Uncovering the Threat of BlueBravo with GraphicalNeutrino and BEATDROP
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GraphicalNeutrino and BEATDROP are malicious software used by the Russian-linked threat group BlueBravo in targeted cyber attacks, using legitimate Western services for command-and-control communications to evade detection. …
Infection and Evolution of the GOOTLOADER Malware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk and creating a task. …
Proof-of-concept released for Windows CryptoAPI vulnerability
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-34689 is a critical vulnerability in Windows CryptoAPI that was publicly announced by Microsoft in October 2022. The vulnerability allows an attacker to masquerade as a legitimate entity by exploiting the …
QNAP addresses a vulnerability in NAS devices
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage (NAS) devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL query …
Cyber Attack on Ukrainian National Information Agency
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary On 17th January 2023, the Ukrainian National Information Agency “Ukrinform” suffered a partial cyber attack. The Government Computer Emergency Response Team of Ukraine (CERT-UA) initiated an investigation into the attack at …
New Ransomware Mimic Emerges in the Wild, Abusing Legitimate Tool for Faster Encryption
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mimic is a new ransomware that uses the APIs of a legitimate tool called Everything to encrypt target files and has multiple capabilities such as deleting shadow copies, terminating multiple applications …
Similarities between hacktivist groups reveal Iranian connection
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary COBALT SAPLING is a threat actor group that is believed to be Iranian in origin. The group has been found to operate multiple hacktivist group personas, including Moses Staff and Abraham’s …
CRYPTBOT Information-Stealing Malware Targeting Your Browser and Crypto-Wallet
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CRYPTBOT is malware that steals personal information by gathering browser credentials, cookies, cryptocurrency wallets, and system information. It then compresses the collected data into a zip file and sends it to …
Titan Stealer – A Cross-Platform Information Stealer Malware Distributed by Threat Actors
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Titan Stealer is a cross-platform information stealer malware actively distributed by a threat actor through a Telegram channel, capable of stealing various information from infected Windows machines and providing the attacker …
Chrome 109 addresses an array of security flaws
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Google Chrome’s latest stable channel update for Windows, Mac, and Linux addresses a number of security flaws. The flaws allow a remote attacker to get access to potentially sensitive information by …