Two sentences: Turkish hackers have targeted MSSQL servers exposed to the Internet, using brute-force attempts and MSSQL-based tools to gain access and move laterally. Huntress observations show attackers creating local user accounts, deploying AnyDesk for remā¦
Tag: EDR
Threat actors are compromising older YouTube accounts to upload videos that redirect victims via shortened links (Rebrandly/Bitly) and Telegraph pages to file-hosting services (MediaFire), delivering passwordāprotected archives that unpack to .NET binaries (coā¦
The Sandman APT group has drawn major attention for targeting telecommunications providers in Europe, the Middle East, and South Asia, employing LuaDream, a LuaJIT-based modular backdoor, to achieve stealthy espionage with minimal footprints. Research ties Sanā¦
In June 2023, weāve observed multiple alerts that seemingly came from different sources. A quick search through our telemetry allowed us to identify multiple infected machines across our clients. Although they would sometimes present different behaviour, the initial infection vectorā¦…
AttackIQ has released a new attack graph in response to the recently published CISA Advisory (AA24-038A) which assesses that the Peopleās Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major…
The Avast Q4/2023 Threat Report chronicles a record year of attacks, highlighted by the revival of Qakbot, a surge in PDF-based social engineering, and expanding menace across adware, information stealers, ransomware, and mobile threats. It also covers notableā¦
Cyble Research and Intelligence Labs (CRIL) uncovered an active malware campaign targeting cryptocurrency users, deploying deceptive phishing sites that impersonate Metamask, WazirX, Luno, and Cryptonotify. The campaign uses the XPhase Clipper to intercept andā¦
Lumenās Black Lotus Labs documented KV-botnet as a covert data-transfer network used by China-based state-sponsored actors and observed a concentrated re-exploitation effort in early December 2023 after a court-authorized takedown began. Lumen null-routing andā¦
Check Point Research details how the Raspberry Robin worm rapidly integrated new kernel LPE exploits (including CVE-2023-36802 and CVE-2023-29360), shifted delivery and lateral movement methods, and added multiple anti-analysis and evasion techniques. The repoā¦
Ransomware threat actors have been extorting money after taking control over organizationsā internal networks, distributing ransomware, encrypting systems, and holding system restoration for ransom. Recently, however, threat actors not only encrypts the systems but also leaks internal data and threa…
If you have anything to do with cyber security, you know it employs its own unique and ever-evolving language. Jargon and acronyms are the enemies of clear writingāand are beloved by cyber security experts. So Morphisec has created a comprehensive cyber security glossary that explains commonly…
The article explains how analysts extracted Telegram bot credentials from malicious packages and used Telegramās API to retrieve and forward messages sent to attackersā bots. It also describes handling webhook-based forwarding (e.g., a7d8a278870ff9da6427af6d9dā¦
An active campaign delivering a new PowerShell backdoor tracked as SUBTLE-PAWS targets Ukrainian military personnel via compressed archives containing malicious .lnk shortcuts that load encoded PowerShell payloads and spread through USB drives. The backdoor stā¦
Mandiant details widespread exploitation of Ivanti Connect Secure and Policy Secure appliances via multiple zero-days leading to remote unauthenticated command execution and deployment of several web shells and backdoors. Post-exploitation activity includes crā¦
Internet Shortcut files (URL files) are simple text-based shortcuts that can point to network resources and serve as components in threat chains. The article reviews how URL files have been weaponized across campaigns and vulnerabilitiesāfrom SmartScreen bypasā¦