Credit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that a modified installer of the E-Office app used by the Pakistani government delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Jon Clay| Date: Thu, 13 Jul 2023 00:00:00 +0000
Embracing platform approach as the path to enhanced security and resilience
Read moreCredit to Author: Fernando Merces| Date: Thu, 13 Jul 2023 00:00:00 +0000
An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.
Read moreCredit to Author: Ieriz Nicolle Gonzalez| Date: Fri, 07 Jul 2023 00:00:00 +0000
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.
Read moreCredit to Author: Joyce Huang| Date: Thu, 06 Jul 2023 00:00:00 +0000
To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security.
Read moreCredit to Author: Matsukawa Bakuei| Date: Wed, 05 Jul 2023 00:00:00 +0000
Since its initial release in late 2022, the AI-powered text generation tool known as ChatGPT has been experiencing rapid adoption rates from both organizations and individual users. However, its latest feature, known as Shared Links, comes with the potential risk of unintentional disclosure of confidential information.
Read moreCredit to Author: Lucas Silva| Date: Fri, 30 Jun 2023 00:00:00 +0000
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Read moreCredit to Author: Shannon Murphy| Date: Fri, 23 Jun 2023 00:00:00 +0000
New uses for generative AI are being introduced every day—but so are new risks.
Read moreCredit to Author: Arianne Dela Cruz| Date: Fri, 23 Jun 2023 00:00:00 +0000
The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.
Read more