Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

Credit to Author: Shubham Singh| Date: Fri, 05 Jul 2024 00:00:00 +0000

In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.

Read more

Mekotio Banking Trojan Threatens Financial Systems in Latin America

Credit to Author: Trend Micro Research| Date: Thu, 04 Jul 2024 00:00:00 +0000

We’ve recently seen a surge in attacks involving the Mekotio banking trojan. In this blog entry, we’ll provide an overview of the trojan and what it does.

Read more

Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework

Credit to Author: Peter Girnus| Date: Wed, 19 Jun 2024 00:00:00 +0000

We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads.

Read more

Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Read more

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Credit to Author: Hara Hiroaki| Date: Tue, 11 Jun 2024 00:00:00 +0000

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Read more

Decoding Water Sigbin’s Latest Obfuscation Tricks

Credit to Author: Sunil Bharti| Date: Thu, 30 May 2024 00:00:00 +0000

Water Sigbin (aka the 8220 Gang) exploited the Oracle WebLogic vulnerabilities CVE-2017-3506 and CVE-2023-21839 to deploy a cryptocurrency miner using a PowerShell script. The threat actor also adopted new techniques to conceal its activities, making attacks harder to defend against.

Read more

Cybersecurity Decluttered: A Journey to Consolidation

Credit to Author: David Ng| Date: Fri, 12 Apr 2024 00:00:00 +0000

Learn how far cybersecurity has come from scattered resources to consolidation the future.

Read more

How Red Team Exercises Increases Your Cyber Health

Credit to Author: Johnny Krogsboll| Date: Thu, 11 Apr 2024 00:00:00 +0000

Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effectively.

Read more

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

Credit to Author: Christopher So| Date: Tue, 02 Apr 2024 00:00:00 +0000

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Read more