BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. There are rumors of a relationship
Tag: VULNERABILITY
The ASEC analysis team is constantly monitoring malware distributed to vulnerable database servers (MS-SQL, MySQL servers). This blog will explain the RAT malware named Gh0stCringe[1].
Pandora ransomware came into the spotlight in March 2022 after targeting some high-profile victims on its leak site. The ransomware group announced its first victim
Summary Multifactor Authentication (MFA): A Cybersecurity Essential• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research,
Background Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on
By Edmund Brumaghin, with contributions from Jonathan Byrne, Perceo Lemos and Vasileios Koutsoumpogeras. This post is also available in: 日本語 (Japanese) Українська (Ukrainian) Executive Summary
For additional information regarding deserialization exploits and our new hunting rule generation tool ‘HeySerial’, read our blog post, Now You Serial, Now You Don’t —
In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share
8/24 Editor’s Note: Since the publication, SMTP2Go has updated its security measures. Key Takeaways Proofpoint researchers have identified ongoing activity by the China-aligned APT actor
This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive Summary) Over the past
The ASEC analysis team has recently discovered the distribution of Cobalt Strike targeting unsecured MS-SQL servers. MS-SQL server is a typical database server of the
In this intrusion (from November 2021), a threat actor gained its initial foothold in the environment through the use of Qbot (a.k.a. Quakbot/Qakbot) malware. Soon
By Amitai Ben Shushan Ehrlich and Yair Rigevsky Executive Summary SentinelLabs has been tracking the activity of an Iranian-aligned threat actor operating in the Middle-East
More than 350 ecommerce stores infected with malware in a single day. Today our global crawler discovered 374 ecommerce stores infected with the same strain
case study below, Antlion compromised the networks of at least two other organizations in Taiwan, including another financial organization and a manufacturing company. The activity