Tag: Detection Content

SOC Prime Threat Bounty — March 2022 Results
SOC Prime Threat Bounty — March 2022 Results

During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]

Read More
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions
CVE-2022-29072 Detection: Flaw in 7-Zip Grants Hackers Excessive Permissions

The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]

Read More
Parrot Traffic Direction System (TDS) Attacks
Parrot Traffic Direction System (TDS) Attacks

A novel Traffic Direction System (TDS), dubbed Parrot TDS, takes advantage of a network of hacked servers that host websites to route victims that fit the required profile to domains used to run scamming schemes or distribute malware. According to the current data, the number of compromised websites has reached 16,500 and counting. Adversaries primarily […]

Read More
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks
Tarrask Malware Detection: Defense Evasion Tool to Abuse Scheduled Tasks

China-backed collective tagged Hafnium (sometimes referred to as APT) has been spotted launching attacks on devices running Windows. The tool they used to generate “hidden” scheduled tasks and establish persistence within Windows instances under attack is dubbed Tarrask malware. Experts report about Internet and data providers being attacked extensively, within the most active attack time […]

Read More
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies
Detecting IcedID: The Latest Campaign Against Ukrainian Government Bodies

On April, 14, the Computer Emergency Response Team of Ukraine (CERT-UA) issued a new heads-up that warns of an ongoing cyber-attack leveraging the infamous IcedID malware designed to compromise Ukrainian state bodies. The detected malware also dubbed as BankBot or BokBot is a banking Trojan primarily designed to target financial data and steal banking credentials.  […]

Read More
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner
Denonia Malware Detection: Go-Based Wrapper Compromises AWS Lambda to Deploy Monero Miner

Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]

Read More
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities
Detect Industroyer2 and CaddyWiper Malware: Sandworm APT Hits Ukrainian Power Facilities

CERT-UA in collaboration with Microsoft and ESET has recently reported about the large-scale cyber-attack on the Ukrainian energy providers, marking the second power outage attack in human history. This latest activity is attributed to the russia-affiliated Sandworm APT group also tracked as UAC-0082.   In this very attack, threat actors leveraged Industroyer2, the latest sample of […]

Read More
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks
CVE-2022-22954 Detection: Critical Vulnerability Sets Grounds for RCE Attacks

Last week, VMware released an advisory urging users to patch eight vulnerabilities of various severity levels. Unpatched bugs enable the compromise of the following VMware products: VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and Suite Lifecycle Manager. The easiest prey on the hit list with the CVSS score of 9.8 […]

Read More
Remcos RAT Phishing Campaign: An Updated Infection Chain
Remcos RAT Phishing Campaign: An Updated Infection Chain

A new wave of phishing delivering Remcos RAT payload has been observed by security researchers. Remcos is a commercial remote administration trojan developed by Breaking Security firm, that is accessible for free from their website. According to the source that developed this tool, Remcos is capable of downloading entire folders in one click, using a […]

Read More
Detect META Information Stealer
Detect META Information Stealer

A new info-stealer malware follows in the footsteps of Mars Stealer and BlackGuard. The malware is available for $125 per month or $1,000 for a lifetime subscription. On darknet markets, META Stealer is advertised as an upgrade of RedLine Stealer, which was first revealed in 2020. META Information Stealer Detection To protect your company infrastructure […]

Read More