Credit to Author: Daniel Lunghi| Date: Fri, 14 Jul 2023 00:00:00 +0000
We recently found that an MSI installer built by the National Information Technology Board (NITB), a Pakistani government entity, delivered a Shadowpad sample, suggesting a possible supply-chain attack.
Read moreCredit to Author: Jon Clay| Date: Thu, 13 Jul 2023 00:00:00 +0000
Embracing platform approach as the path to enhanced security and resilience
Read moreCredit to Author: Fernando Merces| Date: Thu, 13 Jul 2023 00:00:00 +0000
An analysis of advanced persistent threat (APT) group Red Menshen’s different variants of backdoor BPFDoor as it evolves since it was first documented in 2021.
Read moreCredit to Author: Ieriz Nicolle Gonzalez| Date: Fri, 07 Jul 2023 00:00:00 +0000
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.
Read moreCredit to Author: Joyce Huang| Date: Thu, 06 Jul 2023 00:00:00 +0000
To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security.
Read moreCredit to Author: Lucas Silva| Date: Fri, 30 Jun 2023 00:00:00 +0000
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Read moreCredit to Author: Shannon Murphy| Date: Fri, 23 Jun 2023 00:00:00 +0000
New uses for generative AI are being introduced every day—but so are new risks.
Read moreCredit to Author: Arianne Dela Cruz| Date: Fri, 23 Jun 2023 00:00:00 +0000
The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.
Read moreCredit to Author: Shannon Murphy| Date: Tue, 20 Jun 2023 00:00:00 +0000
Learn how analysts can search for threats with greater accuracy, speed, and effectiveness.
Read moreCredit to Author: Peter Girnus| Date: Tue, 20 Jun 2023 00:00:00 +0000
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators.
Read more