Blog
Stealthy npm Malware Exposes Developer Data
Upon analyzing the attack code, Phylum uncovered that it utilized a combination of post-install hooks and pre-install scripts to trigger the execution of malicious code once the packages were installed.
New Yashma Ransomware Variant Targets Multiple English-Speaking Countries
An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to...
Update: All Versions of Ivanti Product Affected by Vulnerability Used in Norway Government Attack
“Since originally reporting CVE-2023-35082… Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile 11.10, 11.9, and 11.8 and MobileIron Core 11.7 and below,” Ivanti said.
Update: All Versions of Ivanti Product Affected by Vulnerability Used in Norway Government Attack
“Since originally reporting CVE-2023-35082… Ivanti has continued its investigation and has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile 11.10, 11.9, and 11.8 and MobileIron Core 11.7 and below,” Ivanti said.
Nigerian Man Admits to $1.3M Business Email Compromise Scam
A Nigerian national pleaded guilty to participating in a BEC scheme to steal $1.25m from a Boston investment firm. The scam involved using malware and a spoofed domain name to trick the firm into transferring money to attacker-controlled accounts.
LOLBAS in the Wild: 11 Living-Off-The-Land Binaries Used for Malicious Purposes
Cybersecurity researchers have discovered a set of 11 living-off-the-land binaries-and-scripts (LOLBAS) that could be maliciously abused by threat actors to conduct post-exploitation activities. "LOLBAS is an attack method that uses binaries and scripts that are...
Latest Batloader Campaigns Use Pyarmor Pro for Evasion
The Batloader initial access malware, used by the group Water Minyades, has upgraded its evasion techniques by utilizing Pyarmor Pro to obfuscate its malicious Python scripts.
New Microsoft Azure AD CTS Feature can be Abused for Lateral Movement
Microsoft's new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface that might allow threat actors to more easily spread laterally to other Azure tenants.
Cl0p Ransomware Gang Revises its Extortion Strategy
MOVEit-hijacker Cl0p ransomware gang has changed its extortion tactics and is now using torrents to distribute data stolen in the MOVEit Transfer breaches. Previously, the group utilized Tor data leak sites, but this method was slow and easier to shut down. Through...
Cl0p Ransomware Gang Revises its Extortion Strategy
MOVEit-hijacker Cl0p ransomware gang has changed its extortion tactics and is now using torrents to distribute data stolen in the MOVEit Transfer breaches. Previously, the group utilized Tor data leak sites, but this method was slow and easier to shut down. Through...
FREE GUIDE