DarkSide ransomware, a relatively novel player in the cyber threat arena, continues to gather news headlines for successful attacks against world-leading vendors. The list of the recent intrusions includes the chemical distribution company Brenntag, which paid adversaries $4.4 million ransom, and Colonial Pipeline, a company providing fuel supply for the US East Coast. DarkSide Ransomware […]
A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]
Security researchers from Kaspersky Lab have uncovered a previously unknown Windows rootkit stealthily leveraged by a China-affiliated APT actor for years to install backdoors on the infected instances. Dubbed Moriya, the rootkit provides attackers with the ability to capture network traffic and covertly execute commands on the compromised devices while flying under the radar of […]
Dell computers worldwide are potentially vulnerable to attacks due to high-severity flaws introduced back in 2009. According to experts, a set of five issues tracked together as CVE-2021-21551 affects Dell DBUtil driver and allows adversaries to gain kernel-mode privileges on the affected machines. Although CVE-2021-21551 has been present in the driver for more than a […]
On May 3, 2021, Ivanti issued a security update addressing highly critical security holes in its Pulse Connect Secure SSL VPN appliance. The flaws have been reportedly used by APT actors to target government agencies, critical infrastructure objects, and private firms across the U.S. Pulse Connect Secure Vulnerabilities According to the CISA security alert from […]
Australian software producer Click Studios has fallen victim to a security breach that resulted in a supply-chain attack. In April 2020, adversaries successfully compromised the upgrade mechanism of Click Studios’ Passwordstate enterprise password management app to deliver Moserpass malware onto the users’ devices. The number of affected customers is currently unknown, however, the vendor claims […]
Meet a fresh and hot newscast highlighting the power of our community! Today we want to introduce you to Shelly Raban, a keen developer contributing to SOC Prime’s Threat Bounty Program since November 2020. Shelly swiftly became a prolific SOC content creator, concentrating her efforts on YARA rules. You can refer to Shelly’s detections of […]
On April 20, 2021, US-CERT issued an alert warning about an ongoing malicious campaign abusing vulnerable Pulse Connect Secure products to attack organizations across the US. The campaign broke forth in June 2020 and involved multiple security incidents affecting government agencies, critical infrastructure assets, and private sector organizations. Threat actors rely on a set of […]
Check Point Research’s Global Threat Index for March 2021 reveals that IcedID banking Trojan operators are entering the big game. Last month IcedID was included in the Index for the first time, at once taking second place right after the infamous Dridex. A surge in infections and notoriety is explained by the innovative delivery methods […]
Experts from ESET have uncovered a new malicious sample leveraged by Lazarus APT to target an unnamed South African freight company. The malware, dubbed Vyveva, obtains impressive backdoor capabilities, which are used by the nation-backed actor for reconnaissance and cyber-espionage. Vyveva Backdoor Overview Vyveva is a custom threat applied by the North Korean state-sponsored group […]