Tag: Vulnerability

AsyncRAT Campaigns Feature 3LOSH Crypter That Obfuscates Payloads
AsyncRAT Campaigns Feature 3LOSH Crypter That Obfuscates Payloads

Ongoing malware distribution campaigns spread AsyncRAT, including the 3LOSH crypter across public repositories. Recent cybersecurity research analyzes the latest version of 3LOSH that is being used by adversaries to evade detection on devices in corporate environments. Besides AsyncRAT, a number of other commodity malware strains can be distributed by the same operator. The purpose of […]

Read More
Detect CVE-2022-22965: Updates on Spring Framework RCE
Detect CVE-2022-22965: Updates on Spring Framework RCE

In March 2022, several novel vulnerabilities in the Java Spring framework were disclosed. One of these flaws affects a component in Spring Core, enabling adversaries to drop a webshell, granting Remote Command Execution (RCE). As of April 5, 2022, the SpringShell vulnerability tracked as CVE-2022-22965 is now confirmed to be of critical severity. CVE-2022-22965 Detection […]

Read More
Fire Chili Rootkit: Deep Panda APT Resurfaces With New Log4Shell Exploits
Fire Chili Rootkit: Deep Panda APT Resurfaces With New Log4Shell Exploits

Fire Chili is a novel strain of malware that has been leveraged by a Chinese APT group Deep Panda exploiting Log4Shell vulnerability in VMware Horizon servers. The primary focus of adversaries is cyber espionage. Targeted organizations include financial institutions, academic, travel, and cosmetics industries. Log4Shell is associated with a high-severity CVE-2021-44228 vulnerability in the Log4j […]

Read More
Spring4Shell Detection: New Java Vulnerability Follows in the Footsteps of Notorious Log4j
Spring4Shell Detection: New Java Vulnerability Follows in the Footsteps of Notorious Log4j

When spring comes, bugs bloom. A novel, highly severe flaw in the Spring Cloud Function came on the radar on March 29, 2022. An easy to exploit vulnerability affects the Spring Core module – a framework used in Java applications, and requires JDK9+. If exploited, this Spring Core vulnerability enables hackers to execute remote code […]

Read More
Vidar Malware Detection: Payloads Concealed in Microsoft Help Files
Vidar Malware Detection: Payloads Concealed in Microsoft Help Files

A new unusual malware delivery method has been observed since February 2022. The newest research shows evidence of a resurgence of a Vidar information stealer that has been operating since at least 2018. The latest Vidar campaign is plainly straightforward except for one special trick. This time, threat actors tend to hide their payload within […]

Read More
APT35 Using ProxyShell Vulnerabilities to Deploy Multiple WebShells
APT35 Using ProxyShell Vulnerabilities to Deploy Multiple WebShells

A new burst of Iranian state-sponsored APT35 attacks has been observed by researchers over the past few months. A new study shows that APT35 (a.k.a. TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster) has been increasingly exploiting Microsoft Exchange ProxyShell vulnerabilities for initial access and leveraging quite a bunch of different attack vectors once they […]

Read More
Gold Dragon Backdoor Detection: Kimsuky Hackers Strike Again Using Gold Dragon Malware
Gold Dragon Backdoor Detection: Kimsuky Hackers Strike Again Using Gold Dragon Malware

The most recent hacking campaign by North Korean APT Kimsuky was launched in late January 2022 and is still ongoing. This time, Kimsuky hackers are armed with commodity open-source remote access tools (RATs) installed with the tailored malware Gold Dragon. Detect Gold Dragon Backdoor To identify that your system was compromised with the Gold Dragon […]

Read More
Serpent Backdoor Detection: a New Sneaky Malware Hits French Entities
Serpent Backdoor Detection: a New Sneaky Malware Hits French Entities

A new targeted malware has been observed attacking government and construction entities in France. Proofpoint conducted extensive research of the malware dubbed Serpent.  Serpent Backdoor analysis showed that adversaries have been using quite a few unusual behaviors that have never been detected before. This calls for crafting new detection content that captures specifically those new […]

Read More
Exotic Lily Initial Access Broker Exploits the Microsoft Windows MSHTML Flaw in Phishing
Exotic Lily Initial Access Broker Exploits the Microsoft Windows MSHTML Flaw in Phishing

New cybercriminals called Exotic Lily were recently analyzed by Google’s Threat Analysis Group (TAG). The activity of this financially motivated group has been observed since at least September 2021. After thorough investigation, it is fair to suggest that Exotic Lily cybercrime group is an Initial Access Broker (IAB) that is interested in obtaining unlawful access […]

Read More
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability  Exploited by PROPHET SPIDER
CVE-2021-22941: Citrix ShareFile Remote Code Execution Vulnerability Exploited by PROPHET SPIDER

A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]

Read More