QBot, aka Qakbot, has been around since 2007, while its companion, a threat actor group tagged Black Basta, first surfaced just a few months ago – in April 2022. According to the latest insights into a partnership between Qakbot and Black Basta, the latter uses this modular information stealer to travel through the compromised system […]
A hacker group tagged POLONIUM has been observed abusing Microsoft OneDrive personal storage service to drop custom malicious implants and launch supply chain attacks. Adversaries had succeeded in targeting more than 20 Israeli organizations before they were uncovered. There is substantial evidence that the hackers behind the attacks were based in Lebanon and were supported […]
In December 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-linked cybercriminal gang tracked as Evil Corp (aka Dridex, INDRIK SPIDER) that stood behind the deployment and distribution of the notorious Dridex malware targeting banks and financial institutions for nearly a decade. In an attempt to evade sanctions, threat actors […]
Adversaries launch headline-making attacks against vulnerable Confluence Servers worldwide. Atlassian alerts their users to the security risks associated with an RCE flaw detected in all supported versions of Confluence (Server and Data Center). The bug is tracked as CVE-2022-26134, with the vendor rating it to be of the highest severity level. As of the 3d […]
Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]
Keksec, aka Nero and Freakout, the threat actor behind the advanced EnemyBot botnet, is expanding its reach by leveraging more exploits, compromising multiple organizations regardless of their industry vertical. The EnemyBot malware authors took all the best and left behind the obsolete of code used in other botnets such as Gafgyt, Qbot, or Mirai. The […]
Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]
Instantly Explore the Latest Trends and Adjust Search Results to Illustrate ATT&CK Tactics and Techniques Most Relevant to Your Threat Profile SOC Prime recently released the industry-first search engine for Threat Hunting, Threat Detection, and Cyber Threat Intelligence allowing InfoSec professionals to discover comprehensive cyber threat information including relevant Sigma rules instantly convertible to 25+ […]
Researchers warn the global InfoSec community of a new malware campaign aimed to spread the infamous Cobalt Strike Beacon malware via fake Proof of Concept (POC) exploits of the newly patched Windows vulnerabilities, including the critical RCE flaw tracked as CVE-2022-26809. The public availability of fake exploits in GitHub raises the stakes exposing millions of […]
In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]