Credit to Author: Nitesh Surana| Date: Mon, 12 Sep 2022 00:00:00 +0000
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.
Read moreCredit to Author: Nitesh Surana| Date: Thu, 08 Sep 2022 00:00:00 +0000
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.
Read moreCredit to Author: Alfredo Oliveira| Date: Wed, 07 Sep 2022 00:00:00 +0000
We analyzed the Distroless technique for reducing the size of container images and explored its capabilities to address security concerns. We provide an alternative approach to Distroless that reduces the attack surface for malicious actors targeting cloud-native applications while optimizing cloud resources.
Read moreCredit to Author: Don Ovid Ladores| Date: Tue, 06 Sep 2022 00:00:00 +0000
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, are operated by the same people.
Read moreCredit to Author: Don Ovid Ladores| Date: Tue, 06 Sep 2022 00:00:00 +0000
Play is a new ransomware that takes a page out of Hive and Nokoyawa’s playbook. The many similarities among them indicate that Play, like Nokoyawa, may be a Hive affiliate.
Read moreCredit to Author: Vickie Su| Date: Fri, 02 Sep 2022 00:00:00 +0000
In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities.
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 25 Aug 2022 00:00:00 +0000
A new piece of ransomware written in the Go language has been targeting healthcare and education enterprises in Asia and Africa. This ransomware is called Agenda and is customized per victim.
Read moreCredit to Author: Ryan Soliven| Date: Wed, 24 Aug 2022 00:00:00 +0000
We investigate mhyprot2.sys, a vulnerable anti-cheat driver for the popular role-playing game Genshin Impact. The driver is currently being abused by a ransomware actor to kill antivirus processes and services for mass-deploying ransomware.
Read moreCredit to Author: Mike Milner| Date: Wed, 17 Aug 2022 00:00:00 +0000
Cloud object storage is a core component of any modern application, but most cloud file storage security is insufficient.
Read moreCredit to Author: David Fiser| Date: Wed, 17 Aug 2022 00:00:00 +0000
While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows.
Read more