Tag: Osman Demir

IBM QRadar Remote Code Execution Vulnerability (CVE-2020-4888) Detection

On January 27, 2021, IBM released an official patch for a serious remote code execution vulnerability affecting its QRadar SIEM. CVE-2020-4888 Description The security hole occurs because the Java deserialization function fails to deserialize a user-supplied input securely. As a result, remote low-privileged hackers can execute arbitrary commands on the affected system by sending a […]

Read More
Zeoticus 2.0: Nasty Ransomware Strain Receives Major Upgrade

Starting from December 2020, a new version of Zeoticus ransomware has been actively targeting users in the wild. Zeoticus 2.0 comes with better performance and enhanced offline capabilities, posing a bigger threat to businesses worldwide.  What is Zeoticus Ransomware? Zeoticus is a relatively new malware sample that appeared in the cyber threat arena in December […]

Read More
MuddyWater APT Uses ScreenConnect to Spy on Middle East Governments

Security experts from Anomali have revealed a targeted cyber-espionage operation aimed at the United Arab Emirates (UAE) and Kuwait governments. The malicious campaign was launched by an Iranian state-sponsored actor known as MuddyWater (Static Kitten, MERCURY, Seedworm). According to the researchers, adversaries relied on the legitimate software tool ConnectWise Control (formerly ScreenConnect) to move laterally […]

Read More
New Zoom Phishing Abuses Constant Contact to Bypass SEGs

The challenging year of 2020 saw many businesses increase their reliance on the internet, shifting to work-from-home workforces. Such a trend resulted in a blasting spike in video conferencing apps usage. Cyber criminals didn’t miss the chance to advantage their malicious perspectives. Starting from spring 2020, they registered many fake domains to deliver malicious ads […]

Read More
Quasar RAT: Detecting Malicious Successors

Quasar remote administration tool (RAT) is a multi-functional and light-weight malware actively used by APT actors since 2014. Quasar’s code is publicly available as an open-source project, which makes the Trojan extremely popular among adversaries due to its broad customization options. As a result, a variety of samples exist inside the Quasar malware family. Many […]

Read More
Oski Info Stealer Empties Crypto Wallets, Extracts Browser Data

Data theft malware continues to get the ride of popularity among financially-motivated hackers. Increased interest boosts the development of new sophisticated strains promoted on the underground market. Obviously, the cheapest and simultaneously functional offerings grab attention first. This is where Oski stealer comes to the spotlight as highly dangerous and relatively low-priced malware. Oski Stealer […]

Read More
Warzone RAT Malware Used by Confucius APT in Targeted Attacks

Security researchers have spotted an ongoing Confucius APT campaign that leverages Warzone RAT malware to compromise its targets. The campaign is presumably aimed at the governmental sector of China and other South Asia countries. Warzone RAT Description Warzone remote access Trojan (RAT), a prolific successor of AveMaria stealer, first emerged in 2018 as a malware-as-a-service […]

Read More
New QRAT Variant Distributed via Trump-themed Spam Campaign

Cyber-criminals constantly take advantage of the “hottest” media topics to lure victims and infect them with malware. This time hackers decided to profit from the increased attention to the last US presidential elections and launched a Donald Trump-themed spam campaign. The final goal of this operation is to distribute the latest QRAT Trojan malware variant, […]

Read More
DoppelPaymer Ransomware Detection

DoppelPaymer ransomware is gaining momentum as a leading threat to critical infrastructure assets. According to the FBI warning released in December 2020, DoppelPaymer has targeted multiple organizations in healthcare, educational, governmental and other sectors. The attack routine is highly sophisticated and aggressive, allowing its operators to extort six- and seven-digit ransoms from their victims. Notably, […]

Read More
CVE-2020-29583: Secret Backdoor Vulnerability in Zyxel Products

Threat actors exploit a recently discovered Zyxel secret backdoor in the wild. It’s high time to patch since adversaries are instantly searching for vulnerable installations to gain momentum before updates are installed. CVE-2020-29583 Overview The bug occurs since a number of Zyxel products incorporate an undocumented root account leveraging hardcoded login details accessible in the […]

Read More