New Info Stealer Bandit Stealer Targets Browsers, Wallets

Credit to Author: Sarah Pearl Camiling| Date: Fri, 26 May 2023 00:00:00 +0000

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

Read more

Future Exploitation Vector: File Extensions as Top-Level Domains

Credit to Author: Joshua Aquino| Date: Tue, 23 May 2023 00:00:00 +0000

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards.

Read more

BlackCat Ransomware Deploys New Signed Kernel Driver

Credit to Author: Mahmoud Zohdy| Date: Mon, 22 May 2023 00:00:00 +0000

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.

Read more

8220 Gang Evolves With New Strategies

Credit to Author: Sunil Bharti| Date: Tue, 16 May 2023 00:00:00 +0000

We observed the threat actor group known as “8220 Gang” employing new strategies for their respective campaigns, including exploits for the Linux utility “lwp-download” and CVE-2017-3506, an Oracle WebLogic vulnerability.

Read more

Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules

Credit to Author: Jaromir Horejsi| Date: Mon, 15 May 2023 00:00:00 +0000

Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.

Read more

Attack on Security Titans: Earth Longzhi Returns With New Tricks

Credit to Author: Ted Lee| Date: Tue, 02 May 2023 00:00:00 +0000

After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.

Read more

Rapture, a Ransomware Family With Similarities to Paradise

Credit to Author: Don Ovid Ladores| Date: Fri, 28 Apr 2023 00:00:00 +0000

In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack.

Read more