Another day, another critical RCE making rounds in the cyberthreat arena. This time security practitioners are urged to patch ASAP against a critical remote code execution bug (CVE-2022-47966) affecting multiple Zoho ManageEngine products. Since the proof of concept (PoC) exploit was publicly released last week, experts have observed a huge spike of in-the-wild attacks leveraging […]
Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe. Detect CVE-2022-42475: […]
With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]
BlueNoroff, which is part of the larger Lazarus Group, is a financially-motivated hacking collective striving to gain financial benefits from its offensive capabilities. The group, known for stealing cryptocurrency and commonly applying Word documents and LNK files for initial intrusion, has currently been leveraging new adversary methods. In the latest attacks, BlueNoroff experiments with new […]
In late December 2022, cybersecurity researchers observed a new burst of malicious activity distributing the noteworthy IcedID botnet. In this ongoing adversary campaign, threat actors abuse Google pay-per-click (PPC) ads to spread the novel variant of malware tracked as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Detecting IcedID Botnet Infections Through Malvertising In view that the IcedID botnet is constantly evolving, […]
Phishing attacks on Ukrainian state bodies spreading diverse malware strains have not been a rarity throughout 2022. Hard on the heels of a phishing cyber attack against Ukraine distributing DolphinCape malware, another phishing campaign is causing a stir in the cyber threat arena. On December 18, 2022, CERT-UA researchers issued the latest alert tracked as […]
Since the outbreak of the global cyber war, SOC Prime stays on the frontline helping Ukraine and its allies defend from russian aggression. On December 8, 2022, CERT-UA researchers received information from the cybersecurity department of the state Railway Transport Organization of Ukraine “Ukrzaliznytsia” about the distribution of phishing emails impersonating the State Emergency Service […]
A notorious North Korea-backed APT group, Lazarus, continuously broadens its attack surface, leveraging fraudulent cryptocurrency apps to distribute the AppleJeus malware. In this latest adversary campaign, Lazarus hackers use fake cryptocurrency apps dubbed BloxHolder to drop AppleJeus malware, gain initial access to networks, and steal crypto assets. During the last four years, Lazarus APT group […]
Cybersecurity researchers have observed a burst of the new malicious activity of the Emotet botnet, which has been under the radar for almost half a year. The infamous Trojan attributed to the malicious activity of the TA542 hacking group came back in November 2022, expanding its dominance and impact in the email threat landscape. In […]
Ransomware is a number one threat posing a significant menace to security defenders worldwide, with the attack trend constantly growing throughout 2021-2022. Recently, security experts revealed a massive QakBot malware campaign increasingly targeting U.S.-based vendors to deliver Black Basta ransomware. During the last decade of November 2022, at least 10 businesses in the United States […]