Exploit attempts for unpatched Citrix vulnerability
Exploit attempts for unpatched Citrix vulnerability, Author: Johannes Ullrich
From Perfctl to InfoStealer
From Perfctl to InfoStealer, Author: Xavier Mertens
Ransomware Cases Increased Greatly in 2023
As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. Though governments around the world are taking more interest in the worldwide threat, we can see from the increase of cases that our actions have not been enough to thwart the ransomware threat. As new groups continue to form, former groups continue to evolve into new brands, and the big players continue to ramp up their efforts, we must remain vigilant and focus on our preparation and early detection capabilities.
Redline Dropped Through MSIX Package
Redline Dropped Through MSIX Package, Author:
Loader activity for Formbook "QM18"
Loader activity for Formbook "QM18", Author: Brad Duncan
Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure
Kazakhstan - the world's last SSLv2 superpower... and a country with potentially vulnerable last-mile internet infrastructure, Author: Jan Kopriva
Microsoft February 2023 Patch Tuesday
Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft. Three of the vulnerabilities, all rated "important", are already being exploited
A Backdoor with Smart Screenshot Capability
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Google ads lead to fake software pages pushing IcedID (Bokbot)
Fake sites for popular software have occasionally been used by cyber criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use this method as a distribution technique (we also commonly see IcedID sent through email).
Microsoft February 2023 Patch Tuesday
Microsoft today patched 80 different vulnerabilities. This includes the Chromium vulnerabilities affecting Microsoft Edge. Nine vulnerabilities are rated as "Critical" by Microsoft. Three of the vulnerabilities, all rated "important", are already being exploited
A Backdoor with Smart Screenshot Capability
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Malicious Google Ad -- Fake Notepad++ Page -- Aurora Stealer malware
Google ads lead to fake software pages pushing IcedID (Bokbot)
Fake sites for popular software have occasionally been used by cyber criminal groups to push malware. Campaigns pushing IcedID malware (also known as Bokbot) also use this method as a distribution technique (we also commonly see IcedID sent through email).