Cybersecurity researchers discovered a new code execution technique that employs specially crafted MSC files and a Windows XSS flaw. The newly uncovered infection technique, dubbed GrimResource, allows attackers to perform code execution in the Microsoft Management Console (MMC). Defenders discovered a sample using GrimResource that was recently uploaded to VirusTotal in early June 2024, indicating […]
At least for two decades, we have been witnessing relentless changes in the threat landscape towards growth and sophistication, with both rough actors and state-sponsored collectives devising sophisticated offensive campaings against organizations globally. In 2024, adversaries, on average, proceed with 11,5 attacks per minute. Simultaneously, it takes 277 days for SecOps teams to detect and […]
In Q1 2024, Advanced Persistent Threat (APT) groups from China, North Korea, Iran, and russia demonstrated significantly enhanced and innovative offensive capabilities to proceed with sophisticated cyber-espionage campaigns. This surge in activity has posed considerable challenges to the global cybersecurity landscape. Recently, security experts revealed the activity of the China-linked Velvet Ant group infiltrating F5 […]
The China-linked cyber-espionage group Velvet Ant has been infiltrating F5 BIG-IP devices for about three years, using them as internal C2 servers, deploying malware, and gaining persistence to smartly evade detection and steal sensitive data. Detect Velvet Ant Attacks In Q1 2024, APT groups from various regions, including China, North Korea, Iran, and Russia, demonstrated […]
How Crowdsourcing Shapes Future Cyber Defense Strategies Crowdsourcing is one of the key pillars for building advanced cyber defense capable of addressing the new challenges of the modern threat landscape. With over 30K new vulnerabilities being discovered solely in 2023 and cyber attacks occurring every minute, standalone teams can hardly cope with the avalanche of […]
The TellYouThePass ransomware operators have been spotted behind a novel adversary campaign leveraging the PHP-CGI vulnerability tracked as CVE-2024-4577. Adversaries weaponize the flaw to upload web shells and distribute TellYouThePass ransomware on compromised instances. Detect TellYouThePass Ransomware Campaign In light of the newly uncovered PHP-CGI bug being swiftly weaponized for in-the-wild attacks, facilitating the distribution […]
Hot on the heels of the disclosure of CVE-2024-29849 and its PoC release, another security flaw is creating a buzz in the cyber threat landscape. Successful exploitation of CVE-2024-4577, which affects Windows-based PHP servers, could lead to RCE. The security bug is a CGI argument injection vulnerability that impacts all versions of PHP on the […]
Another day, another threat on the radar challenging cyber defenders. This time, cybersecurity heads-up refers to a nefarious flaw identified across Veem Backup Enterprise Manager (VBEM) enabling adversaries to bypass authentication and obtain full access to the platform’s web interface. Tracked as CVE-2024-29849, the bug achieved a 9.8 CVSS score, posing an increasing menace with […]
Make the Most of Advanced Threat Detection at No Extra Cost In today’s rapidly evolving cybersecurity landscape, where both rogue actors and well-funded state-sponsored entities continuously devise sophisticated attacks, maintaining relevant and up-to-date detection capabilities is more critical than ever. In Q1 2024, APT groups from various global regions, such as China, North Korea, Iran, […]
Publications In May, our content verification team received more than 300 submissions for review. After the review, and in some cases, repeated revisions with minor corrections to the code, 59 new unique threat detection rules by Threat Bounty Program content authors were successfully published on the Threat Detection Marketplace. Explore Detections The submissions that were […]