blog

Trend Micro

31.8.24

Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem

A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.

Vulnerebility blog

Trend Micro

31.8.24

CVE-2024-7928: FastAdmin Unauthenticated Path Traversal Vulnerability

The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe than it initially appears.

Vulnerebility blog

SonicWall

31.8.24

AutoIT Bot Targets Gmail Accounts First

This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox.

Malware blog

SonicWall

31.8.24

TLD Tracker: Exploring Newly Released Top-Level Domains

We investigated 19 new top-level domains (TLDs) released in the past year, which revealed large-scale phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and even pranking and meme campaigns.

Phishing blog

Palo Alto

31.8.24

The Emerging Dynamics of Deepfake Scam Campaigns on the Web

Our researchers discovered dozens of scam campaigns using deepfake videos featuring the likeness of various public figures, including CEOs, news anchors and top government officials.

Spam blog

Palo Alto

31.8.24

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic

To improve our detection of suspicious network activity, we leveraged a deep learning method to profile and detect malicious DNS traffic patterns.

Hacking blog

Palo Alto

31.8.24

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Unit 42 researchers found an extortion campaign's cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications.

Hacking blog

Palo Alto

31.8.24

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments.

Hacking blog

Palo Alto

31.8.24

Unmasking ViperSoftX: In-Depth Defense Strategies Against AutoIt-Powered Threats

Explore in-depth defense strategies against ViperSoftX with the Trellix suite, and unpack why AutoIt is an increasingly popular tool for malware authors

AI blog

Trelix

31.8.24

The Bug Report - August 2024 Edition

August 2024 Bug Report: Explore seven critical vulnerabilities—Ivanti vTM, Windows CLFS, Apache OFBiz, and more. Stay ahead of the threats, patch now!

Cyber blog

Trelix

31.8.24

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.

Ransom blog

Cisco Blog

31.8.24

What kind of summer has it been?

As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.

Cyber blog

Cisco Blog

31.8.24

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.

Vulnerebility blog

Cisco Blog

31.8.24

Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

Vulnerebility blog

Cisco Blog

31.8.24

Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.

Vulnerebility blog

Cisco Blog

31.8.24

Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.

Vulnerebility blog

Cisco Blog

31.8.24

No, not every Social Security number in the U.S. was stolen

It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.

Incident blog

Cisco Blog

31.8.24

Stealing cash using NFC relay – Week in Security with Tony Anscombe

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have become

Hacking blog

Eset

31.8.24

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

Demystifying CVE-2024-7262 and CVE-2024-7263

Vulnerebility blog

Eset

31.8.24

Old devices, new dangers: The risks of unsupported IoT tech

In the digital graveyard, a new threat stirs: Out-of-support devices becoming thralls of malicious actors

IoT blog

Eset

31.8.24

Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep. 5)

The world of Android threats is quite vast and intriguing. In this episode, Becks and Lukáš demonstrate how easy it is to take over your phone, with some added tips on how to stay secure

OS Blog

Eset

24.8.24

How Trend Micro Managed Detection and Response Pressed Pause on a Play Ransomware Attack

Using the Trend Micro Vision One platform, our MDR team was able to quickly identify and contain a Play ransomware intrusion attempt.

Ransom blog

Trend Micro

24.8.24

Confidence in GenAI: The Zero Trust Approach

Enterprises have gone all-in on GenAI, but the more they depend on AI models, the more risks they face. Trend Vision One™ – Zero Trust Secure Access (ZTSA) – AI Service Access bridges the gap between access control and GenAI services to protect the user journey.

AI blog

Trend Micro

24.8.24

Securing the Power of AI, Wherever You Need It

Explore how generative AI is transforming cybersecurity and enterprise resilience

AI blog

Trend Micro

24.8.24

Rogue AI is the Future of Cyber Threats

This is the first blog in a series on Rogue AI. Later articles will include technical guidance, case studies and more.

AI blog

Trend Micro

24.8.24

Cisco Smart Software Manager On-Prem Account Takeover

The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability.

Vulnerebility blog

SonicWall

24.8.24

Understanding CVE-2024-38063: How SonicWall Prevents Exploitation

CVE-2024-38063 is a critical remote code execution vulnerability in Windows systems with the IPv6 stack, carrying a CVSS score of 9.8. This zero-click, wormable flaw allows attackers to execute arbitrary code remotely via specially crafted IPv6 packets, potentially leading to full system compromise.

Vulnerebility blog

SonicWall

24.8.24

MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”

Malware blog

Cisco Blog

24.8.24

How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

OS Blog

Cisco Blog

24.8.24

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

Phishing blog

Eset

24.8.24

NGate Android malware relays NFC traffic to steal cash

Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

OS Blog

Eset

24.8.24

How regulatory standards and cyber insurance inform each other

Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with

Ransom blog

Eset

24.8.24

Be careful what you pwish for – Phishing in PWA applications

ESET analysts dissect a novel phishing method tailored to Android and iOS users

OS Blog

Eset

17.8.24

Mario movie malware might maliciously mess with your machine

There are probably few among us who, never have they ever, downloaded questionable content. Whether it was a hit song in the Napster era or a Blockbuster movie you found on a “special” site online, you can probably think of at least one occasion when you got access to something from a, shall we say, less than reputable source.

Malware blog

Avast Blog

17.8.24

Microsoft Security Bulletin Coverage For August 2024

Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 and has produced coverage for ten of the reported vulnerabilities

OS Blog

SonicWall

17.8.24

Harnessing LLMs for Automating BOLA Detection

This post presents our research on a methodology we call BOLABuster, which uses large language models (LLMs) to detect broken object level authorization (BOLA) vulnerabilities. By automating BOLA detection at scale, we will show promising results in identifying these vulnerabilities in open-source projects.

AI blog

Palo Alto

17.8.24

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities

Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities.

Hacking blog

Checkpoint

17.8.24

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove

Check Point Research (CPR) recently uncovered Styx Stealer, a new malware capable of stealing browser data, instant messenger sessions from Telegram and Discord, and cryptocurrency. Even though it only recently appeared, it has already been noticed in attacks, including those targeting our customers.

Malware blog

Checkpoint

17.8.24

Talos discovers 11 vulnerabilities between Microsoft, Adobe software disclosed on Patch Tuesday

Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.

OS Blog

Cisco Blog

17.8.24

How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe

Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme

Spam blog

Eset

17.8.24

Why scammers want your phone number

Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data

Spam blog

Eset

17.8.24

The great location leak: Privacy risks in dating apps

What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance?

Security blog

Eset

17.8.24

Top 6 Craigslist scams: Don’t fall for these tricks

Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun

Spam blog

Eset

10.8.24

60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States

The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It’s so big, in fact, that few people even notice it, like a fish can’t see the ocean.

IoT blog

BitDefender

10.8.24

Fighting Ursa Luring Targets With Car for Sale

A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an advanced persistent threat (APT).

APT blog

Palo Alto

10.8.24

Ransomware Review: First Half of 2024

Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.

Ransom blog

Palo Alto

10.8.24

Sustained Campaign Using Chinese Espionage Tools Targets Telcos

Attackers were heavily focused on telecoms operators in a single Asian country.

BigBrother blog

Symantec

10.8.24

Cloud Cover: How Malicious Actors Are Leveraging Cloud Services

In the past year, there has been a marked increase in the use of legitimate cloud services by attackers, including nation-state actors.

Malware blog

Symantec

10.8.24

Beware of Fake WinRar Websites: Malware Hosted on GitHub

A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application.

Malware blog

SonicWall

10.8.24

SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability

The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023.

Vulnerebility blog

SonicWall

10.8.24

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

Vulnerebility blog

SonicWall

10.8.24

Protect Your Network: Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold

The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues in the infrastructure by utilizing its intuitive workflows and system integrations.

Vulnerebility blog

SonicWall

10.8.24

No symbols? No problem!

This blog will share a tried and tested method for dealing with thousands of unknown functions in a given file to significantly decrease the time spent on analysis while improving accuracy. Once all theory is covered, an instance of the Golang based qBit stealer is analyzed with the demonstrated techniques to show what happens when the theory is put into practice.

Cyber blog

Trelix

10.8.24

Resilient Security Requires Mature Cyber Threat Intelligence Capabilities

We recently had the opportunity to support an important industry effort to advance threat intelligence, led by our partners at Intel 471. Trellix, along with 25+ cyber leaders, launched a new maturity model for cyber threat intelligence (CTI).

Cyber blog

Trelix

10.8.24

Black Hat USA 2024 recap – Week in security with Tony Anscombe

Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors

Cyber blog

Eset

10.8.24

Black Hat USA 2024: All eyes on election security

In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated

Cyber blog

Eset

10.8.24

Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies

Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards

Cyber blog

Eset

10.8.24

Why tech-savvy leadership is key to cyber insurance readiness

Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage

Cyber blog

Eset

3.8.24

GeoServer RCE Vulnerability (CVE-2024-36401) Being Exploited In the Wild

The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share and edit geospatial data

Vulnerebility blog

SonicWall

3.8.24

Protecting SmartPLC Devices from Critical Hardcoded Credential Vulnerability CVE-2024-28747

The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability.

Vulnerebility blog

SonicWall

3.8.24

OneDrive Pastejacking

Phishing campaign exploits Microsoft OneDrive users with sophisticated social engineering, manipulating them into executing a malicious PowerShell script.

Hacking blog

Trelix

3.8.24

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

APT blog

Cisco Blog

3.8.24

Detecting evolving threats: NetSupport RAT campaign

In this first Deep Dive with NTDR, we explore how defenders can leverage Snort for the detection of evasive malware threats.

Malware blog

Cisco Blog

3.8.24

There is no real fix to the security issues recently found in GitHub and other similar software

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.

Vulnerebility blog

Cisco Blog

3.8.24

Where to find Talos at BlackHat 2024

This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 at Black Hat.

Cyber blog

Cisco Blog

3.8.24

Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues

A binary in Apple macOS could allow an adversary to execute an arbitrary binary that bypasses SIP.

OS Blog

Cisco Blog

3.8.24

AI and automation reducing breach costs – Week in security with Tony Anscombe

Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn't deploy these technologies, according to IBM

AI blog

Eset

3.8.24

The cyberthreat that drives businesses towards cyber risk insurance

Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide

Cyber blog

Eset

3.8.24

Phishing targeting Polish SMBs continues via ModiLoader

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Malware blog

Eset

3.8.24

Beware of fake AI tools masking very real malware threats

Ever attuned to the latest trends, cybercriminals distribute malicious tools that pose as ChatGPT, Midjourney and other generative AI assistants

AI blog

Eset

27.7.24

QR Codes: Convenience or Cyberthreat?

Security awareness and measures to detect and prevent sophisticated risks associated with QR code-based phishing attacks (quishing)

Phishing blog

Trend Micro

27.7.24

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

Cyber blog

Trend Micro

27.7.24

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransom blog

Trend Micro

27.7.24

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Vulnerebility blog

Trend Micro

27.7.24

Handala’s Wiper Targets Israel

This blog will focus on the threat actor’s background and previous actions, the attack chain, and the wiper’s internals and reused code.

Malware blog

Trelix

27.7.24

Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies

Highly sophisticated, well-funded, and strategically motivated nation-state cybersecurity threats are complex and challenging, requiring advanced cybersecurity measures, threat intelligence, and international cooperation.

BigBrother blog

Cybereason

27.7.24

Something Phishy This Way Comes: How the SonicWall SOC Proactively Defended Partners Against a New Attack

Proactive Protection: How SonicWall's security operations center (SOC) safeguards MSPs around the clock.

Security blog

SonicWall

27.7.24

Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads

The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe than it initially appeared.

Vulnerebility blog

SonicWall

27.7.24

Volcano Demon Group Targets Idealease Inc. Using LukaLocker Ransomware

The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker.

Ransom blog

SonicWall

27.7.24

The Windows Registry Adventure #3: Learning resources

When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry.

Cyber blog

Project Zero

27.7.24

Vulnerabilities in LangChain Gen AI

Researchers from Palo Alto Networks have identified two vulnerabilities in LangChain, a popular open source generative AI framework with over 81,000 stars on GitHub:

AI blog

Palo Alto

27.7.24

From RA Group to RA World: Evolution of a Ransomware Group

The ransomware group RA Group, now known as RA World, showed a noticeable uptick in their activity since March 2024. About 37% of all posts on their dark web leak site have appeared since March, suggesting this is an emerging group to watch. This article describes the tactics, techniques and procedures (TTPs) used by RA World.

Ransom blog

Palo Alto

27.7.24

Stargazers Ghost Network

This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories.

Hacking blog

Checkpoint

27.7.24

Thread Name-Calling – using Thread Name for offense

We propose a new injection technique: Thread Name-Calling, and offer the advisory related to implementing protection.

Hacking blog

Checkpoint

27.7.24

The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that

Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."

Cyber blog

Cisco Blog

27.7.24

Telegram for Android hit by a zero-day exploit – Week in security with Tony Anscombe

Attackers abusing the "EvilVideo" vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files

OS Blog

Eset

27.7.24

Building cyber-resilience: Lessons learned from the CrowdStrike incident

Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances

Cyber blog

Eset

27.7.24

The tap-estry of threats targeting Hamster Kombat players

ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game

Malware blog

Eset

27.7.24

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos

Social blog

Eset

27.7.24

How a signed driver exposed users to kernel-level threats – Week in Security with Tony Anscombe

A purported ad blocker marketed as a security solution leverages a Microsoft-signed driver that inadvertently exposes victims to dangerous threats

Security blog

Eset

27.7.24

Beyond the blue screen of death: Why software updates matter

The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight. Here’s why you shouldn’t dread them.

Security blog

Eset

27.7.24

The complexities of cybersecurity update processes

If a software update process fails, it can lead to catastrophic consequences, as seen today with widespread blue screens of death blamed on a bad update by CrowdStrike

Security blog

Eset

20.7.24

ClickFix Deception: A Social Engineering Tactic to Deploy Malware

McAfee Labs has discovered a highly unusual method of malware delivery, referred to by researchers as the “Clickfix” infection chain. The attack chain begins with users being lured to visit seemingly legitimate but compromised websites. Upon visiting, victims are redirected to domains hosting fake popup windows that instruct them to paste a script into a PowerShell terminal.

Malware blog

McAfee

20.7.24

CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks

Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched.

Vulnerebility blog

Trend Micro

20.7.24

Trend Experts Weigh in on Global IT Outage Caused by CrowdStrike

On July 19, 2024, a large-scale outage emerged affecting Windows computers for many industries across the globe from financial institutions to hospitals to airlines. The source of this outage came from a single content update from CrowdStrike.

Cyber blog

Trend Micro

20.7.24

Play Ransomware Group’s New Linux Variant Targets ESXi, Shows Ties With Prolific Puma

Trend Micro threat hunters discovered that the Play ransomware group has been deploying a new Linux variant that targets ESXi environments. Read our blog entry to know more.

Ransom blog

Trend Micro

20.7.24

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Vulnerebility blog

Trend Micro

20.7.24

Teaming up with IBM to secure critical SAP workloads

Trend Micro partners with IBM to offer advanced threat detection and response for protecting critical infrastructures running on IBM Power servers

Cyber blog

Trend Micro

20.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 2

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Cryptocurrency blog

Trend Micro

20.7.24

Container Breakouts: Escape Techniques in Cloud Environments

Container escapes are a notable security risk for organizations, because they can be a critical step of an attack chain that can allow malicious threat actors access. We previously published one such attack chain in an article about a runC vulnerability.

