Tag: Cyberattack

CVE-2022-21907
Detect CVE-2022-21907: A Wormable RCE in Windows Server

Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]

Read More
Destructive Cyber-Attack Against Ukrainian Government

Overview, Analysis, and Lessons Learned On January 13, 2021, a massive data-wiping cyber-attack hit Ukraine, taking down the online assets of the country’s government. As of January 17, 2021, up to 70 websites experienced temporary performance issues due to the intrusion, including the Cabinet, seven ministries, the Treasury, the National Emergency Service, and the state […]

Read More
Detecting BlackByte Ransomware Attacks

Another day —  another major challenge for security practitioners. Meet BlackByte, a new ransomware-as-a-service (RaaS) ring that is hard forging the way to the top of the threat list. First incidents attributed to the BlackByte collective were detected in July 2021, and since then adversaries evolved their tactics and tools significantly. Currently, security researchers observe […]

Read More
Detecting Babadeda
Babadeda Crypter Detection

Meet Babadeda, a new notorious crypter in the arsenal of threat actors. The malware has been actively leveraged by adversaries since May 2021 to bypass security protections and covertly deliver a variety of threats to unsuspecting victims. Multiple infostealers and remote access Trojans (RATs) have been deployed with the help of Babadeda. Moreover, LockBit maintainers […]

Read More
Trojanized IDA Pro
Detecting Trojanized IDA Pro Installers Distributed by Lazarus Hackers

The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro  According to the research by ESET, […]

Read More
Nobelium detection
NOBELIUM APT Attacks Global IT Supply Chain to Spy on Downstream Customers

Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]

Read More
MysterySnail Attack Detection

Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]

Read More
Atom Silo Ransomware
Detecting Atom Silo Ransomware Infections

Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]

Read More
Microsoft Exchange ProxyShell Attack
Microsoft Exchange ProxyShell Attack Detection

Thousands of Microsoft Exchange servers remain vulnerable to ProxyShell remote code execution vulnerabilities despite the patches issued in April-May. To make things even worse, security researchers are observing a significant spike in scans for vulnerable Exchange servers, after the technical overview of the ProxyShell attack was revealed at the Black Hat conference on August 4-5, […]

Read More
Pulse Connect Secure Patch Bypass
CVE-2021-22937 Detection: Patch Bypass Vulnerability in Pulse Connect Secure

Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]

Read More