In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
Black Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.
‘Facing reality? Law enforcement and the challenge of deepfakes’ is the first report produced through the Observatory function of the Europol Innovation Lab. The Europol Innovation Lab’s Observatory function monitors technological developments that are relevant for law enforcement and reports on the risks, threats and opportunities of these emerging technologies. The report provides a detailed overview of the criminal use...
Hackers are stealing PII to apply for remote jobs and then using deepfakes to pass the interview.
We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.
We compare the targeting and business models of the Conti and LockBit ransomware groups using data analysis approaches. This will be presented in full at the 34th Annual FIRST Conference on June 27, 2022.
The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.
Crippled ports. Paralyzed corporations. Frozen government agencies. How a single piece of code crashed the world.
Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
Learn about the unique implementations of API Hammering malware samples and how to mitigate them.
Windows RPC enumeration, discovery, and auditing via NtObjectManager. We will audit the vulnerable RPC interfaces that lead to PetitPotam, discover how they have changed over the past year, and overcome some common RPC auditing pitfalls.
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.
The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows® operators and administrators properly
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files.
Raspberry Robin is a worm spread by external drives that leverages Windows Installer to download a malicious DLL.
I was checking the 2017 ShadowBrokers leaks when I noticed that one of the EQUATION GROUP tools leaked back then has no public references/analysis (at least as far as I can tell). So, here is what …
Although this looks like the real My Vodafone carrier app available in the App Store, it didn't come from the App Store and is not the real application from Vodafone. TAG suspects that a target receives a link to this app in an SMS, after the attacker asks the carrier to disable the target's mobile data connection. The SMS claims that in order to restore mobile data connectivity, the target must install the carrier app and includes a link to download and install this fake app.
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious…
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
