A hacker group tagged POLONIUM has been observed abusing Microsoft OneDrive personal storage service to drop custom malicious implants and launch supply chain attacks. Adversaries had succeeded in targeting more than 20 Israeli organizations before they were uncovered. There is substantial evidence that the hackers behind the attacks were based in Lebanon and were supported […]
Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]
Security researchers report on malicious activity associated with the distribution of BumbleBee malware traced back to the initial access broker (IAB) dubbed Exotic Lily. Research data suggest that adversaries use the file transfer tools such as TransferXL, TransferNow, and WeTransfer, to spread BumbleBee malware. The malware is used to launch Cobalt Strike attacks. Detect BumbleBee […]
A newly discovered bug in Zyxel products endangers tens of thousands of users in Europe and the U.S. The critical vulnerability affecting Zyxelās ATP series, VPN series, and USG FLEX series business firewalls is tracked as CVE-2022-30525, with a severity score of 9.8 CVSS. The vulnerability paves the way for hackers to execute arbitrary code […]
BlackByte ransomware targeting critical infrastructures in the U.S. and across the globe since mid-summer 2021 has recently morphed into a more advanced variant. Adversaries are known to exfiltrate data before deploying ransomware and then threaten organizations to leak the stolen data if a ransom is not paid. The ransomware samples were originally written in C# […]
Recent cybersecurity research has uncovered AvosLocker ransomware samples abusing the Avast Anti-Rootkit Driver file to disable anti-virus, which allows adversaries to evade detection and block defense. AvosLocker is known to represent a relatively novel ransomware family that appeared in the cyber threat arena to replace the infamous REvil, which was one of the most active […]
APT29 is a Russian state-sponsored espionage group also referred to by cybersecurity experts as Nobelium APT. The breadth of their attacks corresponds to Russia’s present geopolitical goals. Their latest attacks are characterized by utilizing BEATDROP and BEACON loaders to deploy BOOMMIC (VaporRage) malware. Security analysts report that the latest phishing campaigns were crafted to target […]
Overview and Analysis, Top Data Sources, and Relevant Sigma Rules to Detect Privilege Escalation SOC Prime cultivates collaboration from a global cybersecurity community and curates the most up-to-date Sigma rules aligned with the MITRE ATT&CKĀ® framework enabling teams to focus on threats they anticipate most. With the recently released On Demand subscriptions for SOC Primeās […]
Quantum ransomware has been in the limelight since late summer 2021, being involved in high-speed and dynamically escalating intrusions that left cyber defenders only a short window to timely detect and mitigate threats. According to the DFIR cybersecurity research, the latest Quantum ransomware attack observed ranks as one of the fastest cases that has taken […]
In March 2022, several novel vulnerabilities in the Java Spring framework were disclosed. One of these flaws affects a component in Spring Core, enabling adversaries to drop a webshell, granting Remote Command Execution (RCE). As of April 5, 2022, the SpringShell vulnerability tracked as CVE-2022-22965 is now confirmed to be of critical severity. CVE-2022-22965 Detection […]