Credit to Author: Feike Hacquebord| Date: Wed, 31 Jan 2024 00:00:00 +0000
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
Read moreCredit to Author: Peter Girnus| Date: Fri, 12 Jan 2024 00:00:00 +0000
This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload.
Read moreCredit to Author: Jagir Shastri| Date: Fri, 15 Dec 2023 00:00:00 +0000
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
Read moreCredit to Author: Salim S.I.| Date: Fri, 01 Dec 2023 00:00:00 +0000
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
Read moreCredit to Author: Peter Girnus| Date: Mon, 20 Nov 2023 00:00:00 +0000
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Read moreCredit to Author: Sophia Nilette Robles| Date: Fri, 10 Nov 2023 00:00:00 +0000
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Read moreCredit to Author: Carl Malipot| Date: Mon, 16 Oct 2023 00:00:00 +0000
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Read moreCredit to Author: Aliakbar Zahravi| Date: Thu, 05 Oct 2023 00:00:00 +0000
This entry delves into threat actors’ intricate methods to implant malicious payloads within seemingly legitimate applications and codebases.
Read more