The notorious Microsoft Office zero-day vulnerability tracked as CVE-2022-30190 aka Follina is still being actively exploited by multiple hacking organizations across the world. On June 10, 2022, CERT-UA released a new alert warning of ongoing cyber-attacks targeting Ukrainian media organizations. Threat actors continue to leverage the CVE-2022-30190 vulnerability in the latest malicious email campaign aimed […]
Meet SVCReady, a new malicious loader on the arena! The novel strain is heavily distributed via phishing campaigns since April 2022, leveraging an unusual infection routine. According to experts, SVCReady relies on shellcode hidden within the properties of the Microsoft Office document allowing it to fly under the radar of security solutions. Since malware is […]
Steel yourself for new vulnerabilities revealed in the open-source observability platform leveraged by millions of users from across the globe, which in 2021 was in the spotlight in the cyber threat arena due to a notorious CVE-2021-43798 zero-day flaw actively exploited in the wild. Grafana, the open-source analytics and monitoring platform leveraged by global organizations […]
In December 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-linked cybercriminal gang tracked as Evil Corp (aka Dridex, INDRIK SPIDER) that stood behind the deployment and distribution of the notorious Dridex malware targeting banks and financial institutions for nearly a decade. In an attempt to evade sanctions, threat actors […]
Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]
Instantly Explore the Latest Trends and Adjust Search Results to Illustrate ATT&CK Tactics and Techniques Most Relevant to Your Threat Profile SOC Prime recently released the industry-first search engine for Threat Hunting, Threat Detection, and Cyber Threat Intelligence allowing InfoSec professionals to discover comprehensive cyber threat information including relevant Sigma rules instantly convertible to 25+ […]
Cybersecurity researchers turn the spotlight on a novel zero-day vulnerability in Microsoft Office seen in the wild. On May, 27, Follina zero-day flaw was first documented and reported to have been submitted from Belarus. According to the research, the newly discovered Microsoft Office zero-day vulnerability can lead to arbitrary code execution on compromised Windows devices. […]
Researchers warn the global InfoSec community of a new malware campaign aimed to spread the infamous Cobalt Strike Beacon malware via fake Proof of Concept (POC) exploits of the newly patched Windows vulnerabilities, including the critical RCE flaw tracked as CVE-2022-26809. The public availability of fake exploits in GitHub raises the stakes exposing millions of […]
In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]
As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions. Recently, security researchers […]