threatintel
SharpEventPersist – Persistence By Writing/Reading Shellcode From Event Log
Persistence by writing/reading shellcode from Event Log. Usage The SharpEventPersist tool takes 4 case-sensitive parameters: -file "C:pathtoshellcode.bin" -instanceid 1337 -source...
US-CERT Bulletin (SB22-164):Vulnerability Summary for the Week of June 6, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability
Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s...
Taking down the IP2Scam tech support campaign
Tech support scams follow a simple business model that has not changed much over the years. After all, why change...
Cuba Ransomware Victim: Etron
Cuba Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
GALLIUM APT used a new PingPull RAT in recent campaigns
China-linked Gallium APT employed a previously undocumented RAT, tracked as PingPull, in recent cyber espionage campaign targeting South Asia, Europe,...
Update Chrome now: Four high risk vulnerabilities found
Users of Chrome have been advised to apply updates as soon as possible related to seven security vulnerabilities. CISA has...
HelloXD Ransomware operators install MicroBackdoor on target systems
Experts observed the HelloXD ransomware deploying a backdoor to facilitate persistent remote access to infected hosts. The HelloXDÂ ransomware first appeared...
confluencePot – Simple Honeypot For Atlassian Confluence (CVE-2022-26134)
ConfluencePot is a simple honeypot for the Atlassian Confluence unauthenticated and remote OGNL injection vulnerability (CVE-2022-26134). About the vulnerability You...
Serious vulnerabilities found in ITarian software, patches available for SaaS products
Dutch research group DIVD has identified multiple vulnerabilities in ITarian products. In cooperation with DIVD, ITarian has made patches available...
LockBit 2.0 Ransomware Victim: ptg[.]com[.]au
LockBit 2.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
A week in security (June 6 – June 12)
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for UkraineMicrosoft autopatch is here…but can you use it?Prometheus...