Tag: Threat Detection Marketplace

Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More
DarkCrystal RAT
DarkCrystal RAT Detection: Russia-Affiliated APT Targets Ukrainian Telecom Companies

On June 24, 2022, CERT-UA warned about a new malicious campaign targeting telecommunication providers in Ukraine. According to the investigation, russia-linked adversaries launched a massive phishing campaign delivering DarkCrystal remote access Trojan (RAT), able to perform reconnaissance, data theft, and code execution on the affected instances. The malicious activity is tracked as UAC-0113, which with […]

Read More
Matanbuchus Loader
Matanbuchus Malware Detection: New Malspam Campaign Distributes Malware Loader and Cobalt Strike

Matanbuchus first surfaced in early 2021 as a malware-as-a-service (MaaS) project at a rental price of $2,500. Matanbuchus is a loader that uses two DLLs during the malware’s run cycle. This year the malware is delivered in phishing attacks aimed at deploying Cobalt Strike beacons. Detect Matanbuchus Malware For an efficient Matanbuchus malware detection, use […]

Read More
CVE-2022-1040 Detection: DriftingCloud APT Group Exploits RCE Flaw in Sophos Firewall

A notorious Chinese APT group known under the moniker “DriftingCloud” targets a cybersecurity firm Sophos. Namely, the threat actor is believed to be behind the active exploitation of a security hole in Sophos firewall. The flaw, tracked as CVE-2022-1040, scores 9.8 in severity and has been affecting Sophos Firewall versions 18.5 MR3 and older since […]

Read More
DFSCoerce Detection: New NTLM Relay Attack Enabling Windows Domain Takeover

Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoft’s Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackers’ control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]

Read More
New Voicemail Phishing Scam
Fake Voicemail Campaign Detection: New-Old Phishing Attack Hits the U.S.

A new phishing campaign is on the rise, impacting a wide range of industries and organizations in the U.S., including critical infrastructures such as security, healthcare and pharmaceuticals, the military, and also manufacturing supply chain. The scam began sweeping across the U.S. in May 2022 and is still going on. The targets receive a phishing […]

Read More
GoodWill Ransomware
GoodWill Ransomware Detection: New Malware Forces Its Victims to Pay Back to Society

A rather peculiar type of malware has recently hit the headlines. The new strain is dubbed GoodWill ransomware, and its novelty lies in the nature of the demands that victims have to fulfill to get the decryption key. The ransomware operators, claiming that they are “hungry for kindness”, expect their targets to support those in […]

Read More
Lyceum .NET DNS Backdoor
Lyceum .NET DNS Backdoor Detection: Iranian Nation-Backed APT Group Leverages New Hijacking Malware

Cybersecurity researchers have recently shed light on a wave of new cyber attacks by the Iranian nation-backed APT group acting under the moniker “Lyceum” also known as HEXANE. Lyceum actors have been operating in the cyber threat arena since 2017 mainly targeting Middle East organizations in the energy and telecom industry sectors. In the latest […]

Read More
Blue Mockingbird Threat Actor
Telerik UI Vulnerability Exploit Detection: Blue Mockingbird Leverages CVE-2019-18935

Blue Mockingbird cybercrime group has been on the cybersecurity radar for about two years now. In the current campaign, the threat actor exploits the vulnerabilities discovered in 2019 in a popular Telerik UI suite for ASP.NET AJAX that includes around 120 components. The major vulnerability, tracked as CVE-2019-18935 with a critical severity level of 9.8, […]

Read More
PureCrypter Loader Detection: Now Upgraded to Boost Malicious Activity; Spreads Remote Access Trojans and Infostealers

Cybersecurity researchers have observed the activity of a more advanced version of a fully-functional malware loader dubbed PureCrypter that has been actively distributing remote access Trojans (RATs) and information stealers since March 2021. Notorious malware samples delivered using PureCrypter include AsyncRAT, LokiBot, Remcos, Warzone RAT, NanoCore, Arkei Stealer, and RedLine Stealer. The updated features of […]

Read More