A new burst of Iranian state-sponsored APT35 attacks has been observed by researchers over the past few months. A new study shows that APT35 (a.k.a. TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster) has been increasingly exploiting Microsoft Exchange ProxyShell vulnerabilities for initial access and leveraging quite a bunch of different attack vectors once they […]
The most recent hacking campaign by North Korean APT Kimsuky was launched in late January 2022 and is still ongoing. This time, Kimsuky hackers are armed with commodity open-source remote access tools (RATs) installed with the tailored malware Gold Dragon. Detect Gold Dragon Backdoor To identify that your system was compromised with the Gold Dragon […]
A new targeted malware has been observed attacking government and construction entities in France. Proofpoint conducted extensive research of the malware dubbed Serpent. Serpent Backdoor analysis showed that adversaries have been using quite a few unusual behaviors that have never been detected before. This calls for crafting new detection content that captures specifically those new […]
New cybercriminals called Exotic Lily were recently analyzed by Google’s Threat Analysis Group (TAG). The activity of this financially motivated group has been observed since at least September 2021. After thorough investigation, it is fair to suggest that Exotic Lily cybercrime group is an Initial Access Broker (IAB) that is interested in obtaining unlawful access […]
A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]
A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]
Another day, another critical vulnerability posing a major headache for security practitioners. This time researchers have identified a wormable remote code execution (RCE) flaw that impacts the latest desktop and server Windows versions. The vendor urges everyone to upgrade their systems ASAP since the flaw could be easily leveraged by adversaries to execute arbitrary code […]
Relying on Public Sources of Information Think about it — every time we open a blog post with the latest malware analysis, combing through it looking for the IoCs our threat teams so desperately need, – doesn’t it feel a bit lethargic? Fingers crossed, our favorite security vendor has already done the same, and the […]
A moment of luck for threat actors and yet another major headache for cyber defenders! On November 22, 2021, security researcher Abdelhamid Naceri released a fully-functional proof-of-concept (PoC) exploit for the new Windows Installer zero-day vulnerability. The flaw (CVE-2021-41379) allows adversaries to obtain SYSTEM privileges on any device running Windows 10, Windows 11, and Windows […]
Make sure you have secured your Microsoft Exchange Servers against ProxyShell vulnerabilities since hackers are inventing new tricks to benefit from the exposed instances. Currently, researchers observe multiple phishing campaigns that utilize the nefarious flaws for malware delivery. Additionally, ProxyShell bugs are increasingly used in a range of operations aimed at ransomware infection. New Attack […]