CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]
Alert Advisory: Supply Chain Attack by Iran’s APT34 Targets the UAE
An Iranian threat group called OilRig typically targets businesses in the Middle East involved in various industries. Still, it has […]
Ragnar Locker Ransomware
Ragnar Locker Ransomware is a type of malware that encrypts a victim’s files and then demands a ransom to decrypt […]
Threat Hunting Unauthorized RDP Post-Exploitation
Users of Microsoft Windows systems can access a remote desktop on systems remotely to administer one or more workstations and/or […]
How SBOM Plays a Key Role in CSOC
In general, 75% of codebases use open-source software, according to the 2021 Open Source Security and Risk Study report. Costs […]
Detecting Rogue Devices on Enterprise Network
Organizations rely on wired networks in today’s hyperconnected environment to link devices and facilitate internal communication. However, it has become […]
Protecting VMWare ESXi Hypervisors from Ransomware
One of the top platforms in the virtualization sector is VMware. Organizations can more effectively use the computing power of […]
Wi-Fi Security – Monitoring Hacking Attempts
Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints […]
2022 is Over But What Did We Learn From Our Work
Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world […]
Why Threat Actors are Now using Rust to Develop New Ransomware?
Rust, a relatively new programming language, was introduced in 2015 and has since gained popularity for its pleasant developer experience […]
Methods to Perform Encrypted Traffic Analysis (ETA)
In addition to considerably enhancing security and user privacy, the introduction of network traffic encryption, such as TLS, has also […]
Why Compromise Assessment Should Be a Part of Your Threat Detection and Response Ecosystem
A typical compromise assessment plan uses specialized software and scripts combined with forensic data to find compromises or problems that […]
WIP19 APT Targeting Organizations in Middle East
With signed malware, a new cyberespionage group has been hitting telecom companies and IT, service providers. The group, known as […]
Using Steganography to Hide Malware – Witchetty APT Case Study
Steganography has been used in the real world on the Windows and macOS operating systems. Attackers have been detected to […]
The Evolution of SideWinder APT and their Modus-Operandi
A suspected Indian threat actor group, Sidewinder, has been operating at least since 2012. They have been seen attacking businesses, […]
Opera1er APT Group Targeting Banks, Financial Institutes, and Mobile Operators across Africa, Asia and LATAM
Since 2016, OPERA1ER, also known as DESKTOP-GROUP, Common Raven, and NXSMS, has been reported to operate with the intention of […]
Royal Ransomware
Royal has been in existence since at least the beginning of 2022, making it a relatively new business. The goal […]
How to Detect Typosquatting using DNSTwist
Typosquatting is a social engineering attack in which a threat actor registers domains with purposefully misspelled versions of well-known companies’ […]
Ursnif/Gozi Malware Evolution and Associated IoC
Gozi is a powerful piece of malware with a wide range of intricate characteristics. It began as a basic banking […]
Detecting Cyber-Attacks on Kubernetes Environment
Kubernetes is a container orchestration system that acts as a management abstraction layer. It is an open-source system that aids […]
Alert Advisory: Insight into APT29
Threat group APT29 is allegedly operated by Russia’s Foreign Intelligence Service (SVR). They have been active since 2008 and frequently […]
Alert Advisory: New Microsoft Exchange Zero-Days
Late on September 29, 2022, Microsoft acknowledged both zero-day vulnerabilities and stated that they were aware of “limited, targeted attacks […]
Recent Uber Breach and Lessons Learnt
Uber acknowledged reports of a widespread cybersecurity compromise on September 15th. The security investigation found that the company’s system had […]
Usage of NPPSpy
Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials […]