Securonix Threat Labs analyzes a currently unpatched zero-day in Spring Core (Spring4Shell) and its potential for remote code execution, outlining exploit mechanics, scope, and defense. The report covers how the vulnerability differs from Log4j, mitigation/det…
Tag: EDR
FortiEDR detected a Deep Panda operation exploiting the Log4Shell flaw in VMware Horizon servers, resulting in opportunistic infections across multiple sectors and countries. The campaign introduced a backdoor called Milestone and a novel kernel rootkit named …
Morphisec Labs reports a new JSSLoader variant delivered via unsigned XLL Excel add-ins, leveraging Excel’s add-in loading to fetch a payload. The campaign highlights evasion tactics (obfuscation and varying user-agents) and notes FIN7 as the historical threat…
Deep Instinct’s Threat Research team uncovered a new Go-written Micropsia variant named Arid Gopher attributed to APT-C-23 (Arid Viper), with additional unseen second-stage payloads. The discovery highlights Go-based malware by Arid Viper and its evolving seco…
FBI and CISA warn that Russian state-sponsored cyber actors gained network access by exploiting default MFA configurations and the PrintNightmare vulnerability, enabling document exfiltration from an NGO via compromised credentials and MFA bypass. The advisory…
DanaBot is delivered via a VBS-based downloader that uses a distinctive obfuscation scheme and is associated with a social-engineering lure built around unclaimed property. The article also covers three methods to decode the VBS, noting DanaBot’s ties to the S…
CyCraft’s first-hand investigation reveals a China-state-backed operation, dubbed “Operation Cache Panda,” targeting Taiwan’s financial sector through a broad supply-chain attack exploiting software vulnerabilities and deploying multi-stage, memory-resident ma…
Fortinet FortiEDR uncovered a Moses Staff campaign targeting Israeli organizations, leveraging ProxyShell exploits to deploy web shells and a multi-component backdoor for espionage, data exfiltration, and payload delivery. The operation includes a loader that …
Proofpoint details TA2541, a persistent cybercrime actor targeting aviation, aerospace, transportation, manufacturing, and defense sectors since 2017, primarily deploying remote access trojans (RATs) such as AsyncRAT. The group uses aviation- and travel-themed…
FortiGuard Labs details an NFT-themed lure that hides a BitRAT infection in an Excel XLSM file, downloaded via Discord and executed through a malicious macro. The malware chain includes batch and PowerShell steps, a .NET downloader, DLL injection, persistence,…
PowerCybereason Nocturnus researchers uncover a new PowerShell backdoor named PowerLess Backdoor used by Phosphorus (APT35) to espionage operations, featuring modular loaders and staged payloads including a keylogger and information stealer. The findings tie P…
Morphisec identifies a new AsyncRAT delivery campaign that uses an HTML attachment to deliver a base64-encoded ISO file, constructed in-browser and mounted to execute staged loaders. The multi-stage chain includes HTML/JavaScript decoding, reflective .NET inje…
Cuba Ransomware Overview Over the past year, we have seen ransomware attackers change the way they have responded to organizations…
The post McAfee Defender’s Blog: Cuba Ransomware Campaign appeared first on McAfee Blog….
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign,…
The post McAfee Defender’s Blog: Operation Dianxun appeared first on McAfee Blog….
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed…
The post Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies appeared first on McAfee Blog….