Australian software producer Click Studios has fallen victim to a security breach that resulted in a supply-chain attack. In April 2020, adversaries successfully compromised the upgrade mechanism of Click Studios’ Passwordstate enterprise password management app to deliver Moserpass malware onto the users’ devices. The number of affected customers is currently unknown, however, the vendor claims […]
Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of […]
On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]
Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]
Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]
On April 6, 2021, US-CERT issued an urgent alert warning about an ongoing malicious campaign that leverages old vulnerabilities in mission-critical SAP applications to target organizations worldwide. According to security experts, threat actors apply a variety of techniques, tactics, and procedures to target insecure instances. The successful attack might result in full system compromise, sensitive […]
The REvil gang stands behind the avalanche of attacks targeting major companies across the US, Europe, Africa, and South America. In March 2021, ransomware operators claimed almost a dozen of intrusions that resulted in sensitive data compromise. The list of victims includes law firms, construction companies, international banks, and manufacturing vendors. As per news reports, […]
Security analysts from Guardicore Labs have recently detected a new variant of the notorious Purple Fox rootkit, which now propagates as a worm across Windows machines. This latest malware upgrade results in a significant spike of Purple Fox infections, showing a 600% increase since spring 2020. This ongoing campaign relies heavily on port scanning and […]
Despite being patched for three years already, hackers reportedly rely on an old remote code execution vulnerability in Microsoft Office (CVE-2017-11882) to infect victims with malware. According to the threat analysis report from HP Bromium, the flaw accounts for nearly three-quarters of all exploits leveraged in Q4 2020. CVE-2017-11882 Description CVE-2017-11882 is a memory corruption […]
Security researchers are observing an ongoing malicious activity launched by the infamous Lazarus APT against Japanese organizations. Most of the infections follow the same routine and rely on VSingle and ValeforBeta malware samples. VSingle and ValeforBeta Analysis The latest inquiry by Shusei Tomonaga shows that VSingle malware acts as an HTTP bot designed to download […]