CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These […]
Leveraging DETT&CT Framework
Building detection is a difficult task, particularly with an increasing number of data sources. It might be challenging for detection […]
The Rise of IPFS Phishing
Phishing attacks are still one of the most prevalent methods for threat actors to get access, and they pose a […]
DCSync Attacks Explained
Once an attacker gets access to a Windows endpoint, they can access credentials saved in clear text or as a […]
North Korean Attacks Exploiting JetBrains TeamCity Vulnerability
More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server. Background: The program can be […]
With Unique Implants, A New ShroudedSnooper Actor Targets Middle Eastern Telecom Companies
State-sponsored actors and highly skilled adversaries have frequently targeted telecommunications businesses worldwide in recent years. Background: The great majority of […]
CVE-2023-34039: Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
The VMware Aria management and monitoring package provides full-scope operations management, IT automation, log management, analytics creation, network visibility, and […]
Evidence Leads to Lazarus as the VMConnect Supply Chain Attack Continues
Recently, Sonatype and Reversing Labs analyzed the fraudulent PyPI package ‘VMConnect,’ developed to imitate the authentic VMware vSphere connector module […]
Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT
A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT […]
Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability
Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical […]
Alert Advisory: Supply Chain Attack by Iran’s APT34 Targets the UAE
An Iranian threat group called OilRig typically targets businesses in the Middle East involved in various industries. Still, it has […]
PhishForce: In-the-wild Phishing of Facebook Accounts Using a Vulnerability in Salesforce’s Email Services
We have been subjected to fraudulent emails from the early days of the internet, from intrusive spam to highly targeted […]
Monitoring USB Usages in OT Environments
Industrial control systems are vital infrastructures that need strict security protocols, particularly those that operate in operational technology (OT) environments. […]
A Sneaky Cross-Platform Threat Targeting Redis Server: P2PInfect Worm
Unit 42 cloud researchers discovered a new peer-to-peer (P2P) worm on July 11, 2023, which they have named P2PInfect. Background: […]
Silentbob: A New Campaign by Team TNT Attacking Cloud Environments
The infrastructure of many organizations has included cloud computing in recent years due to its multiple advantages in terms of […]
Merdoor – A Custom Backdoor Used by Lancefly APT to Target Government Organizations
Recent observations show the use of a unique Merdoor backdoor by a hacking group known as Lancefly APT to attack […]
Alert Advisory: Analysis of the Microsoft Storm-0558 SaaS Breach
The operators of Storm-0558 stole a Microsoft account (MSA) consumer signing key to forge tokens for Azure Active Directory (AD) […]
Quishing Attacks on the Rise
The phishing technique known as QR code phishing, sometimes known as quishing, employs QR codes to entice victims into exposing […]
Alert Advisory: Citrix ADC Gateway RCE – CVE-2023-3519
In this blog post, we will explore the details of Citrix ADC vulnerability, its potential consequences, and the importance of […]
Freeze – A Payload Toolkit for Bypassing EDRs using Suspended Processes
Freeze is a potent tool that makes it possible to build payloads that stealthily run shellcode and get beyond EDR […]
3CX Double Software Supply Chain Hack
A significant supply chain breach in 3CX software on March 29 resulted in malware being spread internationally across numerous industries. […]
Rogue NuGet Packages – The Rise of Supply Chain Risks
NuGet is the package manager for .NET. It enables developers to create, share, and consume useful .NET libraries. NuGet client […]
Ragnar Locker Ransomware
Ragnar Locker Ransomware is a type of malware that encrypts a victim’s files and then demands a ransom to decrypt […]