On April 18, 2022, CERT-UA issued an alert warning of ongoing cyber-attacks targeting Ukrainian state bodies. According to the research, government officials were exposed to targeted phishing attacks using emails related to Azovstal that contained malicious attachments spreading Cobalt Strike Beacon malware. The detected activity reflects the behavior patterns associated with the hacking collective tracked […]
The US governmental agencies ā CISA, FBI, NSA, and the Energy Department ā along with several corporate teams of cybersecurity researchers have sounded the alarm about nationwide threats to industrial control systems (ICS). According to the security investigators, APT actors leverage a destructive toolset to take over targeted machines upon establishing initial access to the […]
During the previous month, the attention and experience of the cybersecurity experts were especially required to help the industry withstand emerging devastating threats. Devoted members of the Threat Bounty community provided detections to protect against such threats as HermeticWiper, the FoxBlade malware, the attack of APT41 against the U.S. state government networks, exploitations of the […]
The 7-Zip file archiver versions of 21.07 have a serious security weak point. 7-Zip is one of the most in-demand tools to compress and package files with a wide array of supported formats including 7z, ZIP, GZIP, BZIP2, and TAR. The vulnerability tracked as CVE-2022-29072 grants adversaries elevated access and command execution when a file […]
Security researchers report alarming activity associated with a tailor-made malware dubbed Denonia to target Amazon Web Services (AWS) Lambda environments. The malware is written in the Go language. Once in the system, it is used to download, install, and execute the XMRig cryptomining files for Monero cryptocurrency mining. Detect Denonia Malware AWS Lambda malware, aka […]
Last week, VMware released an advisory urging users to patch eight vulnerabilities of various severity levels. Unpatched bugs enable the compromise of the following VMware products: VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and Suite Lifecycle Manager. The easiest prey on the hit list with the CVSS score of 9.8 […]
A new wave of phishing delivering Remcos RAT payload has been observed by security researchers. Remcos is a commercial remote administration trojan developed by Breaking Security firm, that is accessible for free from their website. According to the source that developed this tool, Remcos is capable of downloading entire folders in one click, using a […]
On March 30, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) put out a warning of a mass spread of malware named āMars Stealerā targeting individuals and organizations in Ukraine. According to the CERT-UA research, adversaries behind Mars Stealer attacks are traced back to the hacking group tracked as UAC-0041 (associated with AgentTesla and […]
A malware loader Colibri that appeared not so long time ago – in August 2021, has been recently discovered delivering Vidar payloads in a new ongoing Colibri Loader campaign. Researchers indicate that Colibri uses an unusual persistence technique that hasnāt been tracked until this time. Updated functionality motivates adversaries to keep selling their new malware […]
Update: According to the latest heads-up from Arpil 7, 2022, the Computer Emergency Response Team of Ukraine (CERT-UA) issued an alert with the details of the most recent phishing attack on Ukrainian state bodies hard on the heels of the attack kill chain a couple of days ago identified by the similar behavior patterns.Ā On […]