How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections

Credit to Author: Kyle Philippe Yu| Date: Fri, 20 Sep 2024 00:00:00 +0000

Trend Micro tracked this group as Water Bakunawa, behind the RansomHub ransomware, employs various anti-EDR techniques to play a high-stakes game of hide and seek with security solutions.

Read more

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Credit to Author: Richard Y Lin| Date: Wed, 18 Sep 2024 00:00:00 +0000

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.

Read more

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

Credit to Author: Hitomi Kimura| Date: Thu, 12 Sep 2024 00:00:00 +0000

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

Read more

Earth Preta Evolves its Attacks with New Malware and Strategies

Credit to Author: Lenart Bermejo| Date: Mon, 09 Sep 2024 00:00:00 +0000

In this blog entry, we discuss our analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.

Read more

TIDRONE Targets Military and Satellite Industries in Taiwan

Credit to Author: Pierre Lee| Date: Fri, 06 Sep 2024 00:00:00 +0000

Our research reveals that an unidentified threat cluster we named TIDRONE have shown significant interest in military-related industry chains, particularly in the manufacturers of drones.

Read more

Banking Trojans: Mekotio Looks to Expand Targets, BBTok Abuses Utility Command

Credit to Author: Mhica Romero| Date: Thu, 05 Sep 2024 00:00:00 +0000

Notorious Mekotio and BBTok are having a resurgence targeting Latin American users. Mekotio’s latest variant suggests the gang behind it is broadening their target, while BBTok is seen abusing MSBuild.exe to evade detection.

Read more