QBot, aka Qakbot, has been around since 2007, while its companion, a threat actor group tagged Black Basta, first surfaced just a few months ago – in April 2022. According to the latest insights into a partnership between Qakbot and Black Basta, the latter uses this modular information stealer to travel through the compromised system […]
A hacker group tagged POLONIUM has been observed abusing Microsoft OneDrive personal storage service to drop custom malicious implants and launch supply chain attacks. Adversaries had succeeded in targeting more than 20 Israeli organizations before they were uncovered. There is substantial evidence that the hackers behind the attacks were based in Lebanon and were supported […]
In December 2019, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the Russia-linked cybercriminal gang tracked as Evil Corp (aka Dridex, INDRIK SPIDER) that stood behind the deployment and distribution of the notorious Dridex malware targeting banks and financial institutions for nearly a decade. In an attempt to evade sanctions, threat actors […]
Adversaries launch headline-making attacks against vulnerable Confluence Servers worldwide. Atlassian alerts their users to the security risks associated with an RCE flaw detected in all supported versions of Confluence (Server and Data Center). The bug is tracked as CVE-2022-26134, with the vendor rating it to be of the highest severity level. As of the 3d […]
Just two days after the nefarious CVE-2022-30190 aka Follina was revealed, security researchers report in-the-wild attacks leveraging the exploits to target state institutions of Ukraine. On June 2, 2022, CERT-UA issued a heads-up warning of an ongoing campaign spreading Cobalt Strike Beacon malware by exploiting Windows CVE-2021-40444 and CVE-2022-30190 zero-day vulnerabilities, which have been recently in […]
Banking malware has been a true-and-tried cash cow for adversaries for a long time now. One of such efficient tools in malware distribution campaigns that target the banking sector is a remote-overlay banking trojan Grandoreiro. The trojan was first detected in 2016 (yet, some researchers claim the malware first surfaced in 2017), being used against […]
Let’s start with a short rundown of developments regarding Windows zero-day vulnerability (CVE-2022-30190), aka Follina. Back in April 2022, a research team known under the moniker CrazymanArmy warned Microsoft of a new zero-day RCE vulnerability in one of their products. The tech corporation opted not to address the issue at that point. On May 27, […]
Cybersecurity researchers turn the spotlight on a novel zero-day vulnerability in Microsoft Office seen in the wild. On May, 27, Follina zero-day flaw was first documented and reported to have been submitted from Belarus. According to the research, the newly discovered Microsoft Office zero-day vulnerability can lead to arbitrary code execution on compromised Windows devices. […]
Earlier this month, security researchers discovered a malicious package in the Python Package Index (PyPI) registry. Once in the system, PyMafka fetches a relevant Cobalt Strike beacon based on the victim’s OS. The name suggests that PyMafka is an attempt at typosquatting a PyKafka – a cluster-aware Kafka protocol client for Python. Detect PyMafka In […]
Chaos graphical user interface (GUI) builder has been on the market for less than a year, allowing adversaries to craft new ransomware strains. A new ransomware variant dubbed Yashma is its 6th version, available from May 2022. Yashma is the most refined version of this GUI ransomware builder that is known for its flexibility and […]