Credit to Author: Sunil Bharti| Date: Mon, 21 Oct 2024 00:00:00 +0000
We observed an unknown threat actor abusing exposed Docker remote API servers to deploy the perfctl malware.
Read moreCredit to Author: Ryan Soliven| Date: Mon, 30 Sep 2024 00:00:00 +0000
Trend Micro MDR (Managed Detection and Response) team promptly mitigated a more_eggs infection. Using Vision One, MDR illustrated how Custom Filters/Models and Security Playbook can be used to automate the response to more_eggs and similar threats.
Read moreCredit to Author: Abdelrahman Esmail| Date: Fri, 30 Aug 2024 00:00:00 +0000
Trend Micro discovered that old Atlassian Confluence versions that were affected by CVE-2023-22527 are being exploited using a new in-memory fileless backdoor.
Read moreCredit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000
In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
Read moreCredit to Author: Cedric Pernet| Date: Wed, 04 Sep 2024 00:00:00 +0000
While monitoring Earth Lusca, we discovered the threat group’s use of KTLVdoor, a highly obfuscated multiplatform backdoor, as part of a large-scale attack campaign.
Read moreCredit to Author: Mohamed Fahmy| Date: Thu, 29 Aug 2024 00:00:00 +0000
Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool.
Read moreCredit to Author: Abdelrahman Esmail| Date: Wed, 28 Aug 2024 00:00:00 +0000
A technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.
Read moreCredit to Author: Ted Lee| Date: Fri, 09 Aug 2024 00:00:00 +0000
Since late 2022, Earth Baku has broadened its scope from the Indo-Pacific region to Europe, the Middle East, and Africa. Their latest operations demonstrate sophisticated techniques, such as exploiting public-facing applications like IIS servers for initial access and deploying the Godzilla webshell for command and control.
Read moreCredit to Author: Jaromir Horejsi| Date: Thu, 01 Aug 2024 00:00:00 +0000
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
Read moreCredit to Author: Shubham Singh| Date: Fri, 05 Jul 2024 00:00:00 +0000
In this blog entry, we will discuss how the Jenkins Script Console can be weaponized by attackers for cryptomining activity if not configured properly.
Read more