Tag: Cyberattack

TunnelVision APT Group Exploits the Log4j
TunnelVision APT Group Exploits the Log4j

One of the most notorious exploits of 2021 made its loud entrance in the cybersecurity world in December, and now Log4Shell is back on the radar: Iran-linked TunnelVision APT did not let it rest in peace, striking with profiteering from VMware Horizon Log4j vulnerabilities, along with large-scale exploitation of Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange […]

Read More
Russian Nation-Backed Adversaries are Targeting the US Government Contractors: CISA Warning
Russian Nation-Backed Adversaries are Targeting the US Government Contractors: CISA Warning

On February 16, 2022, Cybersecurity and Infrastructure Security Agency (CISA) disclosed the latest intelligence information about Russia-linked cyber-attacks on the US Cleared Defense Contractors (CDCs) that have been in operation for at least two years now. The targeted CDCs had access to a variety of sensitive data sources, including weapons development, surveillance data, communication lines, […]

Read More
Lazarus APT Resurfaces to Exploit Windows Update and GitHub
Lazarus APT Resurfaces to Exploit Windows Update and GitHub

One month into 2022, there is no foreseeable slump in attacks; on the contrary, the cybersecurity field is bustling. The landscape is familiar: lurking hackers and security practitioners working doggedly to ensure no rest for the former. Late January, a new attack campaign, launched by a North Korea-linked APT, was discovered by the Malwarebytes Threat […]

Read More
BlackCat Ransomware Detection: Bad Luck Written in Rust
BlackCat Ransomware Detection: Bad Luck Written in Rust

Adversaries are searching for new means of turning up the heat, this time bringing new, Rust-written ransomware to attack organizations in the U.S., Europe, Australia, India, and the Philippines. ALPHV BlackCat ransomware developers target Windows and Linux OSs through 3rd party framework/toolset (e.g., Cobalt Strike) or by exploiting vulnerable applications. The BlackCat gang is now […]

Read More
Detect CVE-2021-4034: A Notorious PwnKit Vulnerability Affecting All Major Linux Distros
Detect CVE-2021-4034: A Notorious PwnKit Vulnerability Affecting All Major Linux Distros

What goes on in the dark must come out in the light. Security experts have revealed an especially dangerous 12-year-old bug affecting nearly all Linux hosts. The flaw enables full root access on literally any Linux machine for a local, unprivileged threat actor if successfully exploited. CVE-2021-4034 (PwnKit) Description While the cyber domain is still […]

Read More
The Most Refined UEFI Firmware Implant: MoonBounce Detection
The Most Refined UEFI Firmware Implant: MoonBounce Detection

A newly minted UEFI firmware malicious implant dubbed “MoonBounce” is ravaging in the wild. The threat is believed to be the handiwork of a Chinese-speaking APT41 hacking gang, aka Double Dragon or Winnti. This UEFI rootkit is set out to cause a stir, having already obtained the title of the most stealthy of all the […]

Read More
Detect CVE-2022-21907: A Wormable RCE in Windows Server
Detect CVE-2022-21907: A Wormable RCE in Windows Server

Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]

Read More
Destructive Cyber-Attack Against Ukrainian Government
Destructive Cyber-Attack Against Ukrainian Government

Overview, Analysis, and Lessons Learned On January 13, 2021, a massive data-wiping cyber-attack hit Ukraine, taking down the online assets of the country’s government. As of January 17, 2021, up to 70 websites experienced temporary performance issues due to the intrusion, including the Cabinet, seven ministries, the Treasury, the National Emergency Service, and the state […]

Read More
Detecting BlackByte Ransomware Attacks
Detecting BlackByte Ransomware Attacks

Another day —  another major challenge for security practitioners. Meet BlackByte, a new ransomware-as-a-service (RaaS) ring that is hard forging the way to the top of the threat list. First incidents attributed to the BlackByte collective were detected in July 2021, and since then adversaries evolved their tactics and tools significantly. Currently, security researchers observe […]

Read More
Babadeda Crypter Detection
Babadeda Crypter Detection

Meet Babadeda, a new notorious crypter in the arsenal of threat actors. The malware has been actively leveraged by adversaries since May 2021 to bypass security protections and covertly deliver a variety of threats to unsuspecting victims. Multiple infostealers and remote access Trojans (RATs) have been deployed with the help of Babadeda. Moreover, LockBit maintainers […]

Read More