Vulnerebility blog

Palo Alto

20.7.24

Beware of BadPack: One Weird Trick Being Used Against Android Devices

This article discusses recent samples of BadPack Android malware and examines how this threat’s tampered headers can obstruct malware analysis. We also review the effectiveness of various freely available tools for analyzing BadPack Android Package Kit (APK) files.

Malware blog

Palo Alto

20.7.24

NEW BUGSLEEP BACKDOOR DEPLOYED IN RECENT MUDDYWATER CAMPAIGNS

MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), has significantly increased its activities in Israel since the beginning of the Israel-Hamas war in October 2023. This parallels with activities against targets in Saudi Arabia, Turkey, Azerbaijan, India and Portugal.

Malware blog

Checkpoint

20.7.24

It's best to just assume you’ve been involved in a data breach somehow

Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.

Incident blog

Cisco Blog

20.7.24

HotPage: Story of a signed, vulnerable, ad-injecting driver

A study of a sophisticated Chinese browser injector that leaves more doors open!

Malware blog

Eset

20.7.24

Small but mighty: Top 5 pocket-sized gadgets to boost your ethical hacking skills

These five formidable bits of kit that can assist cyber-defenders in spotting chinks in corporate armors and help hobbyist hackers deepen their understanding of cybersecurity

Cyber blog

Eset

20.7.24

Hello, is it me you’re looking for? How scammers get your phone number

Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

Security blog

Eset

20.7.24

Should ransomware payments be banned? – Week in security with Tony Anscombe

Blanket bans on ransomware payments are a much-debated topic in cybersecurity and policy circles. What are the implications of outlawing the payments, and would the ban be effective?

Ransom blog

Eset

13.7.24

Application Security report: 2024 update

Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks...

Cyber blog

Cloudflare

13.7.24

Euro 2024’s impact on Internet traffic: a closer look at finalists Spain and England

Here we examine how UEFA Euro 2024 football matches have influenced Internet traffic patterns in participating countries, with a special focus on the two finalists, Spain and England, on their journey to the final...

BigBrother blog

Cloudflare

13.7.24

Cloudflare Zaraz adds support for server-side rendering of X and Instagram embeds

We are thrilled to announce Cloudflare Zaraz support for server-side rendering of embeds from X and Instagram. This allows for secure, privacy-preserving, and performant embedding without third-party JavaScript or cookies, enhancing security, privacy, and performance on your website...

Social blog

Cloudflare

13.7.24

DDoS threat report for 2024 Q2

Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024...

Attack blog

Cloudflare

13.7.24

RADIUS/UDP vulnerable to improved MD5 collision attack

The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography...

Attack blog

Cloudflare

13.7.24

French elections: political cyber attacks and Internet traffic shifts

Check the dynamics of the 2024 French legislative elections, the surprising election results’ impact on Internet traffic changes, and the cyber attacks targeting political parties...

BigBrother blog

Cloudflare

13.7.24

UK election day 2024: traffic trends and attacks on political parties

Here, we explore the dynamics of Internet traffic and cybersecurity during the UK’s 2024 general election, highlighting late-day traffic changes and a post-vote attack on a political party...

BigBrother blog

Cloudflare

13.7.24

Cloudflare 1.1.1.1 incident on June 27, 2024

On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak...

Incident blog

Cloudflare

13.7.24

First round of French election: party attacks and a modest traffic dip

How Cloudflare mitigated DDoS attacks targeting French political parties during the 2024 legislative elections, as detailed in our ongoing election coverage...

Attack blog

Cloudflare

13.7.24

Declare your AIndependence: block AI bots, scrapers and crawlers with a single click

To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier...

AI blog

Cloudflare

13.7.24

HardBit Ransomware version 4.0

In this Threat Analysis report, Cybereason Security Services investigates HardBit Ransomware version 4.0, a new version observed in the wild.

Ransom blog

Cybereason

13.7.24

Cactus Ransomware: New strain in the market

Cactus is another variant in the ransomware family. It exploits VPN vulnerability(CVE-2023-38035) to enter into an internal organization network and deploys varies payloads for persistence(Scheduled Task/Job), C2 connection via RMM tools(Anydesk.exe) and encryption.

Ransom blog

Trelix

13.7.24

The Mechanics of ViperSoftX: Exploiting AutoIt and CLR for Stealthy PowerShell Execution

ViperSoftX uses CLR to embed and execute PowerShell commands within AutoIt, seamlessly integrating malicious functions while evading detection with an AMSI bypass.

Malware blog

Trelix

13.7.24

Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence

Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime.

APT blog

Trelix

13.7.24

Disarming DarkGate: A Deep Dive into Thwarting the Latest DarkGate Variant

The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote Access Trojan that has been widely active since 2018. The RAT has been marketed as Malware-as-a-Service in underground forums, and threat actors are actively updating its code. The malware supports a wide range of features, including (Anti-VM Anti-AV Delay Execution multi-variant support and process hollowing, etc.), which are controlled by flags in the configuration data.

Malware blog

SonicWall

13.7.24

Microsoft Security Bulletin Coverage for July 2024

Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities.

Vulnerebility blog

SonicWall

13.7.24

Adobe Commerce Unauthorized XXE Vulnerability

The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score of 9.8. Labeled as an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability and categorized as CWE-611, this vulnerability allows an attacker unauthorized access to private files, such as those containing passwords. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation.

Vulnerebility blog

SonicWall

13.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 2

In 2023, the cryptocurrency industry faced a significant increase in illicit activities, including money laundering, fraud, and ransomware attacks. Ransomware attacks were especially prevalent and profitable for attackers. However, other forms of criminal activity also saw a rise.

Cryptocurrency blog

Trend Micro

13.7.24

Network detection & response: the SOC stress reliever

Cybersecurity teams are well-equipped to handle threats to technology assets that they manage. But with unmanaged devices providing ideal spots for attackers to lurk unseen, network detection and response capabilities have become vitally important.

Cyber blog

Trend Micro

13.7.24

An In-Depth Look at Crypto-Crime in 2023 Part 1

Cybersecurity is a growing concern in today's digital age, as more sensitive information is stored and transmitted online. With the rise of cryptocurrencies, there has also been a rise in crypto-crimes, which pose a significant threat to the security of both individuals and businesses.

Cryptocurrency blog

Trend Micro

13.7.24

The Top 10 AI Security Risks Every Business Should Know

With every week bringing news of another AI advance, it’s becoming increasingly important for organizations to understand the risks before adopting AI tools. This look at 10 key areas of concern identified by the Open Worldwide Application Security Project (OWASP) flags risks enterprises should keep in mind through the back half of the year.

AI blog

Trend Micro

13.7.24

DarkGate: Dancing the Samba With Alluring Excel Files

This article reviews a DarkGate malware campaign from March-April 2024 that uses Microsoft Excel files to download a malicious software package from public-facing SMB file shares. This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware.

Malware blog

Palo Alto

13.7.24

Dissecting GootLoader With Node.js

This article shows how to circumvent anti-analysis techniques from GootLoader malware while using Node.js debugging in Visual Studio Code. This evasion technique used by GootLoader JavaScript files can present a formidable challenge for sandboxes attempting to analyze the malware.

Malware blog

Palo Alto

13.7.24

The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention

The Contrastive Credibility Propagation (CCP) algorithm is a novel approach to semi-supervised learning (SSL) developed by AI researchers at Palo Alto Networks to improve model task performance with imbalanced and noisy labeled and unlabeled data.

AI blog

Palo Alto

13.7.24

EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE

In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically.

Exploit blog

Checkpoint

13.7.24

RESURRECTING INTERNET EXPLORER: THREAT ACTORS USING ZERO-DAY TRICKS IN INTERNET SHORTCUT FILE TO LURE VICTIMS (CVE-2024-38112)

Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution.

Vulnerebility blog

Checkpoint

13.7.24

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs

Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in TTPs, along with several notable differences and outliers.

