cobalt strike – Page 2 – Computer Security Articles

Credit to Author: Threat Intelligence Team| Date: Wed, 13 Jul 2022 16:17:09 +0000

While the war in Ukraine still rages, various threat actors continue to launch cyber attacks against its government entities. In this blog we review the latest campaign from the UAC-0056 threat group.

The post Cobalt Strikes again: UAC-0056 continues to target Ukraine in its latest campaign appeared first on Malwarebytes Labs.

Security Sophos

June 15, 2022 admin

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

Credit to Author: Matt Wixey| Date: Wed, 15 Jun 2022 11:00:05 +0000

Attacker targets bugs in a popular web application graphical interface development tool

MalwareBytes Security

June 14, 2022 admin

Karakurt extortion group: Threat profile

Credit to Author: Jovi Umawing| Date: Tue, 14 Jun 2022 16:00:29 +0000

An obscure group called Karakurt has extorted organizations in the US and elsewhere. Know how to keep it away from your network.

The post Karakurt extortion group: Threat profile appeared first on Malwarebytes Labs.

Security Sophos

June 7, 2022 admin

The Active Adversary Playbook 2022

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

MalwareBytes Security

June 3, 2022 admin

[updated]Unpatched Atlassian Confluence vulnerability is actively exploited

Credit to Author: Pieter Arntz| Date: Fri, 03 Jun 2022 14:41:58 +0000

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched.

The post [updated]Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

MalwareBytes Security

June 3, 2022 admin

Unpatched Atlassian Confluence vulnerability is actively exploited

Credit to Author: Pieter Arntz| Date: Fri, 03 Jun 2022 14:41:58 +0000

A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched.

The post Unpatched Atlassian Confluence vulnerability is actively exploited appeared first on Malwarebytes Labs.

Independent Krebs

March 4, 2022 admin

Conti Ransomware Group Diaries, Part III: Weaponry

Credit to Author: BrianKrebs| Date: Fri, 04 Mar 2022 20:20:29 +0000

Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches. Part II explored what it’s like to be an employee of Conti’s sprawling organization. Today’s Part III looks at how Conti abused a panoply of popular commercial security services to undermine the security of their targets, as well as how the team’s leaders strategized for the upper hand in ransom negotiations with victims.

Security Sophos

February 28, 2022 admin

Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits

Credit to Author: gallagherseanm| Date: Mon, 28 Feb 2022 12:30:19 +0000

An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted.