Credit to Author: Jagir Shastri| Date: Wed, 07 Feb 2024 00:00:00 +0000
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
Read moreCredit to Author: Feike Hacquebord| Date: Wed, 31 Jan 2024 00:00:00 +0000
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
Read moreCredit to Author: Emmanuel Panopio| Date: Tue, 23 Jan 2024 00:00:00 +0000
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
Read moreCredit to Author: Peter Girnus| Date: Fri, 12 Jan 2024 00:00:00 +0000
This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload.
Read moreCredit to Author: Jagir Shastri| Date: Fri, 15 Dec 2023 00:00:00 +0000
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
Read moreCredit to Author: Buddy Tancio| Date: Mon, 11 Dec 2023 00:00:00 +0000
This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
Read moreCredit to Author: Salim S.I.| Date: Fri, 01 Dec 2023 00:00:00 +0000
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
Read moreCredit to Author: Aliakbar Zahravi| Date: Thu, 23 Nov 2023 00:00:00 +0000
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Read more