Ransom blog

Cisco Blog

13.7.24

Impact of data breaches is fueling scam campaigns

Data breaches have become one of the most crucial threats to organizations across the globe, and they’ve only become more prevalent and serious over time.

Incident blog

Cisco Blog

13.7.24

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling

Talos is releasing a new list of CyberChef recipes that enable faster and easier reversal of encoded JavaScript code contained in the observed HTML attachments.

Spam blog

Cisco Blog

13.7.24

How do cryptocurrency drainer phishing scams work?

In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.

Cryptocurrency blog

Cisco Blog

13.7.24

Checking in on the state of cybersecurity and the Olympics

Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos.

Cyber blog

Cisco Blog

13.7.24

15 vulnerabilities discovered in software development kit for wireless routers

Talos researchers discovered these vulnerabilities in the Jungle SDK while researching other vulnerabilities in the LevelOne WBR-6013 wireless router.

Vulnerebility blog

Cisco Blog

13.7.24

Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities

This is the largest Patch Tuesday since April, when Microsoft patched 150 vulnerabilities.

Vulnerebility blog

Cisco Blog

13.7.24

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

IoT blog

Eset

13.7.24

5 common Ticketmaster scams: How fraudsters steal the show

Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account

Spam blog

Eset

6.7.24

Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Cryptocurrency blog

Trend Micro

6.7.24

Mekotio Banking Trojan Threatens Financial Systems in Latin America

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we'll provide an overview of the trojan and what it does.

Malware blog

Trend Micro

6.7.24

High-Risk Path Traversal in SolarWinds Serv-U

The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures.

Vulnerebility blog

SonicWall

6.7.24

Not If, But When: The Need for a SOC and Introducing the SonicWall European SOC

When you think about cyber threats or attacks, what comes to mind? It’s easy to associate cyberattacks with large enterprises since those are the attacks that frequently make the news.

Security blog

SonicWall

6.7.24

The Hidden Danger of PDF Files with Embedded QR Codes

The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

Malware blog

SonicWall

6.7.24

Attackers Exploiting Public Cobalt Strike Profiles

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository.

Exploit blog

Palo Alto

6.7.24

MODERN CRYPTOGRAPHIC ATTACKS: A GUIDE FOR THE PERPLEXED

Cryptographic attacks, even more advanced ones, are often made more difficult to understand than they need to be. Sometimes it’s because the explanation is “too much too soon” — it skips the simple general idea and goes straight to real world attacks with all their messy details.

Attack blog

Checkpoint

6.7.24

Social media and teen mental health – Week in security with Tony Anscombe

Social media sites are designed to make their users come back for more. Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Social blog

Eset

6.7.24

No room for error: Don’t get stung by these common Booking.com scams

From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation

Phishing blog

Eset

6.7.24

AI in the workplace: The good, the bad, and the algorithmic

While AI can liberate us from tedious tasks and even eliminate human error, it's crucial to remember its weaknesses and the unique capabilities that humans bring to the table

AI blog

Eset

6.7.24

Hijacked: How hacked YouTube channels spread scams and malware

Here’s how cybercriminals go after YouTube channels and use them as conduits for fraud – and what you should watch out for when watching videos on the platform

Malware blog

Eset

6.7.24

Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe

Learn about the types of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year

Security blog

Eset

29.6.24

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign.

APT blog

Trend Micro

29.6.24

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

Cryptocurrency blog

Trend Micro

29.6.24

ICO Scams Leverage 2024 Olympics to Lure Victims, Use AI for Fake Sites

In this blog we uncover threat actors using the 2024 Olympics to lure victims into investing in an initial coin offering (ICO).

AI blog

Trend Micro

29.6.24

AI Coding Companions 2024: AWS, GitHub, Tabnine + More

AI coding companions are keeping pace with the high-speed evolution of generative AI overall, continually refining and augmenting their capabilities to make software development faster and easier than ever before.

AI blog

Trend Micro

29.6.24

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat.

Ransom blog

Trend Micro

29.6.24

Omdia Report: Trend Disclosed 60% of Vulnerabilities

The latest Omdia Vulnerability Report shows Trend Micro™ Zero Day Initiative™ (ZDI) spearheaded 60% of 2023 disclosures, underscoring its role in cybersecurity threat prevention.

Cyber blog

Trend Micro

29.6.24

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.

Phishing blog

Trend Micro

29.6.24

Not Just Another 100% Score: MITRE ENGENUITY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups.

Cyber blog

Trend Micro

29.6.24

StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe

The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer.

Malware blog

SonicWall

29.6.24

New Orcinius Trojan Uses VBA Stomping to Mask Infection

This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware.

Malware blog

SonicWall

29.6.24

Attack Paths Into VMs in the Cloud

This post reviews strategies for identifying and mitigating potential attack vectors against virtual machine (VM) services in the cloud.

Attack blog

Palo Alto

29.6.24

Attackers Exploiting Public Cobalt Strike Profiles

In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure.

Malware blog

Palo Alto

29.6.24

RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS

Android, Google’s most popular mobile operating system, powers billions of smartphones and tablets globally.

Malware blog

Checkpoint

29.6.24

SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

Cisco Talos recently discovered an ongoing campaign from SneakyChef, a newly discovered threat actor using SugarGh0st malware, as early as August 2023.

Malware blog

Cisco Blog

29.6.24

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login

Incident blog

Cisco Blog

29.6.24

Multiple vulnerabilities in TP-Link Omada system could lead to root access

Affected devices could include wireless access points, routers, switches and VPNs.

Vulnerebility blog

Cisco Blog

29.6.24

Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia

The new remote access trojan (RAT) dubbed SpiceRAT was used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia.

Malware blog

Cisco Blog

29.6.24

We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.

Cryptocurrency blog

Cisco Blog

29.6.24

Tabletop exercises are headed to the next frontier: Space

More on the recent Snowflake breach, MFA bypass techniques and more.

Cyber blog

Cisco Blog

29.6.24

Exploring malicious Windows drivers (Part 2): the I/O system, IRPs, stack locations, IOCTLs and more

As the second entry in our “Exploring malicious Windows drivers” series, we will continue where the first left off: Discussing the I/O system and IRPs.

Malware blog

Cisco Blog

29.6.24

How are attackers trying to bypass MFA?

Exploring trends on how attackers are trying to manipulate and bypass MFA, as well as when/how attackers will try their 'push-spray' MFA attacks

Security blog

Cisco Blog

29.6.24

How we can separate botnets from the malware operations that rely on them

A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.

BotNet blog

Cisco Blog

29.6.24

Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models

At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research.

Cyber blog

Project Zero

29.6.24

The Windows Registry Adventure #3: Learning resources

When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible.

Cyber blog

Project Zero

29.6.24

ESET Threat Report H1 2024

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Cyber blog

Eset

29.6.24

Cyber insurance as part of the cyber threat mitigation strategy

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategies

Cyber blog

Eset

29.6.24

Buying a VPN? Here’s what to know and look for

VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes

Cyber blog

Eset

29.6.24

The long-tail costs of a data breach – Week in security with Tony Anscombe

Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidents

Cyber blog

Eset

29.6.24

My health information has been stolen. Now what?

As health data continues to be a prized target for hackers, here's how to minimize the fallout from a breach impacting your own health records

Cyber blog

Eset

29.6.24

Hacktivism is evolving – and that could be bad news for organizations everywhere

Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat

Cyber blog

Eset

29.6.24

Preventative defense tactics in the real world

Don’t get hacked in the first place – it costs far less than dealing with the aftermath of a successful attack

Cyber blog

Eset

15.6.24

Microsoft Incident Response tips for managing a mass password reset

When an active incident leaves systems vulnerable, a mass password reset may be the right tool to restore security. This post explores the necessity and risk associated with mass password resets.

Security blog

Microsoft Blog

15.6.24

How to achieve cloud-native endpoint management with Microsoft Intune 

In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution.

