Tag: Emir Erdogan

SystemBC Malware Increasingly Used as Ransomware Backdoor

A new version of SystemBC malware is increasingly leveraged by ransomware maintainers to pave their way into the targeted environments. Security experts indicate that top ransomware-as-a-service (RaaS) collectives, including DarkSide, Ryuk, and Cuba, leverage SystemBC as a persistent backdoor able to maintain access to the attacked instances and perform a variety of notorious activities. What […]

Read More
Lazarus APT Targets Japanese Organizations with VSingle and ValeforBeta Malware

Security researchers are observing an ongoing malicious activity launched by the infamous Lazarus APT against Japanese organizations. Most of the infections follow the same routine and rely on VSingle and ValeforBeta malware samples. VSingle and ValeforBeta Analysis The latest inquiry by Shusei Tomonaga shows that VSingle malware acts as an HTTP bot designed to download […]

Read More
Chinese APT Targets 5G Providers Around The Globe

McAfee Advanced Threat Research (ATR) Strategic Intelligence team has uncovered a long-lasting cyber-espionage operation targeting major telecommunication providers worldwide. According to security researchers, Chinese nation-baked hackers have planted malware to the networks of multiple US, EU, and SouthEast Asian telecom firms to carry out reconnaissance and steal secret information linked to 5G technology. The malicious […]

Read More
Oracle WebLogic Server Vulnerability (CVE-2021-2109) Results in Complete Server Takeover

A high-severity remote code execution issue in Oracle Fusion Middleware Console enables full Oracle WebLogic Server compromise. New Oracle WebLogic Server Vulnerability The flaw allows an authenticated actor with high privileges to misuse the “JndiBinding” Handler and launch a JNDI (Java Naming and Direction Interface) injection. This, in turn, enables retrieving and deserialization of a […]

Read More
Lazarus Group Attacks Manufacturing and Electrical Industries in Europe

The infamous Lazarus APT group (aka HiddenCobra, APT37) was yet again spotted agitating the world of cyber. This time security analysts revealed a highly targeted cyber-espionage campaign aimed at major manufacturing and electrical industry enterprises across Europe.  Lazarus Toolset and Attack Scenario The initial attack vector used by Lazarus hackers was similar to that leveraged […]

Read More
CVE-2020-14882

In late October 2020, the world of cybersecurity spotted malicious activity targeted at the Oracle WebLogic servers. This activity took the form of recurring exploitation of a RCE weakness in the Oracle WebLogic server console component known as CVE-2020-14882. This CVE was rated as critical by gaining 9,8 scores on the CVSS scale.  CVE-2020-14882 Overview […]

Read More
Phobos Ransomware Detection: SOC Content Against EKING Attacks

Phobos Ransomware represents the relatively new ransomware family based on Dharma (CrySis) that has been notorious since 2016. The first traces of Phobos were spotted less than two years ago, at the turn of 2019. SOC Prime Threat Detection Marketplace, the world’s largest platform for SOC content, offers Phobos ransomware detection scenarios among its library […]

Read More
Detection for Critical Vulnerability in Aruba ClearPass (CVE-2020-7115)

Aruba Networks, the subsidiary of Hewlett Packard Enterprise, has released a Security Advisory on recently discovered multiple vulnerabilities in their product leveraged by enterprise clients worldwide. In this article, we will cover the details of the most severe of the reported Remote Command Execution vulnerability in Aruba ClearPass (CVE-2020-7115) with CVSS 8.1, and content to […]

Read More
Behaviour Analysis of Redline Stealer

Infostealers occupy a special place among malware, since, with their simplicity, they very effectively cope with their primary tasks: to collect all potentially valuable information in the system, exfiltrate it to the command-and-control server, and then delete themselves and traces of their activities. They are used by both beginners and advanced threat actors, and there are […]

Read More
Recent Attacks of Lazarus APT

The Lazarus APT group is one of the few state-sponsored cyber espionage units that also handle financially motivated cybercrimes and it is the most profitable threat actor in the cryptocurrency scene which managed to steal about $2 billion. In 2017 alone, the group stole more than half a billion dollars in cryptocurrency, so their interest […]

Read More