A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]
The APT41 actors compromised six and counting U.S. state government networks starting May last year. APT41 conducted numerous exploits of public-facing web applications, including using notorious zero-day in Log4j, and leveraging a CVE-2021-44207 in USAHERDS web application, which is used in 18 states to monitor and report on animal health. Recent attacks are characterized by […]
Power of Community Collaboration On Thursday, February 24, 2022, the independent country of Ukraine was brutally attacked by Russian military forces. Turning down the regulations of international law, existing diplomatic agreements, and basic principles of humanity, the armed forces of the Russian Federation actively and openly supported by the ruling regime, have been barbarously attacking […]
The Chinese state-sponsored APT group TA416 (aka Mustang Panda/Red Delta) has been found targeting European government agencies and diplomatic entities that deliver services for Ukrainian refugees and migrants who flee from Russian aggression. A detailed analysis shows that attackers primarily aim at conducting long-term cyber-espionage campaigns rather than chasing immediate gains. The research conducted by […]
A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]
One of the fiercest Russia-backed ransomware actors, Conti Group, has become a victim of a data breach. On February 27, 2022, a mysterious Twitter member @ContiLeaks started publishing a series of posts linking to archives with private messages and the source code of Conti. Other posts of a whistleblower make it quite obvious that he […]
On Feb 24, 2022, Ukraine woke up to multiple shelling attacks across the country as Russia aggressively invaded its neighbor, violating all current international agreements. Russian troops and tanks attacked Ukrainian borders on the East, West, and North, sent by the Kremlin as a next savage step in the continuous violation of territorial integrity of […]
On February 24, 2022, Russia launched a full-scale invasion of Ukraine. Russia has called this a “Special Military Operation” for peacekeeping aimed at the “Liberation of Ukraine”. The facts illustrate something altogether different as destruction has been massive and civilian populations have suffered greatly. The war has cost the lives of 2,000 civilians, and the […]
On February 23, 2022, prior to Russia’s offensive invasion of Ukraine, a new surge of digital threats hit Ukraine just a short period after an avalanche of cyber-attacks involving data-wiping WhisperGate and HermeticWiper malware strains targeted at Ukrainian entities. Microsoft Security Intelligence Center discovered a series of attacks leveraging a novel FoxBlade malware targeting multiple […]
On January 13, 2022, a devastating cyber-attack hit Ukraine, taking down online assets of the country’s government, in which attackers took advantage of a new data-wiping malware known as WhisperGate. Hard on the heels of this impactful incident, on February 23, cybersecurity analysts revealed another destructive malware targeting Ukrainian organizations dubbed HermeticWiper. This newly discovered […]