
Blog Series
Malware

IceID malware infiltrates Active Directory...
In a notable IcedID malware attack, the assailant impacted the Active Directory domain of the victim in less than 24 hours, transiting from initial infection to lateral movement in fewer...
Dridex malware targets Mac...
Dridex, a Windows-focused banking trojan that has since expanded its capabilities to include information theft and botnet capabilities, is now targeting Macs via email attachments that appear to be regular...
Attackers distribute QBot malware using...
Talos researchers recently uncovered a phishing campaign that uses Scalable Vector Graphics (SVG) images embedded in HTML email attachments to distribute QBot malware. Basically, when the victim of this attack...
APT5 exploits unauthenticated remote code...
The U.S. National Security Agency has warned that a Chinese state-sponsored group is exploiting an unauthenticated remote code execution flaw (CVE-2022-27518) to compromise Citrix Application Delivery Controller (ADC) deployments. According...
1,650 malicious Docker Hub images...
After discovering malicious behaviors in 1,652 of 250,000 unverified Linux images publicly available on Docker Hub, security researchers have warned developers of the risks of using shared container images. Cryptocurrency...
RansomExx malware offers new features...
The APT group DefrayX has launched a new version of its RansomExx malware known as RansomExx2, a variant for Linux rewritten in the Rust programming language, possibly to avoid detection...
CISA Warns of New Malware...
Last year, CISA created a list of vulnerabilities being actively exploited and a list of applications directly affected by those vulnerabilities. Over time, the list has been updated to reflect...
New Metador APT takes aim...
A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities on multiple continents, according to security researchers at SentinelOne. “The operators...
U.S. Seizes $30 Million Worth...
Chainalysis, a U.S. company, said it had worked with the FBI to recover more than $30 million in cryptocurrency stolen from online video game maker Axie Infinity by North Korea-linked...
Bumblebee Malware Offers a new...
A new version of the Bumblebee malware loader has been discovered by researchers. The new strain of malware offers a new chain of infection, including the use of a PowerScript...
New ‘GIFShell’ Attack Technique Exploits...
A new ‘GIFShell” attack technique exploits bugs and vulnerabilities in Microsoft Teams to abuse legitimate Microsoft infrastructure, execute malicious files, execute commands, and exfiltrate data. According to Bobby Rauch, the...