Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]
Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]
Shields up! On September 22, 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released a directive urging all FCEB agencies to fix a flaw affecting Zoho ManageEngine products by mid-October. Indexed as CVE-2022-35405, the security issue is a critical Java deserialization flaw and is currently actively exploited in the wild. The flaw was documented in […]
Some things never grow old. In the world of security providers, there will always be a lack of professionals, time, and real-deal vendors, while you will always face an abundance of risks, complexity, and cost pressure. However, there are some less obvious challenges that impede the growth and scalability of your MSSP or MDR. Let’s […]
What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers don’t break in, they won’t be able to take their kill chain to another level. Earlier this year, Microsoft paid $13.7 million in bug […]
On September 15, Uber officially confirmed an attack resulting in an organization-wide cybersecurity breach. According to the security investigation, the organization’s system was severely hacked, with attackers moving laterally to gain access to the company’s critical infrastructure. The cybersecurity incident was brought to the limelight after a young hacker, who claimed to have breached Uber’s […]
August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]
In late July, Microsoft researchers released new evidence linking Raspberry Robin Windows worm to the activity of the russia-backed Evil Corp gang. Raspberry Robin, a USB-based worm designed as a malware loader, shows similar functionality and structural elements to those of Dridex malware, indicating that a notorious Evil Corp group may be behind the new […]
On August 30 and 31, 2022, CERT-UA revealed a burst of adversary activity massively distributing phishing emails among Ukrainian, Austrian, and German organizations. According to the corresponding CERT-UA#5252 alert, hackers exploit the email attachment vector spreading the notorious AgentTesla info-stealing malware. The malicious activity can be attributed to the behavior patterns of the hacking collective […]
The malicious campaigns of the Iran-backed APT34 hacking collective also tracked as Charming Kitten, have been causing a stir in the cyber threat arena in 2022, including the cyber-attacks exploiting Microsoft Exchange ProxyShell vulnerabilities. In late August 2022, cybersecurity researchers revealed the ongoing malicious activity posing a serious threat to Gmail, Yahoo!, and Microsoft Outlook […]