Cybersecurity experts have uncovered an ongoing adversary campaign exploiting 3CXDesktopApp, a software application for business communication used by 12 million customers worldwide. According to the reports, threat actors gain initial access to the compromised environment, deploy payloads, and then attempt to drop info-stealing malware capable of hijacking login credentials at the final attack stage. Detecting […]
Stay alert! Adversaries set eyes on Aspena Faspex, an IBM file-exchange application frequently used by large enterprises to speed up file transfer procedures. Specifically, threat actors attempt to leverage a pre-authenticated remote code execution (RCE) vulnerability (CVE-2022-47986) affecting the app to proceed with ransomware attacks. At least two ransomware collectives were spotted exploiting CVE-2022-47986, including […]
The massive cyber incident at Ferrari that compromised some of the company customers’ personal data has recently hit the headlines. Ferrari, the Italian industry-leading car manufacturer, covered the company’s data breach after threat actors that gained access to part of the organization’s IT infrastructure demanded a ransom not to leak the stolen data. Ferrari uncovered […]
Security heads-up for cyber defenders! Microsoft has recently fixed a critical elevation of privilege vulnerability (CVE-2023-23397) affecting Microsoft Outlook for Windows that allows adversaries to dump hash passwords from targeted instances. Notably, the flaw has been exploited in the wild as a zero-day since April 2022, being utilized in cyber-attacks against the government, military, and […]
Threat actors tracked as 8220 Gang have been observed leveraging a new crypter called ScrubCrypt, which targets Oracle WebLogic servers. According to cybersecurity researchers, the infection chain is triggered by the successful exploitation of compromised Oracle WebLogic servers and leads to spreading the ScrubCrypt by downloading a PowerShell script. Detect ScrubCrypt Attacks Targeting Oracle Weblogic […]
New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]
Old dog, new tricks! Security researchers revealed PlugX remote access Trojan (RAT) is masquerading as a popular open-source Windows debugger tool dubbed x65dbg. Relying on DLL side-loading for this spoofing trick, nefarious RAT is able to slip past security controls and gain full control over the targeted instance. PlugX Remote Access Trojan Detection The PlugX […]
Approaching the date of one-year anniversary of the outbreak of full-fledged war in Ukraine, cyber defenders addressed the risks of potential attacks against Ukraine and its allies by russian offensive forces. On February 23, CERT-UA cybersecurity researchers revealed the malicious activity attributed to the UAC-0056 hacking group, which was observed in malicious campaigns against Ukraine […]
How Fusing Sigma & MITRE ATT&CK® Empowers Collective Cyber Defense to Gain a Competitive Advantage in the Global Cyber War This article is based on the original interview conducted by AIN.UA and covered in the corresponding article.  In this second part of the interview with SOC Prime’s Founder, CEO, and Chairman, Andrii Bezverkhyi, we’ll provide […]
February 2023 can be marked as a month of ongoing adversary campaigns against Ukraine, exploiting the phishing attack vector and leveraging remote access software. Close on the heels of phishing attacks spreading Remcos RAT and abusing Remote Utilities software, another mass email distribution targeting Ukrainian organizations garners attention from cyber defenders. The latest CERT-UA#6011 alert […]