Germany-located users are falling victim to a new malware campaign designed to spread a custom-built PowerShell remote access trojan (RAT). Adversaries set up a decoy site to trick people into taking the bait in a phony newsflash that claims to offer previously unpublished information regarding the situation in Ukraine. Victims are urged to download a […]
While cybersecurity professionals are working hard to augment SOC operations with more scalable and innovative solutions, threat actors are also putting an effort not to be left to bring up the rear in this everlasting security race. Security researchers detect the surge in the numbers of malware-as-a-service (MaaS) offers, with its operators coming with new […]
Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]
A newly discovered bug in Zyxel products endangers tens of thousands of users in Europe and the U.S. The critical vulnerability affecting Zyxelās ATP series, VPN series, and USG FLEX series business firewalls is tracked as CVE-2022-30525, with a severity score of 9.8 CVSS. The vulnerability paves the way for hackers to execute arbitrary code […]
This blog post argues for SIGMA as a detection language, covers the most critical SIGMA rule components (logsource & detection), SIGMA taxonomy, testing SIGMA Rules, and generally prepares analysts who are new to SIGMA to write their first rules. A short discussion on detection engineering with SIGMA is also provided regarding noise, ideas, log sources, […]
In April, the Threat Bounty Program members contributed to the defense of the global community against the most recent cyber threats. Notably, the keen members of the Threat Bounty community have contributed detections helping to withstand recent FIN7 attacks, the TraderTraitor Malware,Ā Quantum Ransomware, and many others. Read More Go to Platform April ā22 Results […]
Iranian hackers known as APT34 have launched a spear-phishing campaign distributing a novel backdoor named Saitama. This time, APT34 targets officials from Jordanās Foreign Ministry. APT34 is associated with other monikers, such as OilRig, Cobalt Gypsy IRN2, and Helix Kitten, and has been active since at least 2014, mostly attacking entities in finance and government, […]
The infamous Russian state-sponsored hacking collective, Armageddon, recently involved in phishing attacks targeting Ukrainian and European state bodies, continues its malicious activity. Based on the latest CERT-UA investigations, Armageddon threat actors also identified as UAC-0010 have been observed in another cyber-attack against Ukraine distributing phishing emails and spreading malicious software dubbed GammaLoad.PS1_v2.Ā Armageddon APT Targeting […]
Another day, another RAT is sniffing its way into systems of hackersā interest. This time the trojan called Nerbian RAT is in the limelight, leveraging Covid-19 and World’s Health Organization lures to proceed with targeted attacks against users in Italy, Spain, and the UK. The newly-discovered threat is written in Go, making the malware OS-agnostic […]
Privilege exploitation attacks in Microsoftās Windows Active Directory (AD) Domain environments are expanding their scope and growing in scale to target millions of devices. The Microsoft Security Response Center (MSRC) has recently updated information on security flaws that affect the companyās products and services, highlighting the newly discovered Active Directory Domain Services elevation of privilege […]