Reading the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report
I’m proud to announce the release of the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report, Enjoy it! Ransomware has become...
hacking
CISA orders to patch an actively exploited flaw in Confluence servers
US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US...
Microsoft experts linked the Raspberry Robin malware to Evil Corp operation
Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft...
Strong Authentication – Robust Identity and Access Management Is a Strategic Choice
Passwords no longer meet the demands of today’s identity and access requirements. Therefore, strong authentication methods are needed. “Usernames and...
Maldev-For-Dummies – A Workshop About Malware Development
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such, malware development...
Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released...
Malware-laced npm packages used to target Discord users
Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A...
Akamai blocked the largest DDoS attack ever on its European customers
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022,...
LibreOffice fixed 3 flaws, including a code execution issue
LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office...
Threat actors use new attack techniques after Microsoft blocked macros by default
Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to...
ENISA provides data related to major telecom security incidents in 2021
ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a...
TerraformGoat – “Vulnerable By Design” Multi Cloud Deployment Tool
TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent...
European firm DSIRF behind the attacks with Subzero surveillance malware
Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat...
Spain police arrested two men accused of cyber attacks on radioactivity alert network (RAR)
The Spanish police arrested two individuals accused to have hacked the country’s radioactivity alert network (RAR) in 2021. The Spanish...
Attackers increasingly abusing IIS extensions to establish covert backdoors
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat...
DUCKTAIL operation targets Facebook’s Business and Ad accounts
Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business)...
Pretender – Your MitM Sidekick For Relaying Attacks Featuring DHCPv6 DNS Takeover As Well As mDNS, LLMNR And NetBIOS-NS Spoofing
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeoveras well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a...
The strange similarities between Lockbit 3.0 and Blackmatter ransomware
Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have...
U.S. increased rewards for info on North Korea-linked threat actors to $10 million
The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020,...
Threat actors leverages DLL-SideLoading to spread Qakbot malware
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble...
Laurel – Transform Linux Audit Logs For SIEM Usage
LAUREL is an event post-processing plugin for auditd(8) to improve its usability in modern security monitoring setups. Why? TLDR: Instead...
Zero Day attacks target online stores using PrestaShop
Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are...
Empire
Today we wanted to cover one of the lesser-known functions in Empire, the ReverseShell stager. The name may not be...
CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China
Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor. Researchers...
