Tag: Threat Detection Marketplace

Yashma Ransomware
Yashma Ransomware Detection: the Latest Chaos Builder Variant

Chaos graphical user interface (GUI) builder has been on the market for less than a year, allowing adversaries to craft new ransomware strains. A new ransomware variant dubbed Yashma is its 6th version, available from May 2022. Yashma is the most refined version of this GUI ransomware builder that is known for its flexibility and […]

Read More
Fake Proof of Concept (POC) Detection: Cyber-Attacks Targeting the InfoSec Community Exploiting Windows CVE-2022-26809 Flaw to Deliver Cobalt Strike Beacon

Researchers warn the global InfoSec community of a new malware campaign aimed to spread the infamous Cobalt Strike Beacon malware via fake Proof of Concept (POC) exploits of the newly patched Windows vulnerabilities, including the critical RCE flaw tracked as CVE-2022-26809. The public availability of fake exploits in GitHub raises the stakes exposing millions of […]

Read More
NukeSped Detection
NukeSped Detection: Warning Over NukeSped Malware as It Hits South Korea

State-run threat actor Lazarus rides again, this time exploiting the notorious Log4Shell vulnerability in VMware Horizons servers. In this campaign, adversaries leverage Horizon, targeting the Republic of Korea with a NukeSped backdoor. First documented exploits date back to January 2022, with Lazarus hackers being spotted exploiting Log4Shell in VMware Horizons products since mid-Spring 2022. Almost […]

Read More
XorDdos Malware Detection: Microsoft Warns of an Alarming Surge of DDoS Attacks Targeting Linux

In May 2022, Linux-based systems are getting exposed to a number of threats coming from multiple attack vectors. Early this month, the BPFDoor surveillance implant hit the headlines compromising thousands of Linux devices. Another threat targeting Linux systems is looming on the horizon. Microsoft has observed an enormous surge of malicious activity from Linux XorDdos […]

Read More
BumbleBee Malware
BumbleBee Malware Detection

Security researchers report on malicious activity associated with the distribution of BumbleBee malware traced back to the initial access broker (IAB) dubbed Exotic Lily. Research data suggest that adversaries use the file transfer tools such as TransferXL, TransferNow, and WeTransfer, to spread BumbleBee malware. The malware is used to launch Cobalt Strike attacks. Detect BumbleBee […]

Read More
AveMariaRAT, BitRAT, and PandoraHVNC
Fileless Malware Detection: AveMariaRAT / BitRAT / PandoraHVNC Attacks

Cybercrooks are targeting Microsoft Windows users with three fileless malware strains used at once in a new phishing campaign. The phishing mail mimics a payment report from a trusted source, with a brief request to view an attached Microsoft Excel document. The file contains weaponized macros and, once launched, drops the malware aimed to steal […]

Read More
PowerShell RAT
PowerShell RAT Detection: Bespoke Malware Used to Fish for War-Related Intelligence

Germany-located users are falling victim to a new malware campaign designed to spread a custom-built PowerShell remote access trojan (RAT). Adversaries set up a decoy site to trick people into taking the bait in a phony newsflash that claims to offer previously unpublished information regarding the situation in Ukraine. Victims are urged to download a […]

Read More
CVE-2022-22960 and CVE-2022-22954 Detection: CISA Warns of Exploitation Attempts of Unpatched VMware Vulnerabilities

On May 18, 2022, CISA issued a notice warning organizations of potential exploitation attempts of known vulnerabilities in the VMware products tracked as CVE-2022-22954 and CVE-2022-22960. Once exploited, the revealed flaws give green light to threat actors to perform malicious template injection on the server end. More specifically, the exploitation of the CVE-2022-22954 can lead […]

Read More
Eternity MaaS
Eternity Malware Detection: Novel Modular MaaS

While cybersecurity professionals are working hard to augment SOC operations with more scalable and innovative solutions, threat actors are also putting an effort not to be left to bring up the rear in this everlasting security race. Security researchers detect the surge in the numbers of malware-as-a-service (MaaS) offers, with its operators coming with new […]

Read More
Iranian COBALT MIRAGE Threat Group Launches Ransomware Attacks Against U.S. Organizations

Iranian state-backed adversaries are accelerating their pace by leveraging different attack vectors and targeting multiple industries across the world. Hot on the heels of the spear-phishing campaign launched by the infamous APT34 group spreading a new Saitama backdoor, another Iran-linked hacking collective hits the headlines performing ransomware attacks against U.S. companies. The Iranian nation-backed COBALT […]

Read More