One of the world's biggest chipmakers confirmed a data breach after the LockBit ransomware gang targeted one of its third-party providers.
AhnLab Security Emergency response Center (ASEC) has confirmed instances where DNS TXT records were being utilized during the execution process of malware.
This is considered meaningful from various perspectives, including analysis and detection as this method has not been widely utilized as a means of executing malware.
The Securities and Exchange Commission has notified the chief financial officer and CISO of SolarWinds about potential enforcement actions related to the 2020 cyberattack against the company’s Orion software platform, the company disclosed in a regulatory filing with the agency.
I stumbled upon an intriguing concept presented by Will Thomas (BushidoToken) in his blog post titled “Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz.” This concept revolves around utilizing stylometry to identify potential modifications in new ransomware variants based on existing popular strains. If you’re interested, you can read the blog post here. (Notably, Will Thomas also appeared on Dark Net Diaries, discussing his tracking of the Revil ransomware.)
Cyble Research & Intelligence Labs examines the Linux variant of Akira Ransomware and assesses its impact on various sectors.
The efforts by governments in Europe and elsewhere to degrade Russia's human intelligence networks could have blowback in other areas, Swiss intelligence is warning.
Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva
Les équipes d’Orange Cyberdefense ont détecté le trafic réseau anormal ayant trahi l’occurrence d’une cyberattaque. Celui-ci impliquait un compte VPN mis à disposition d’un tiers à fin de maintenance applicative.
Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.
The dismantling of EncroChat in 2020 sent shockwaves across OCGs in Europe and beyond. It helped to prevent violent attacks, attempted murders, corruption and large-scale drug transports, as well as obtain large-scale information on organised crime. OCGs worldwide illegally used the encryption tool EncroChat for criminal purposes. Since the dismantling, investigators managed to intercept, share and analyse over 115...
Toute personne qui pirate l'infrastructure IT d'autrui sans le consentement de l'exploitant est en p
Additional techniques UNC3886 utilized across multiple organizations to evade EDR solutions.
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.
A data breach reveals the spyware is built by a Polish developer
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may exploit to bypass existing security controls. In this blog post, our team is detailing on a comprehensive research specifically focused on process injection techniques utilized by attackers to deceive robust security products integrated into the security stack, such as EDRs and XDRs. Throughout the blog post, we will delve into various process injection techniques e
Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to current (and past) anti-American sentiment in Russia.
Bumblebee is a malware loader first discovered in March 2022. It was associated with Conti group and was being used as a replacement for BazarLoader. It acts as a primary vector for multiple types of other malware, including ransomware.
IcedID is a modular banking malware designed to steal financial information. It has been seen in the wild since at least 2017 and has recently been observed shifting some of its focus to malware delivery.
Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Explore JOKERSPY, a recently discovered campaign that targets financial institutions with Python backdoors. This article covers reconnaissance, attack patterns, and methods of identifying JOKERSPY in your network.
During routine detection maintenance, our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
