In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]
As Discord is gaining extreme popularity among online user communities, with 150 million people using it as of 2021, hackers turn their sights to this chat, VoIP, and digital distribution platform. The possible attack surface is vast and promising, allowing threat actors to abuse Discord for malware distribution and other nefarious actions. Recently, security researchers […]
On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]
While cybersecurity professionals are working hard to augment SOC operations with more scalable and innovative solutions, threat actors are also putting an effort not to be left to bring up the rear in this everlasting security race. Security researchers detect the surge in the numbers of malware-as-a-service (MaaS) offers, with its operators coming with new […]
Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]
Iranian state-backed adversaries are accelerating their pace by leveraging different attack vectors and targeting multiple industries across the world. Hot on the heels of the spear-phishing campaign launched by the infamous APT34 group spreading a new Saitama backdoor, another Iran-linked hacking collective hits the headlines performing ransomware attacks against U.S. companies. The Iranian nation-backed COBALT […]
Company’s Recognition for Excellence Awards Finalist in the Most Promising Early-Stage Startup Category Ranked as the industry’s most prestigious and competitive accomplishment, the SC Awards recognizes future-proof solutions, progressive organizations, and leaders that are driving innovation and transforming cybersecurity. This year marks the 25th anniversary of the SC Awards initiative, which includes two main award […]
This blog post argues for SIGMA as a detection language, covers the most critical SIGMA rule components (logsource & detection), SIGMA taxonomy, testing SIGMA Rules, and generally prepares analysts who are new to SIGMA to write their first rules. A short discussion on detection engineering with SIGMA is also provided regarding noise, ideas, log sources, […]
Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordan’s Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]
The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2. Armageddon APT Targeting […]