Stay on alert! Cybersecurity researchers have recently revealed new Microsoft Exchange zero-day vulnerabilities aka ProxyNotShell tracked as CVE-2022-41040 and CVE-2022-41082 that are currently actively exploited in the wild. The newly uncovered bugs in Microsoft Exchange Server can be paired together in the exploit chain to spread Chinese Chopper web shells on the targeted servers. According […]
What Is Initial Access? MITRE ATT&CKĀ® Initial Access Tactic | TA0001 Some MITRE ATT&CK tactics require special attention from security experts, and Initial Access is one of them. Because if attackers donāt break in, they wonāt be able to take their kill chain to another level.Ā Earlier this year, Microsoft paid $13.7 million in bug […]
The process of stealing data from a corporate system is also known as exfiltration. MITRE ATT&CKĀ® has dedicated an entire tactic to illegal copying, downloading, and transferring of organizationsā internal data with significant levels of sensitivity. Data exfiltration examples can be quite obvious, like copying files to a thumb drive; and quite stealthy, like DNS […]
Ransomware operators constantly seek lucrative and feasible extortion opportunities, affecting a wide array of organizations across industries. One of the latest examples of successful breaches is the Vice Society gangās attack against the Los Angeles Unified School District that happened over the Labor Day weekend. The attack caused widespread disruption, affecting several information management systems. […]
A China-backed crime ring tagged Bronze President launched a campaign targeting government officials in Europe, the Middle East, and South America leveraging PlugX malware ā the backdoor popular among Chinese hacker gangs. According to the researchers, the major objective of the threat group is espionage. Detect PlugX Malware SOC Prime delivers Threat Hunting & Cyber […]
Lazarus Group, also known as APT38, Dark Seoul, Hidden Cobra, and Zinc, has garnered a reputation as a highly-qualified and well-funded state-sponsored cluster of criminal hackers, wreaking havoc since 2009. In the most recent campaign, Lazarus deployed novel MagicRAT malware after exploiting vulnerabilities in VMWare Horizon platforms, such as a high-profile Log4j flaw. The notorious […]
Security researchers are raising the alarm on a new Mirai botnet variant dubbed MooBot that targets D-Link devices. The novel threat employs multiple exploitation techniques.Ā MooBot first surfaced in 2019, hijacking LILIN digital video recorders and Hikvision video surveillance products and co-opting them into a family of denial-of-service bots. Detect MooBotĀ To detect the signature […]
Security analysts revealed a two-year-long spear-phishing campaign aimed at entities in the financial sector in French-speaking African countries ā Morocco, Togo, Ivory Coast, Cameroon, and Senegal. The campaign is codenamed DangerousSavanna, and its operators are heavily relying on social engineering techniques for initial access, consequently employing customized malware such as AsyncRAT, PoshC2, and Metasploit. The […]
Researchers warn of a new ransomware family: a novel strain called Agenda sails in, targeting healthcare and education entities. Similar to another emerging piece written in Go language (aka Golang) dubbed BianLian, this cross-platform threat is gaining popularity with affiliates for its versatility and easy-to-tweak elements of the campaign, including encryption extension, personalized ransomware note […]
In late July, Microsoft researchers released new evidence linking Raspberry Robin Windows worm to the activity of the russia-backed Evil Corp gang. Raspberry Robin, a USB-based worm designed as a malware loader, shows similar functionality and structural elements to those of Dridex malware, indicating that a notorious Evil Corp group may be behind the new […]