Hot on the heels of the massive email distribution in the recent malicious campaign targeting Ukrainian state bodies and leveraging Remcos (Remote Control and Surveillance) Trojan, threat actors exploit another remote administration software dubbed Remote Utilities to hit Ukrainian organizations. CERT-UA warns the global cyber defender community of ongoing phishing attacks attributed to the UAC-0096 […]
Remcos Trojan (Remote Control and Surveillance) is frequently delivered by threat actors leveraging phishing attack vectors. The malware currently reemerges in the cyber threat arena to target Ukrainian government entities. On February 6, 2023, cybersecurity researchers released a new CERT-UA#5926 alert detailing the mass email distribution impersonating the Ukrtelecom JSC aimed to spread Remcos malware […]
Since the outbreak of the global cyber war, state bodies of Ukraine and its allies have become targets of diverse malicious campaigns launched by multiple hacking collectives. Threat actors frequently leverage phishing attack vectors to perform their adversary campaigns, like in December 2022’s cyber attacks distributing DolphinCape and FateGrab/StealDeal malware. On February 1, 2023, CERT-UA […]
Microsoft documents have fallen prey to phishing attacks, and adversaries are continuously looking for new ways to disseminate malicious strains. Security vulnerabilities compromising Microsoft products frequently cause a stir in the cyber threat arena, affecting a broad number of users, like in the case Follina zero-day flaw and CVE-2022-22005. Security researchers inform the global cyber […]
The russia-linked Sandworm APT group (aka UAC-0082) has been continuously targeting Ukrainian public systems and critical infrastructure for at least a decade. This group is responsible for massive blackouts throughout the country in 2015-2016 caused by the infamous BlackEnergy malware. That was followed by the NotPetya campaign in 2017, which eventually ended up creating a […]
Stay alert! Security researchers have discovered a notorious vulnerability posing a serious threat to users of a popular password manager KeePass. A security flaw, tracked as CVE-2023-24055, might affect KeePass version 2.5x, potentially allowing attackers to obtain stored passwords in cleartext. CVE-2023-24055 Detection With proof-of-concept (PoC) exploit available, and in view that KeePass is one […]
Another day, another critical RCE making rounds in the cyberthreat arena. This time security practitioners are urged to patch ASAP against a critical remote code execution bug (CVE-2022-47966) affecting multiple Zoho ManageEngine products. Since the proof of concept (PoC) exploit was publicly released last week, experts have observed a huge spike of in-the-wild attacks leveraging […]
Insights into How SOC Prime Achieved 100% YoY Growth While Withstanding the Challenges of War and Economic Recession Since russia’s full-scale invasion of Ukraine, SOC Prime has been on the frontline of war helping Ukraine and our customers defend themselves from the aggressor’s malicious activity in the cyber domain. Regardless of the challenges, we keep […]
Stay alert! Security researchers are warning the global cyber defender community of a zero-day vulnerability in FortiOS SSL-VPN, which was patched in December 2022. The security flaw tracked as CVE-2022-42475 and resulting in unauthenticated remote code execution (RCE) has been exploited in targeted attacks against government agencies and large organizations across the globe. Detect CVE-2022-42475: […]
With USB-spreading malware becoming a popular vector for initial access, cyber defenders remain vigilant in safeguarding the organization’s critical infrastructure. Cybersecurity researchers have recently observed malicious activity of the russia-linked cyberespionage group tracked as Turla APT leveraging legacy Andromeda USB-delivered malware to deploy novel backdoors and custom reconnaissance tools in cyber attacks against Ukraine. Detecting […]