A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.
Read More...
July Patch Tuesday patches include fix for exploited zero-day Microsoft’s July Patch Tuesday includes an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS). This vulnerability immediately made it to the Cybersecurity & Infrastructure Security Agency (CISA) list of known to be exploited in the wild list that are due for
Read More...
Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. Threat actors are attempting to compromise a large number of cloud-based systems to mine cryptocurrency with a significant
Read More...
A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.…
Read More...
An information-stealing malware (Qbot) has recently emerged, and according to the analysis, it only takes 30 minutes for it to exfiltrate all the user browser data and emails from Outlook, and only 50 minutes to spread across the whole network. This malware has been seen in the wild used by many adversaries such as REvil,
Read More...
About the technique SEO poisoning technique is used to trick users into downloading installers (for TeamViewer, Zoom, Visual Studio, and possibly other software) bundled with “Batloader” and “Atera”. Those installers are distributed using compromised websites that appear in search results after entering certain keywords. Those keywords include “free productivity apps installation” or “free software development
Read More...