On February 23, 2022, CISA launched an alert stating that the UK National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have detected the use of a novel malicious strain known as Cyclops Blink. As a replacement of the […]
The Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) released a joint cybersecurity advisory in regards to the activities of the BlackByte Ransomware-as-a-Service (RaaS) gang. BlackByte ransomware has been used against the businesses located in the USA as the primary targets. The greatest costs fall heavily on the critical infrastructure sectors such […]
One of the most notorious exploits of 2021 made its loud entrance in the cybersecurity world in December, and now Log4Shell is back on the radar: Iran-linked TunnelVision APT did not let it rest in peace, striking with profiteering from VMware Horizon Log4j vulnerabilities, along with large-scale exploitation of Fortinet FortiOS (CVE-2018-13379) and Microsoft Exchange […]
Our Threat Bounty community keeps growing and attracting more and more distinguished specialists in detection content development. This time, we want to introduce to you Furkan Celik – a senior security analyst in banking and one of our active contributors. Furkan has been with us since December 2019. He wrote precise detections that help to […]
January ‘22 Results In January 2022, Threat Bounty content authors successfully submitted 178 unique detections to the SOC Prime Platform. 179 rules failed the verification by SOC Prime Team and couldn’t have been improved to match our content quality requirements. Also, a significant number of rules went through several iterations of SOC Prime Team review […]
On February 15, 2022, Proofpoint researchers warned about the TA2541 hacker group. A criminal cluster dubbed TA2541 has been active since 2017 (yet, managing to stay rather low-key) and is reported to consistently spread remote access trojans (RATs), enabling adversaries to obtain sensitive data from the breached networks and devices, or even get control of […]
Adversaries always look for new tricks to maximize the success of their malicious operations. This time cyber crooks are taking advantage of the recent announcement of Windows 11’s broad deployment phase to target users with malware-laced upgrade installers. In case downloaded and executed, unsuspecting victims got their systems infected with RedLine information stealer. What Is […]
You can’t teach an old dog new tricks. Yet, cybercriminals ignore common stereotypes, updating QBot with new nefarious tricks to attack victims globally. This malware “veteran” emerged back in 2007, yet security researchers observe QBot being constantly updated to ride the wave of malicious trends. For instance, security researchers observe QBot maintainers increasingly abusing the […]
LockBit operators are accelerating rapidly. The gang has been on cybersecurity professionals’ radar since 2019, revamping with the launch of a LockBit ransomware version 2.0 in June 2021. On February 07, 2022, The Federal Bureau of Investigations (FBI) released IOCs, warning about LockBit 2.0 ransomware attacks. The current data suggest that the novel campaign is […]
One month into 2022, there is no foreseeable slump in attacks; on the contrary, the cybersecurity field is bustling. The landscape is familiar: lurking hackers and security practitioners working doggedly to ensure no rest for the former. Late January, a new attack campaign, launched by a North Korea-linked APT, was discovered by the Malwarebytes Threat […]