Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]
Overview, Analysis, and Lessons Learned On January 13, 2021, a massive data-wiping cyber-attack hit Ukraine, taking down the online assets of the country’s government. As of January 17, 2021, up to 70 websites experienced temporary performance issues due to the intrusion, including the Cabinet, seven ministries, the Treasury, the National Emergency Service, and the state […]
Another day — another major challenge for security practitioners. Meet BlackByte, a new ransomware-as-a-service (RaaS) ring that is hard forging the way to the top of the threat list. First incidents attributed to the BlackByte collective were detected in July 2021, and since then adversaries evolved their tactics and tools significantly. Currently, security researchers observe […]
Meet Babadeda, a new notorious crypter in the arsenal of threat actors. The malware has been actively leveraged by adversaries since May 2021 to bypass security protections and covertly deliver a variety of threats to unsuspecting victims. Multiple infostealers and remote access Trojans (RATs) have been deployed with the help of Babadeda. Moreover, LockBit maintainers […]
The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro According to the research by ESET, […]
Infamous Nobelium APT group strikes again! This time covert Russia-backed threat actor goes after technology service providers at a global scale to spy on their downstream customers. Hackers have targeted at least 140 IT service orgs since May 2021, with 14 of them being successfully compromised. NOBELIUM APT Group NOBELIUM APT group (APT29, CozyBear, and […]
Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]
Ransomware actors attempt to stay at the forefront of the malicious trends in their strive for bigger profits. Recently, security researchers spotted a new threat actor leveraging a critical vulnerability in Atlassian Confluence (CVE-2021-26084) to proceed with ransomware infections. Dubbed Atom Silo, the gang relies on CVE-2021-26084 alongside several novel evasion techniques to fly under […]
Thousands of Microsoft Exchange servers remain vulnerable to ProxyShell remote code execution vulnerabilities despite the patches issued in April-May. To make things even worse, security researchers are observing a significant spike in scans for vulnerable Exchange servers, after the technical overview of the ProxyShell attack was revealed at the Black Hat conference on August 4-5, […]
Ivanti has addressed a critical security hole (CVE-2021-22937) that affects its Pulse Connect Secure VPNs. The flaw is a bypass of the patch issued in October last year to mitigate the CVE-2020-8260, a notorious bug that allows malicious admins to execute arbitrary code remotely with root privileges. CVE-2021-22937 Description According to the in-depth inquiry by […]