Credit to Author: Ieriz Nicolle Gonzalez| Date: Fri, 07 Jul 2023 00:00:00 +0000
We analyze the technical details of a new ransomware family named Big Head. In this entry, we discuss the Big Head ransomware’s similarities and distinct markers that add more technical details to initial reports on the ransomware.
Read moreCredit to Author: Joyce Huang| Date: Thu, 06 Jul 2023 00:00:00 +0000
To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security.
Read moreCredit to Author: Lucas Silva| Date: Fri, 30 Jun 2023 00:00:00 +0000
We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.
Read moreCredit to Author: Shannon Murphy| Date: Fri, 23 Jun 2023 00:00:00 +0000
New uses for generative AI are being introduced every day—but so are new risks.
Read moreCredit to Author: Arianne Dela Cruz| Date: Fri, 23 Jun 2023 00:00:00 +0000
The Trigona ransomware is a relatively new ransomware family that began activities around late October 2022 — although samples of it existed as early as June 2022. Since then, Trigona’s operators have remained highly active, and in fact have been continuously updating their ransomware binaries.
Read moreCredit to Author: Shannon Murphy| Date: Tue, 20 Jun 2023 00:00:00 +0000
Learn how analysts can search for threats with greater accuracy, speed, and effectiveness.
Read moreCredit to Author: Peter Girnus| Date: Tue, 20 Jun 2023 00:00:00 +0000
This is the third installment of a three-part technical analysis of the fully undetectable (FUD) obfuscation engine BatCloak and SeroXen malware. In this entry, we document the techniques used to spread and abuse SeroXen, as well as the security risks, impact, implications of, and insights into highly evasive FUD batch obfuscators.
Read moreCredit to Author: Shannon Murphy| Date: Thu, 15 Jun 2023 00:00:00 +0000
Discover how Companion can help upgrade SOC efficiency and elevate your team to reach their full potential.
Read moreCredit to Author: Shannon Murphy| Date: Thu, 15 Jun 2023 00:00:00 +0000
Discover how Companion can help upgrade SOC efficiency and elevate your team to reach their full potential.
Read moreCredit to Author: Peter Girnus| Date: Thu, 15 Jun 2023 00:00:00 +0000
We looked into the documented behavior of SeroXen malware and noted the inclusion of the latest iteration of the batch obfuscation engine BatCloak to generate a fully undetectable (FUD) .bat loader. This is the second part of a three-part series documenting the abuse of BatCloak’s evasion capabilities and interoperability with other malware.
Read more