Security blog

Microsoft Blog

15.6.24

The four stages of creating a trust fabric with identity and network security 

The trust fabric journey has four stages of maturity for organizations working to evaluate, improve, and evolve their identity and network access security posture.

Security blog

Microsoft Blog

15.6.24

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices 

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology (OT) devices.

Hacking blog

Microsoft Blog

15.6.24

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Malware blog

Trend Micro

15.6.24

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.

Exploit blog

Trend Micro

15.6.24

TargetCompany’s Linux Variant Targets ESXi Environments

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

Ransom blog

Trend Micro

15.6.24

SANS's 2024 Threat-Hunting Survey Review

In its ninth year, the annual SANS Threat Hunting Survey delves into global organizational practices in threat hunting, shedding light on the challenges and adaptations in the landscape over the past year.

Security blog

Trend Micro

15.6.24

It's Time to Up-Level Your EDR Solution

You may have EDR, but did you know you can add threat detection and response to improve a SecOps team’s efficiency and outcomes - read more.

Security blog

Trend Micro

15.6.24

Explore AI-Driven Cybersecurity with Trend Micro, Using NVIDIA NIM

Discover Trend Micro's integration of NVIDIA NIM to deliver an AI-driven cybersecurity solution for next-generation data centers.

AI blog

Trend Micro

15.6.24

The Lifecycle of a Threat: The Inner Workings of the Security Operations Center

See how SonicWall’s SOC handles a threat from discovery all the way to resolution in this detailed blog.

Security blog

SonicWall

15.6.24

Microsoft Security Bulletin Coverage for June 2024

Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege.

Vulnerebility blog

SonicWall

15.6.24

Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data

SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.

Exploit blog

SonicWall

15.6.24

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways.

Vulnerebility blog

SonicWall

15.6.24

Driving forward in Android drivers

Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broad variety of hardware

OS Blog

Project Zero

15.6.24

DarkGate again but... Improved?

DarkGate is back, if it ever left, with the latest version, the number 6, which includes new distribution methods, anti-analysis techniques and features.

Malware blog

Trelix

15.6.24

Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018.

Malware blog

Cisco Blog

15.6.24

Only one critical issue disclosed as part of Microsoft Patch Tuesday

The lone critical security issue is a remote code execution vulnerability due to a use-after-free issue in the HTTP handling function of Microsoft Message Queuing.

Vulnerebility blog

Cisco Blog

15.6.24

How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

The spyware, called AridSpy by ESET, is distributed through websites that pose as various messaging apps, a job search app, and a Palestinian Civil Registry app

Malware blog

Eset

15.6.24

ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024

The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023

APT blog

Eset

15.6.24

Arid Viper poisons Android apps with AridSpy

ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine

OS Blog

Eset

15.6.24

560 million Ticketmaster customer data for sale? – Week in security with Tony Anscombe

Ticketmaster seems to have experienced a data breach, with the ShinyHunters hacker group claiming to have exfiltrated 560 million customer data

Incident blog

Eset

8.6.24

Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks

Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult.

APT blog

Trend Micro

8.6.24

INC Ransomware Behind Linux Threat

This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago.

Ransom blog

SonicWall

8.6.24

Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)

The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways.

Vulnerebility blog

SonicWall

8.6.24

Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data

SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks.

BotNet blog

SonicWall

8.6.24

INSIDE THE BOX: MALWARE’S NEW PLAYGROUND

Over the past few months, we have been monitoring the increasing abuse of BoxedApp products in the wild.

Hacking blog

Checkpoint

8.6.24

The job hunter’s guide: Separating genuine offers from scams

$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data.

Spam blog

Eset

8.6.24

The murky world of password leaks – and how to check if you’ve been hit

Password leaks are increasingly common and figuring out whether the keys to your own kingdom have been exposed might be tricky – unless you know where to look

Incident blog

Eset

8.6.24

What happens when facial recognition gets it wrong – Week in security with Tony Anscombe

A facial recognition system misidentifies a woman in London as a shoplifter, igniting fresh concerns over the technology's accuracy and reliability

Security blog

Eset

1.6.24

STATIC UNPACKING FOR THE WIDESPREAD NSIS-BASED MALICIOUS PACKER FAMILY

Packers or crypters are widely used to protect malicious software from detection and static analysis.

Malware blog

Checkpoint

1.6.24

LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader

Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups.

APT blog

Cisco Blog

1.6.24

Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

Vulnerebility blog

Cisco Blog

1.6.24

AI in HR: Is artificial intelligence changing how we hire employees forever?

Much digital ink has been spilled on artificial intelligence taking over jobs, but what about AI shaking up the hiring process in the meantime?

AI blog

Eset

1.6.24

ESET World 2024: Big on prevention, even bigger on AI

What is the state of artificial intelligence in 2024 and how can AI level up your cybersecurity game? These hot topics and pressing questions surrounding AI were front and center at the annual conference.

AI blog

Eset

1.6.24

Beyond the buzz: Understanding AI and its role in cybersecurity

A new white paper from ESET uncovers the risks and opportunities of artificial intelligence for cyber-defenders

Cyber blog

Eset

25.5.24

Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia

A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter.

APT blog

Palo Alto

25.5.24

BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL

Void Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations.

APT blog

Checkpoint

25.5.24

SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN

Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean.

APT blog

Checkpoint

25.5.24

From trust to trickery: Brand impersonation over the email attack vector

Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.

Hacking blog

Cisco Blog

25.5.24

Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe

As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?

Ransom blog

Eset

25.5.24

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries

Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings

Malware blog

Eset

25.5.24

What happens when AI goes rogue (and how to stop it)

As AI gets closer to the ability to cause physical harm and impact the real world, “it’s complicated” is no longer a satisfying response

AI blog

Eset

25.5.24

Untangling the hiring dilemma: How security solutions free up HR processes

The prerequisites for becoming a security elite create a skills ceiling that is tough to break through – especially when it comes to hiring skilled EDR or XDR operators.

Security blog

Eset

18.5.24

Payload Trends in Malicious OneNote Samples

In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files.

Malware blog

Palo Alto

18.5.24

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild.

Hacking blog

Palo Alto

18.5.24

FOXIT PDF “FLAWED DESIGN” EXPLOITATION

PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments

Exploit blog

Checkpoint

18.5.24

Talos releases new macOS open-source fuzzer

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.

OS Blog

Cisco Blog

18.5.24

Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core

The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.

Vulnerebility blog

Cisco Blog

18.5.24

Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities

Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.

BigBrother blog

Cisco Blog

18.5.24

Rounding up some of the major headlines from RSA

Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.

Cyber blog

Cisco Blog

18.5.24

A new alert system from CISA seems to be effective — now we just need companies to sign up

Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.

Vulnerebility blog

Cisco Blog

18.5.24

The who, where, and how of APT attacks – Week in security with Tony Anscombe

This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

APT blog

Eset

18.5.24

To the Moon and back(doors): Lunar landing in diplomatic missions

ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs

APT blog

Eset

18.5.24

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

Cryptocurrency blog

Eset

18.5.24

ESET APT Activity Report Q4 2023–Q1 2024

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024

APT blog

Eset

11.5.24

Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution

Two vulnerabilities in this group — one in the Tinyroxy HTTP proxy daemon and another in the stb_vorbis.c file library — could lead to arbitrary code execution, earning both issues a CVSS score of 9.8 out of 10.

Vulnerebility blog

Cisco Blog

11.5.24

How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe

We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action

Security blog

Eset

11.5.24

In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024

Security blog

Eset

11.5.24

It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET

Cyber blog

Eset

11.5.24

RSA Conference 2024: AI hype overload

Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.

AI blog

Eset

11.5.24

How to inspire the next generation of scientists | Unlocked 403: Cybersecurity podcast

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flight

Security blog

Eset

11.5.24

The hacker’s toolkit: 4 gadgets that could spell security trouble

Their innocuous looks and endearing names mask their true power. These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

Malware blog

Eset

4.5.24

It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise

Our telemetry indicates a growing number of threat actors are turning to malware-initiated scanning attacks.

