Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
Tag: WORM
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Summary: Earth Preta, a sophisticated threat group, has escalated its malware distribution tactics by utilizing the HIUPAN worm to spread PUBLOAD through removable drives, targeting specific sectors in the Asia-Pacific …
Short Summary:
Earth Preta has enhanced its attack strategies, utilizing new tools and malware variants in worm-based attacks and time-sensitive spear-phishing campaigns targeting government entities in the APAC region. Key …
Summary: The Indian hacker group CyberVolk has emerged as a significant threat in the cybercrime landscape with its sophisticated ransomware, first detected in July 2024. Known for its advanced features …
Summary: The BlackByte ransomware group has evolved its tactics, leveraging new vulnerabilities and enhancing its self-propagating capabilities while maintaining its core strategies. Recent investigations reveal a significant uptick in activity, …
Summary: This research, presented at Black Hat USA 2024, explores vulnerabilities in open-source Machine Learning Operations (MLOps) platforms, revealing over 20 CVEs and detailing potential attack vectors. The findings emphasize …
Summary: The report highlights the evolving landscape of malware loaders in 2024, emphasizing their significant role in cyberattacks and the increasing sophistication of their techniques. It provides insights into the …
Short Summary:
Aqua Nautilus researchers have identified a new variant of the Gafgyt botnet that targets machines with weak SSH passwords. This botnet executes binaries from memory to expand its …
Short Summary:
In 2024, malware loaders have become a prevalent tool in cyberattacks, with loaders like SocGholish, GootLoader, and Raspberry Robin leading the charge. These loaders utilize sophisticated evasion techniques …
The report discusses a rise in cyberattacks targeting Russian government agencies and IT firms by various Advanced Persistent Threat (APT) groups. These attacks utilize sophisticated malware techniques, highlighting …
In July 2024, Kaspersky Lab discovered a new worm named CMoon that extracts confidential and payment data from infected devices, downloads additional malware, and initiates DDoS attacks on …
“`html Short Summary:
A fake website mimicking the official WinRar site has been identified as a host for various malware, including ransomware, cryptominers, and infostealers. The site uses typosquatting to …
Published On : 2024-07-26
EXECUTIVE SUMMARYA recent update from CrowdStrike caused the Blue Screen of Death (BSOD) on many Windows computers globally, leading to widespread disruption. Cybercriminals quickly exploited …
Symantec has observed an increase in attacks that appear to leverage Large Language Models (LLMs) …
The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds.
A group of some of the industry’s most elite threat researchers, the Sysdig …
The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack …
P2Pinfect is a rust-based malware covered extensively by Cado Security in the past. It is a fairly sophisticated malware sample that uses a peer-to-peer (P2P) botnet for its command and …
Every now and then you come across new malware variants and find something that attracts a little attention. A few days ago I acquired a VBS file, directed via a …
Threat Actor: GlorySec | GlorySec Victim: Companies in Guyana City, Venezuela | Companies in Guyana City Price: Not mentioned Exfiltrated Data Type: Not mentioned
Additional Information:
GlorySec has launched a…ReversingLabs researchers recently discovered a malicious, open source package: xFileSyncerx on the Python Package Index (PyPI). The package, with close to 300 registered downloads, contained separate malicious “wiper” components. Is …
Summary: The content discusses the significant increase in malicious phishing links, business email compromise (BEC), QR code, and attachment-based threats in the past six months, as reported by security experts. …
The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds.
A group of some of the industry’s most elite threat researchers, the Sysdig …
Summary: Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed over 2.5 million connections from unique IP addresses in six months.
Threat …
In the 1960s and ’70s, the US firearms market saw an influx of cheaply-made, imported handguns. Legislators targeted the proliferation of these inexpensive and frequently unreliable weapons, ostensibly because they were believed …
tldr: In this article, we take a deeper dive into a prevalent “DLL sideloading” attack technique we’ve been observing in …
Reported for the first time by Red Canary in 2021, Raspberry Robin was the 9th most prevalent threat in 2023 according to their “2024 Threat Detection Report”. Starting as a …
This blog discusses the Darktrace Threat Research team’s investigation into Raspberry Robin, an evasive worm that is primarily distributed through infected USB drives. Once it has gained access to a …
Table of Contents
By: Alex Reid, Current Red Siege Intern
In the April 2018 release of Windows 10 version 1803, …
At XLab, we see a lot of botnets every day, mainly tweaks of old Mirai and Gafgyt codes. These are common and usually don’t grab our attention. But recently, we …
Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
I recently became aware of an awesome DNS Analysis tool called Validin which can be used to analyse malicious domains and show related infrastructure using DNS records.
This has been …
Summary : TheMoon malware infects thousands of ASUS routers in a short period, serving as a proxy for cybercriminals.
Key Point : 🔒 TheMoon malware targets outdated ASUS routers for …
__________________________________________________ Summary: The vulnerabilities in Electronic Logging Devices (ELDs) used in US commercial trucks could lead to widespread infections and control of vehicles by malicious actors.
Key Point: 🚛 ELDs …
The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated …
Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom.However this …
Whether you want to call them “catfishing,” “pig butchering” or just good ‘old-fashioned “social engineering,” romance scams have been around forever.
I was first introduced to them through the …
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate …
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate …
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection …
Scalable Vector Graphic files, or SVG files, are image files that have become an advanced tactic for malware delivery that has greatly evolved over time. The use of SVG files …
As the U.S. and Canadian tax season approaches, eSentire has observed a substantial increase in malware being delivered through tax-themed phishing emails. Cybercriminals are exploiting the urgency and …
It’s that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout …
Nation-state cyber threat groups are once again turning to USBs to compromise highly guarded government organizations and critical infrastructure facilities.
Having fallen out of fashion for some time, and certainly …
A cryptojacking campaign involving Linux malware is targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with new and unique malicious payloads, cybersecurity firm Cado Security warns.
As part of …
Updated March 8: Based on our experience, we believe that BlackCat’s claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise …