Tag: Vulnerability

APT35 Using ProxyShell Vulnerabilities to Deploy Multiple WebShells
APT35 Using ProxyShell Vulnerabilities to Deploy Multiple WebShells

A new burst of Iranian state-sponsored APT35 attacks has been observed by researchers over the past few months. A new study shows that APT35 (a.k.a. TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster) has been increasingly exploiting Microsoft Exchange ProxyShell vulnerabilities for initial access and leveraging quite a bunch of different attack vectors once they […]

Read More
Gold Dragon Backdoor Detection: Kimsuky Hackers Strike Again Using Gold Dragon Malware
Gold Dragon Backdoor Detection: Kimsuky Hackers Strike Again Using Gold Dragon Malware

The most recent hacking campaign by North Korean APT Kimsuky was launched in late January 2022 and is still ongoing. This time, Kimsuky hackers are armed with commodity open-source remote access tools (RATs) installed with the tailored malware Gold Dragon. Detect Gold Dragon Backdoor To identify that your system was compromised with the Gold Dragon […]

Read More
Serpent Backdoor Detection: a New Sneaky Malware Hits French Entities
Serpent Backdoor Detection: a New Sneaky Malware Hits French Entities

A new targeted malware has been observed attacking government and construction entities in France. Proofpoint conducted extensive research of the malware dubbed Serpent.  Serpent Backdoor analysis showed that adversaries have been using quite a few unusual behaviors that have never been detected before. This calls for crafting new detection content that captures specifically those new […]

Read More
Exotic Lily Initial Access Broker Exploits the Microsoft Windows MSHTML Flaw in Phishing
Exotic Lily Initial Access Broker Exploits the Microsoft Windows MSHTML Flaw in Phishing

New cybercriminals called Exotic Lily were recently analyzed by Google’s Threat Analysis Group (TAG). The activity of this financially motivated group has been observed since at least September 2021. After thorough investigation, it is fair to suggest that Exotic Lily cybercrime group is an Initial Access Broker (IAB) that is interested in obtaining unlawful access […]

Read More
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability  Exploited by PROPHET SPIDER
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability Exploited by PROPHET SPIDER

A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]

Read More
Dirty Pipe Disclosure: Gives Root Privileges, Impacts the Latest Versions of Linux
Dirty Pipe Disclosure: Gives Root Privileges, Impacts the Latest Versions of Linux

A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]

Read More
Detect CVE-2022-21907: A Wormable RCE in Windows Server
Detect CVE-2022-21907: A Wormable RCE in Windows Server

Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]

Read More
The Future of Threat Detection is the Community
The Future of Threat Detection is the Community

Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]

Read More
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits
Detecting Windows Installer Zero-Day (CVE-2021-41379) Exploits

A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]

Read More
Detecting New ProxyShell Exploitation Flow
Detecting New ProxyShell Exploitation Flow

Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]

Read More