Malware blog

Palo Alto

4.5.24

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.

APT blog

Palo Alto

4.5.24

Vulnerabilities in employee management system could lead to remote code execution, login credential theft

Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.

Vulnerebility blog

Cisco Blog

4.5.24

James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape

Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation.

APT blog

Cisco Blog

4.5.24

Pay up, or else? – Week in security with Tony Anscombe

Organizations that fall victim to a ransomware attack are often caught between a rock and a hard place, grappling with the dilemma of whether to pay up or not

Ransom blog

Eset

4.5.24

Adding insult to injury: crypto recovery scams

Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over

Spam blog

Eset

4.5.24

MDR: Unlocking the power of enterprise-grade security for businesses of all sizes

We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth

Security blog

Eset

4.5.24

How space exploration benefits life on Earth: Q&A with David Eicher

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Phishing blog

Eset

28.4.24

Talos IR trends: BEC attacks surge, while weaknesses in MFA persist

Within BEC attacks, adversaries will send phishing emails appearing to be from a known or reputable source making a valid request, such as updating payroll direct deposit information.

Cyber blog

Cisco Blog

28.4.24

ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors.

Malware blog

Cisco Blog

28.4.24

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

Malware blog

Cisco Blog

28.4.24

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details

Phishing blog

Eset

28.4.24

Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity

Cyber blog

Eset

28.4.24

What makes Starmus unique? A Q&A with award-winning filmmaker Todd Miller

The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges, as well as why he became involved with Starmus

Security blog

Eset

28.4.24

The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and a sense of community within the Starmus universe

Security blog

Eset

28.4.24

Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Security blog

Eset

20.4.24

The Windows Registry Adventure #2: A brief history of the feature

Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it.

Vulnerebility blog

Project Zero

20.4.24

The Windows Registry Adventure #1: Introduction and research results

In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs.

Vulnerebility blog

Project Zero

20.4.24

Redline Stealer: A Novel Approach

Authored by Mohansundaram M and Neil Tyagi A new packed variant of the Redline Stealer trojan was...

Malware blog

Mcafee

20.4.24

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

Malware blog

Cisco Blog

20.4.24

Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials

Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks. Cisco Talos is actively monitoring a global increase in brute

Attack blog

Cisco Blog

20.4.24

The many faces of impersonation fraud: Spot an imposter before it’s too late

What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?

Security blog

Eset

20.4.24

The ABCs of how online ads can impact children’s well-being

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.

Security blog

Eset

20.4.24

Bitcoin scams, hacks and heists – and how to avoid them

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safe

Cryptocurrency blog

Eset

13.4.24

Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

Palo Alto Networks and Unit 42 are engaged in tracking activity related to CVE-2024-3400 and are working with external researchers, partners and customers to share information transparently and rapidly.

Vulnerebility blog

Palo Alto

13.4.24

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments.

APT blog

Palo Alto

13.4.24

Starry Addax targets human rights defenders in North Africa with new malware

Cisco Talos is disclosing a new threat actor we deemed “Starry Addax” targeting mostly human rights activists, associated with the Sahrawi Arab Democratic Republic (SADR) cause with a novel mobile malware.

Malware blog

Cisco Blog

13.4.24

Vulnerability in some TP-Link routers could lead to factory reset

There are also two out-of-bounds write vulnerabilities in the AMD Radeon user mode driver for DirectX 11.

Vulnerebility blog

Cisco Blog

13.4.24

eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit

Malware blog

Eset

13.4.24

Beyond fun and games: Exploring privacy risks in children’s apps

Should children’s apps come with ‘warning labels’? Here's how to make sure your children's digital playgrounds are safe places to play and learn.

Security blog

Eset

13.4.24

eXotic Visit campaign: Tracing the footprints of Virtual Invaders

ESET researchers uncovered the eXotic Visit espionage campaign that targets users mainly in India and Pakistan with seemingly innocuous apps

Cyber blog

Eset

13.4.24

7 reasons why cybercriminals want your personal data

Here's what drives cybercriminals to relentlessly target the personal information of other people – and why you need to guard your data like your life depends on it

Cyber blog

Eset

6.4.24

THE ILLUSION OF PRIVACY: GEOLOCATION RISKS IN MODERN DATING APPS

Dating apps often use location data, to show users nearby and their distances. However, openly sharing distances can lead to security issues.

BigBrother blog

Checkpoint

6.4.24

BEYOND IMAGINING – HOW AI IS ACTIVELY USED IN ELECTION CAMPAIGNS AROUND THE WORLD

Deepfake materials (convincing AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates) are often disseminated shortly before election dates to limit the opportunity for fact-checkers to respond.

AI blog

Checkpoint

6.4.24

AGENT TESLA TARGETING UNITED STATES & AUSTRALIA: REVEALING THE ATTACKERS’ IDENTITIES

When considering a notoriously famous topic known for quite a long time, it may feel like there is nothing new to add to this area anymore ­­– all paths traced, all words said, all “i”s dotted.

Malware blog

Checkpoint

6.4.24

MALWARE SPOTLIGHT: LINODAS AKA DINODASRAT FOR LINUX

In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America.

Malware blog

Checkpoint

6.4.24

CoralRaider targets victims’ data and social media accounts

Cisco Talos discovered a new threat actor we’re calling “CoralRaider” that we believe is of Vietnamese origin and financially motivated.

Social blog

Cisco Blog

6.4.24

Adversaries are leveraging remote access tools now more than ever — here’s how to stop them

While there are many legitimate uses for this software, adversaries are also finding ways to use them for command and control in their campaigns.

Malware blog

Cisco Blog

6.4.24

The devil is in the fine print – Week in security with Tony Anscombe

Temu's cash giveaway where people were asked to hand over vast amounts of their personal data to the platform puts the spotlight on the data-slurping practices of online services today

Security blog

Eset

6.4.24

How often should you change your passwords?

Answering this question is not as straightforward as it seems. Here’s what you should consider when it comes to keeping your accounts safe.

Security blog

Eset

6.4.24

Malware hiding in pictures? More likely than you think

There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat.

Malware blog

Eset

31.3.24

Threat Brief: Vulnerability in XZ Utils Data Compression Library Impacting Multiple Linux Distributions (CVE-2024-3094)

On March 28, 2024, Red Hat Linux announced CVE-2024-3094 with a critical CVSS score of 10.

Vulnerebility blog

Palo Alto

31.3.24

Exposing a New BOLA Vulnerability in Grafana

Unit 42 researchers have discovered a new Broken Object Level Authorization (BOLA) vulnerability that impacts Grafana versions from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.

Vulnerebility blog

Palo Alto

31.3.24

RDP remains a security concern – Week in security with Tony Anscombe

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result

Security blog

Eset

31.3.24

Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world

This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity

Cyber blog

Eset

31.3.24

Borrower beware: Common loan scams and how to avoid them

Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.

Spam blog

Eset

31.3.24

Cybersecurity starts at home: Help your children stay safe online with open conversations

Struggle to know how to help children and teens stay safe in cyberspace? A good ol’ fashioned chat is enough to put them on the right track.

Cyber blog

Eset

23.3.24

Large-Scale StrelaStealer Campaign in Early 2024

StrelaStealer malware steals email login data from well-known email clients and sends them back to the attacker’s C2 server.

Malware blog

Palo Alto

23.3.24

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens

Malware blog

Palo Alto

23.3.24

Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor

This article announces the publication of our first collaborative effort with the State Cyber Protection Centre of the State Service of Special Communications and Information Protection of Ukraine (SCPC SSSCIP).

Malware blog

Palo Alto

23.3.24

ETHEREUM’S CREATE2: A DOUBLE-EDGED SWORD IN BLOCKCHAIN SECURITY

Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds.

Cryptocurrency blog

Checkpoint

23.3.24

New details on TinyTurla’s post-compromise activity reveal full kill chain

We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.

