Privilege exploitation attacks in Microsoft’s Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the company’s products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]
Bad luck for Linux-based system maintainers – security experts have revealed a sophisticated surveillance implant that has flown under the radars of endpoint protection vendors for five years, secretly infecting thousands of Linux environments. Dubbed BPFDoor, the malware abuses the Berkeley Packet Filter (BPF) to act as a backdoor and proceed with reconnaissance. This makes […]
SOC Prime Launches New Subscription Plans to Accelerate Threat Detection with Customized, On-Demand Content In general, detection engineering suffers from the need to continuously hunt for aggressive, damaging, current and long-impactful cyber threats. The need for automated, systematic, repeatable, predictable and shareable approaches is glaring. Especially for most detection engineers that must function as threat […]
On April 28, 2022, CERT-UA published a heads-up notifying of the latest phishing cyber-attack on Ukrainian government entities using the Metasploit framework. The malicious activity can be attributed to the adversary behavior patterns of a group tracked as UAC-0098. Moreover, this most recent attack is believed to be traced to the activity of the TrickBot […]
On April 26, Microsoft 365 Defender Research Team discovered a couple of novel vulnerabilities collectively dubbed Nimbuspwn, enabling adversaries to escalate privileges on multiple Linux desktop environments. The newly detected Nimbuspwn flaws have been identified as CVE-2022-29799 and CVE-2022-29800. Once chained together, these flaws give hackers the green light to obtain root privileges, lead to […]
Quantum ransomware has been in the limelight since late summer 2021, being involved in high-speed and dynamically escalating intrusions that left cyber defenders only a short window to timely detect and mitigate threats. According to the DFIR cybersecurity research, the latest Quantum ransomware attack observed ranks as one of the fastest cases that has taken […]
Cybersecurity researchers have revealed a security hole in the Microsoft’s Windows Active Directory (AD) allowing active users to add machines to the domain even without Admin privileges, which exposes to the machine to risk of privilege escalation attacks. According to the default settings, an AD user can add up to ten workstations to the domain. […]
On April 26, 2022, cybersecurity researchers reported about an ongoing phishing cyber-attack on Ukraine spreading GraphSteel and GrimPlant malware strains according to the latest CERT-UA warning. The malicious activity is attributed to the behavior patterns of the hacking collective tracked as UAC-0056, a nefarious cyber espionage group also dubbed SaintBear, UNC258, or TA471. The targeted […]
Lazarus APT has become a frequent guest of our blog posts. According to the recent security reports, North Korean State-Sponsored APT acts quickly, jeopardizing financial and critical infrastructures, blockchain technology-oriented companies, and the cryptocurrency sector. The U.S. government organizations released details about malware-laced cryptocurrency applications under the umbrella term “TraderTraitor”, distributed via a phishing campaign […]
Hackers have infiltrated Google search results, driving traffic to a bogus website mimicking legitimate Microsoft pages with Windows OS updates. To be more precise, adversaries are using the “windows11-upgrade11[.]com” domain to host and spread information stealer malware disguised as a Windows 11 updates pack. Tricked users download fake updates, in reality getting an ISO file […]