Gh0stCringe Malware: Variant of Notorious Gh0st RAT The Gh0stCringe, or CirenegRAT malware, based on the code of Gh0st RAT, is back, jeopardizing poorly protected Microsoft SQL and MySQL database servers. This remote access trojan (RAT) was first spotted in December 2018, and resurfaced in 2020 in China-linked cyber espionage attacks against governmental and corporate networks […]
NIGHT SPIDERās Zloader trojan has been quietly operating for the last few months at a global scale, conducting an intrusion campaign on a number of enterprises in various industries. The primary way to install malware was hidden within the legitimate software. For leveraging initial access, attackers used bundled .msi installers. The payloads were aimed at […]
Cyberspace is yet another frontier in the Russia-Ukraine war. Russia-backed large-scale Ńyber-attacks accompany military aggression against Ukraine, aiming to bring key elements of Ukrainian infrastructure offline. The newly spotted CaddyWiper malware adds to a strain of previously revealed cyber threats ā HermeticWiper, WhisperGate, and IsaacWiper. The novel data wiping malware does not bear a resemblance […]
The notorious Emotet is back, having its Epoch 5 resurgence after all the command and control (C&C) servers of the botnet were disrupted in a joint international law enforcement Operation Ladybird in early 2021. As per researchers, it was only a matter of time for Emotetās C&C infrastructure to restore and begin a full-fledged cyber-attack […]
The APT41 actors compromised six and counting U.S. state government networks starting May last year. APT41 conducted numerous exploits of public-facing web applications, including using notorious zero-day in Log4j, and leveraging a CVE-2021-44207 in USAHERDS web application, which is used in 18 states to monitor and report on animal health. Recent attacks are characterized by […]
Power of Community Collaboration On Thursday, February 24, 2022, the independent country of Ukraine was brutally attacked by Russian military forces. Turning down the regulations of international law, existing diplomatic agreements, and basic principles of humanity, the armed forces of the Russian Federation actively and openly supported by the ruling regime, have been barbarously attacking […]
The Chinese state-sponsored APT group TA416 (aka Mustang Panda/Red Delta) has been found targeting European government agencies and diplomatic entities that deliver services for Ukrainian refugees and migrants who flee from Russian aggression. A detailed analysis shows that attackers primarily aim at conducting long-term cyber-espionage campaigns rather than chasing immediate gains. The research conducted by […]
A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processesā interaction within the OS, dubbed a […]
On January 13, 2022, a devastating cyber-attack hit Ukraine, taking down online assets of the countryās government, in which attackers took advantage of a new data-wiping malware known as WhisperGate. Hard on the heels of this impactful incident, on February 23, cybersecurity analysts revealed another destructive malware targeting Ukrainian organizations dubbed HermeticWiper. This newly discovered […]
Our Threat Bounty community keeps growing and attracting more and more distinguished specialists in detection content development. This time, we want to introduce to you Furkan Celik – a senior security analyst in banking and one of our active contributors. Furkan has been with us since December 2019. He wrote precise detections that help to […]