ShadowPad is a modular backdoor highly popular among China-located threat actors, including such clusters of espionage activity as BRONZE UNIVERSITY, BRONZE RIVERSIDE, BRONZE STARLIGHT, and BRONZE ATLAS. The malware is used to download further malicious payloads, opening the way to wider exploitation potential. According to the research data, the malware traces its roots back to […]
Brace yourself for a new PetitPotam-like NTLM relay attack enabling complete Windows domain takeover via Microsoftās Distributed File System (MS-DFSNM) abuse. The new attack method, dubbed DFSCoerce, allows adversaries to coerce Windows servers into authentication with a relay under hackersā control. Domain Controllers (DC) are also vulnerable, which poses a significant risk of the entire […]
A rather peculiar type of malware has recently hit the headlines. The new strain is dubbed GoodWill ransomware, and its novelty lies in the nature of the demands that victims have to fulfill to get the decryption key. The ransomware operators, claiming that they are āhungry for kindnessā, expect their targets to support those in […]
Cybersecurity researchers have recently shed light on a wave of new cyber attacks by the Iranian nation-backed APT group acting under the moniker āLyceumā also known as HEXANE. Lyceum actors have been operating in the cyber threat arena since 2017 mainly targeting Middle East organizations in the energy and telecom industry sectors. In the latest […]
New kernel rootkit named Syslogk is getting traction, terrorizing the Linux OS users. The novel rootkit malware is believed to be based on another Linux rootkit dubbed Adore-Ng ā a loadable module used to infect the Linux OS kernel. While Syslogkās operators are currently invested in its development, enhancing the functionality of the new rootkit, […]
Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendorās Control Center software that enabled unauthorized attackers to gain remote code […]
New ransomware variant follows in the footsteps of the GonnaCope ransomware, the first strain in the family of CMD-based ransomware that first surfaced in April 2022. Other similar samples that were uploaded to VirusTotal in May 2022 are known as Kekpop and Kekware. The rising player is dubbed YourCyanide and presumably has all it takes […]
In May 2022, the members of SOC Prime Threat Bounty Program contributed 184 unique detections to the Detection as Code platform. The published detections help the global cyber community timely detect emerging threats such as the APT29 phishing campaign, BlackByte Ransomware attack, Microsoft SharePoint RCE (CVE-2022-29108), and many others. The information about the recent detections […]
Meet SVCReady, a new malicious loader on the arena! The novel strain is heavily distributed via phishing campaigns since April 2022, leveraging an unusual infection routine. According to experts, SVCReady relies on shellcode hidden within the properties of the Microsoft Office document allowing it to fly under the radar of security solutions. Since malware is […]
Steel yourself for new vulnerabilities revealed in the open-source observability platform leveraged by millions of users from across the globe, which in 2021 was in the spotlight in the cyber threat arena due to a notorious CVE-2021-43798 zero-day flaw actively exploited in the wild. Grafana, the open-source analytics and monitoring platform leveraged by global organizations […]