BlackByte ransomware reemerges in the cyber threat arena exploiting a security flaw in legitimate drivers to disable EDR products on compromised devices. Cybersecurity researchers have revealed that ransomware operators apply an advanced adversary technique dubbed “Bring Your Own Driver” enabling them to bypass security products and spread infection on vulnerable machines. Detect BlackByte Ransomware Used […]
Cybersecurity researchers have recently uncovered novel Cheerscrypt Linux-based ransomware. The delivery of ransomware strains has been linked to the China-backed group Emperor Dragonfly also tracked as Bronze Starlight. The hacking collective was also spotted in earlier cyber attacks spreading encrypted Cobalt Strike beacons after gaining initial access to VMware Horizon servers and exploiting the infamous […]
Cybersecurity researchers have recently revealed a new wave of adversary campaigns leveraging a malware tool named NullMixer spread via malicious websites. The malware dropper is a lure masquerading as legitimate software, which further deploys a set of Trojans infecting the victim’s system. NullMixer hackers apply advanced SEO tactics to distribute the malware affecting popular search […]
Shields up! On September 22, 2022, The Cybersecurity and Infrastructure Security Agency (CISA) released a directive urging all FCEB agencies to fix a flaw affecting Zoho ManageEngine products by mid-October. Indexed as CVE-2022-35405, the security issue is a critical Java deserialization flaw and is currently actively exploited in the wild. The flaw was documented in […]
A new stealthy Linux malware named Shikitega is on the prowl for its victims. Its operators set up highly evasive attacks, targeting Linux and IoT devices. The Shikitega malware analysis shows that adversaries have adopted a multi-stage infection chain, aiming to achieve full control of the compromised system, exploit vulnerabilities, establish persistence, and drop additional […]
Honeypot activity spotted by one of the cybersecurity vendors confirmed that the cryptojacking TeamTNT gang is back on the prowl. The threat actor was first detected in early 2020, targeting cloud environments. However, in late 2021 TeamTNT adversaries tweeted a farewell message, which seemed to be true since the past year’s attacks that were traced […]
On September 15, Uber officially confirmed an attack resulting in an organization-wide cybersecurity breach. According to the security investigation, the organization’s system was severely hacked, with attackers moving laterally to gain access to the company’s critical infrastructure. The cybersecurity incident was brought to the limelight after a young hacker, who claimed to have breached Uber’s […]
The process of stealing data from a corporate system is also known as exfiltration. MITRE ATT&CK® has dedicated an entire tactic to illegal copying, downloading, and transferring of organizations’ internal data with significant levels of sensitivity. Data exfiltration examples can be quite obvious, like copying files to a thumb drive; and quite stealthy, like DNS […]
August ‘22 Publications In August, 151 Sigma rules submitted by Threat Bounty Program members passed the SOC Prime acceptance validation and were released on the SOC Prime Platform. Totally, 313 rules were declined during the review’s first iteration for different reasons, including content quality, the detection value of the suggested code, full of partial duplication […]
The malware called OriginLogger is advertised as a compelling RAT with a user-friendly web panel, smart logger, and a powerful keyboard hook. OriginLogger malware description also details the multiple language support feature. The malware strain is designed to run on Windows-based operating systems. The OriginLogger RAT was recommended as a substitution for another infamous keystroke […]