APT blog

Cisco Blog

23.3.24

Netgear wireless router open to code execution after buffer overflow vulnerability

There is also a newly disclosed vulnerability in a graphics driver for some NVIDIA GPUs that could lead to a memory leak.

Vulnerebility blog

Cisco Blog

23.3.24

The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions

Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.

Ransom blog

Cisco Blog

23.3.24

Threat actors leverage document publishing sites for ongoing credential and session token theft

Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.

Incident blog

Cisco Blog

23.3.24

“Pig butchering” is an evolution of a social engineering tactic we’ve seen for years

In the case of pig butchering scams, it’s not really anything that can be solved by a cybersecurity solution or sold in a package.

Cyber blog

Cisco Blog

23.3.24

Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word

Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.

Vulnerebility blog

Cisco Blog

23.3.24

Not everything has to be a massive, global cyber attack

There are a few reasons why we’re so ready to jump to the “it’s a cyber attack!”

Attack blog

Cisco Blog

23.3.24

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

Vulnerebility blog

Cisco Blog

23.3.24

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

It’s important to be vigilant about tax-related scams any time these deadlines roll around, regardless of what country you’re in, but it’s not like you need to be particularly more skeptical in March and April.

Spam blog

Cisco Blog

23.3.24

AceCryptor attacks surge in Europe – Week in security with Tony Anscombe

The second half of 2023 saw massive growth in AceCryptor-packed malware spreading in the wild, including courtesy of multiple spam campaigns where AceCryptor packed the Rescoms RAT

Malware blog

Eset

23.3.24

Rescoms rides waves of AceCryptor spam

Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries

Malware blog

Eset

23.3.24

A prescription for privacy protection: Exercise caution when using a mobile health app

Given the unhealthy data-collection habits of some mHealth apps, you’re well advised to tread carefully when choosing with whom you share some of your most sensitive data

Malware blog

Eset

17.3.24

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled

This article will focus on the newly released BunnyLoader 3.0, as well as historically observed BunnyLoader infrastructure and an overview of its capabilities.

Malware blog

Palo Alto

17.3.24

Healthcare still a prime target for cybercrime gangs – Week in security with Tony Anscombe

Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in

Ransom blog

Eset

17.3.24

Threat intelligence explained | Unlocked 403: A cybersecurity podcast

We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats

Cyber blog

Eset

17.3.24

How to share sensitive files securely online

Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe

Security blog

Eset

17.3.24

Election cybersecurity: Protecting the ballot box and building trust in election integrity

What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?

Cyber blog

Eset

9.3.24

Threat Group Assessment: Muddled Libra (Updated)

Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation.

APT blog

Palo Alto

9.3.24

MAGNET GOBLIN TARGETS PUBLICLY FACING SERVERS USING 1-DAY VULNERABILITIES

Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vulnerabilities in public-facing services as an initial infection vector.

Vulnerebility blog

Checkpoint

9.3.24

GhostSec’s joint ransomware operation and evolution of their arsenal

Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.

Ransom blog

Cisco Blog

9.3.24

The 3 most common post-compromise tactics on network infrastructure

We discuss three of the most common post-compromise tactics that Talos has observed in our threat telemetry and Cisco Talos Incident Response (Talos IR) engagements.

Cyber blog

Cisco Blog

9.3.24

Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music

The bulk of her career was with a manufacturing company working as a security and email administrator, but she uses her criminal justice degree daily now with Talos IR helping to track down bad actors or helping customers understand adversaries’ motivation and tactics.

Cyber blog

Cisco Blog

9.3.24

APT attacks taking aim at Tibetans – Week in security with Tony Anscombe

Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor

APT blog

Eset

9.3.24

Evasive Panda leverages Monlam Festival to target Tibetans

ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans

APT blog

Eset

9.3.24

Top 10 scams targeting seniors – and how to keep your money safe

The internet can be a wonderful place. But it’s also awash with fraudsters preying on people who are susceptible to fraud.

Spam blog

Eset

9.3.24

Irresistible: Hooks, habits and why you can’t put down your phone

Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.

Security blog

Eset

3.3.24

Wireshark Tutorial: Exporting Objects From a Pcap

Palo Alto Networks customers are better protected from the malware samples in this tutorial through Cortex XDR and XSIAM.

Security blog

Palo Alto

3.3.24

The Art of Domain Deception: Bifrost's New Tactic to Deceive Users

First identified in 2004, Bifrost is a remote access Trojan (RAT) that allows an attacker to gather sensitive information, like hostname and IP address.

Malware blog

Palo Alto

3.3.24

Navigating the Cloud: Exploring Lateral Movement Techniques

We explore cloud lateral movement techniques in all three major cloud providers: Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, highlighting their differences compared to similar techniques in on-premises environments.

Hacking blog

Palo Alto

3.3.24

TimbreStealer campaign targets Mexican users with financial lures

Talos has observed a phishing spam campaign targeting potential victims in Mexico, luring users to download a new obfuscated information stealer we’re calling TimbreStealer, which has been active since at least November 2023.

Malware blog

Cisco Blog

3.3.24

Deceptive AI content and 2024 elections – Week in security with Tony Anscombe

As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year

AI blog

Eset

3.3.24

Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses

Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor

Security blog

Eset

3.3.24

Vulnerabilities in business VPNs under the spotlight

As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk

Vulnerebility blog

Eset

3.3.24

10 things to avoid posting on social media – and why

Do you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.

Social blog

Eset

25.2.24

Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns

On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology.

APT blog

Palo Alto

25.2.24

Intruders in the Library: Exploring DLL Hijacking

Dynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today.

Hacking blog

Palo Alto

25.2.24

2024 Unit 42 Incident Response Report: Navigating the Shift in Cybersecurity Threat Tactics

Our annual survey of incident data from more than 250 organizations and more than 600 incidents provides a Unit 42 perspective on the current state of security exposures.

Incident blog

Palo Alto

25.2.24

Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)

Feb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect.

Vulnerebility blog

Palo Alto

25.2.24

2024’S CYBER BATTLEGROUND UNVEILED: ESCALATING RANSOMWARE EPIDEMIC, THE EVOLUTION OF CYBER WARFARE TACTICS AND STRATEGIC USE OF AI IN DEFENSE – INSIGHTS FROM CHECK POINT’S LATEST SECURITY REPORT

Rising Threats: Cybersecurity landscape faces an unprecedented surge in ransomware attacks, with 1 in every 10 organizations globally being targeted in 2023.

Cyber blog

Checkpoint

25.2.24

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT.

APT blog

Cisco Blog

25.2.24

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

While distilling risk down to a simple numerical score is helpful for many in the security space, it is also an imperfect system that can often leave out important context.

Vulnerebility blog

Cisco Blog

25.2.24

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.

Malware blog

Cisco Blog

25.2.24

PSYOP campaigns targeting Ukraine – Week in security with Tony Anscomber

Coming in two waves, the campaign sought to demoralize Ukrainians and Ukrainian speakers abroad with disinformation messages about war-related subjects

BigBrother blog

Eset

25.2.24

Everything you need to know about IP grabbers

You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.

Security blog

Eset

25.2.24

Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war

A mix of PSYOPs, espionage and … fake Canadian pharmacies!

Cyber blog

Eset

25.2.24

Watching out for the fakes: How to spot online disinformation

Why and how are we subjected to so much disinformation nowadays, and is there a way to spot the fakes?

Security blog

Eset

18.2.24

Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon)

Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors.

APT blog

Palo Alto

18.2.24

New Vulnerability in QNAP QTS Firmware: CVE-2023-50358

This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices.

Vulnerebility blog

Palo Alto

18.2.24

THE RISKS OF THE #MONIKERLINK BUG IN MICROSOFT OUTLOOK AND THE BIG PICTURE

Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations.

Attack blog

Checkpoint

18.2.24

TinyTurla Next Generation - Turla APT spies on Polish NGOs

This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

APT blog

Cisco Blog

18.2.24

How are attackers using QR codes in phishing emails and lure documents?

QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.

Attack blog

Cisco Blog

18.2.24

Cyber-insurance and vulnerability scanning – Week in security with Tony Anscombe

Here's how the results of vulnerability scans factor into decisions on cyber-insurance and how human intelligence comes into play in the assessment of such digital signals

Vulnerebility blog

Eset

18.2.24

All eyes on AI | Unlocked 403: A cybersecurity podcast

Artificial intelligence is on everybody’s lips these days, but there are also many misconceptions about what AI actually is and isn’t. We unpack the basics and examine AI's broader implications.

AI blog

Eset

18.2.24

The art of digital sleuthing: How digital forensics unlocks the truth

Learn how the cyber variety of CSI works, from sizing up the crime scene and hunting for clues to piecing together the story that the data has to tell

Security blog

Eset

18.2.24

Deepfakes in the global election year of 2024: A weapon of mass deception?

As fabricated images, videos and audio clips of real people go mainstream, the prospect of a firehose of AI-powered disinformation is a cause for mounting concern

BigBrother blog

Eset

10.2.24

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

The ransomware landscape experienced significant transformations and challenges in 2023.

Ransom blog

Palo Alto

10.2.24

RASPBERRY ROBIN KEEPS RIDING THE WAVE OF ENDLESS 1-DAYS

Two new 1-day LPE exploits were used by the Raspberry Robin worm before they were publicly disclosed, which means that Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time.

Malware blog

Checkpoint

10.2.24

New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021.

Malware blog

Cisco Blog

10.2.24

How are user credentials stolen and used by threat actors?

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.

Cyber blog

Cisco Blog

10.2.24

OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. 

Vulnerebility blog

Cisco Blog

10.2.24

Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe

Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year

Ransom blog

Eset

10.2.24

The buck stops here: Why the stakes are high for CISOs

Heavy workloads and the specter of personal liability for incidents take a toll on security leaders, so much so that many of them look for the exits. What does this mean for corporate cyber-defenses?

Security blog

Eset

10.2.24

Left to their own devices: Security for employees using personal devices for work

As personal devices within corporate networks make for a potentially combustible mix, a cavalier approach to BYOD security won’t cut it

Security blog

Eset

10.2.24

Could your Valentine be a scammer? How to avoid getting caught in a bad romance

With Valentine’s Day almost upon us, here’s some timely advice on how to prevent scammers from stealing more than your heart

Security blog

Eset

4.2.24

Exploring the Latest Mispadu Stealer Variant

Unit 42 researchers recently discovered activity attributed to Mispadu Stealer, a stealthy infostealer first reported in 2019.

Malware blog

Palo Alto

4.2.24

ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign

Unit 42 researchers discovered a large-scale campaign we call ApateWeb that uses a network of over 130,000 domains to deliver scareware, potentially unwanted programs (PUPs) and other scam pages. Among these PUPs, we have identified several adware programs including a rogue browser and different browser extensions.

Spam blog

Palo Alto

4.2.24

Threat Assessment: BianLian

Unit 42 researchers have been tracking the BianLian ransomware group, which has been in the top 10 of the most active groups based on leak site data we’ve gathered.

BigBrother blog

Palo Alto

4.2.24

Financial Fraud APK Campaign

During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of malicious APKs targeting Chinese users that steals victim information and conducts financial fraud.

OS Blog

Palo Alto

4.2.24

Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors

Talos IR observed operations involving Play, Cactus, BlackSuit and NoEscape ransomware for the first time this quarter.

Ransom blog

Cisco Blog

4.2.24

OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges

Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve

Vulnerebility blog

Cisco Blog

4.2.24

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.

Malware blog

Cisco Blog

4.2.24

Grandoreiro banking malware disrupted – Week in security with Tony Anscombe

The banking trojan, which targeted mostly Brazil, Mexico and Spain, blocked the victim’s screen, logged keystrokes, simulated mouse and keyboard activity and displayed fake pop-up windows

Malware blog

Eset

4.2.24

VajraSpy: A Patchwork of espionage apps

ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group

APT blog

Eset

4.2.24

ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora

An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes

Cyber blog

Eset

4.2.24

ESET takes part in global operation to disrupt the Grandoreiro banking trojan

ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology

Malware blog

Eset

4.2.24

Cyber: The Swiss army knife of tradecraft

In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike

Cyber blog

Eset

4.2.24

Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe

The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK

APT blog

Eset

4.2.24

Assessing and mitigating supply chain cybersecurity risks

Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management

Cyber blog

Eset

4.2.24

NSPX30: A sophisticated AitM-enabled implant evolving since 2005

ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood

APT blog

Eset

4.2.24

Break the fake: The race is on to stop AI voice cloning scams

As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection

AI blog

Eset

20.1.24

Parrot TDS: A Persistent and Evolving Malware Campaign

This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders. It specifically focuses on more than 100 highly popular projects, aiming its attacks at token holders.

Malware blog

Palo Alto

20.1.24

CHECK POINT RESEARCH ALERTS ON A NEW NFT AIRDROP CAMPAIGN

A traffic direction system (TDS) nicknamed Parrot TDS has been publicly reported as active since October 2021. Websites with Parrot TDS have malicious scripts injected into existing JavaScript code hosted on the server. This TDS is easily identifiable by keywords found in the injected JavaScript that we will explore to show the evolution of this threat.

OS Blog

Checkpoint

20.1.24

Why many CISOs consider quitting – Week in security with Tony Anscombe

The job of a CISO is becoming increasingly stressful as cybersecurity chiefs face overwhelming workloads and growing concerns over personal liability for security failings

Security blog

Eset

20.1.24

Virtual kidnapping: How to see through this terrifying scam

Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims

Spam blog

Eset

20.1.24

Is Temu safe? What to know before you ‘shop like a billionaire’

Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal

Spam blog

Eset

20.1.24

The 7 deadly cloud security sins and how SMBs can do things better

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Security blog

Eset

14.1.24

Financial Fraud APK Campaign

During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar.

Hacking blog

Palo Alto

14.1.24

Medusa Ransomware Turning Your Files into Stone

Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog.

Ransom blog

Palo Alto

14.1.24

Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer

Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families we examine.

Malware blog

Palo Alto

14.1.24

.NET HOOKING – HARMONIZING MANAGED TERRITORY

For a malware researcher, analyst, or reverse engineer, the ability to alter the functionality of certain parts of code is a crucial step, often necessary to reach a meaningful result during the analysis process.

Malware blog

Checkpoint

14.1.24

New decryptor for Babuk Tortilla ransomware variant released

Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor.

Ransom blog

Cisco Blog

14.1.24

Lessons from SEC's X account hack – Week in security with Tony Anscombe

The cryptocurrency rollercoaster never fails to provide a thrilling ride – this week it was a drama surrounding the hack of SEC's X account right ahead of the much-anticipated decision about Bitcoin ETFs

Cryptocurrency blog

Eset

14.1.24

A peek behind the curtain: How are sock puppet accounts used in OSINT?

How wearing a ‘sock puppet’ can aid the collection of open source intelligence while insulating the ‘puppeteer’ from risks

Security blog

Eset

14.1.24

Attack of the copycats: How fake messaging apps and app mods could bite you

WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don’t get taken for a ride.

Social blog

Eset

14.1.24

Love is in the AI: Finding love online takes on a whole new meaning

Is AI companionship the future of not-so-human connection – and even the cure for loneliness?

AI blog

Eset

14.1.24

Cracking the 2023 SANS Holiday Hack Challenge

From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun

Hacking blog

Eset

14.1.24

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe

What are some of the key cybersecurity trends that people and organizations should have on their radars this year?

Security blog

Eset

14.1.24

Lost and found: How to locate your missing devices and more

Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy

Security blog

Eset

14.1.24

Say what you will? Your favorite speech-to-text app may be a privacy risk

Typing with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.

Security blog

Eset