Black Basta ransomware operators leverage QBot for lateral movements
The QBot malware operation has partnered with Black Basta ransomware group to target organizations worldwide. Researchers from NCC Group spotted...
OSINT
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool...
RSA 2022: Prometheus ransomware’s flaws inspired researchers to try to build a near-universal decryption tool
Prometheus—a ransomware build based on Thanos that locked up victims’ computers in the summer of 2021—included a major “vulnerability” that...
Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant
LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Today the...
BugCrowd Bug Bounty Disclosure: P5 – Dangerous RTLO Injection – By nt3c
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
Cobalt Stike Beacon Detected – 84[.]32[.]188[.]250:8088
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 107[.]189[.]12[.]133:8099
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]35[.]108[.]132:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 81[.]70[.]3[.]206:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 101[.]35[.]21[.]69:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Closing the Door: DeadBolt Ransomware Locks Out Vendors With Multitiered Extortion Scheme
In this report, we investigate the reasons that the DeadBolt ransomware family is more problematic for its victims than other...
Why It’s Time to Map the Digital Attack Surface
Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces. If you like the site, please...
Why It’s Time to Map the Digital Attack Surface
Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces. If you like the site, please...
Lockc – Making Containers More Secure With eBPF And Linux Security Modules (LSM)
lockc is open source sofware for providing MAC (Mandatory Access Control) type of security audit for container workloads. The main...
Microsoft Autopatch is here…but can you use it?
Updating endpoints on a network can be a daunting task. Testing before rollout can take time. Delays to patches going...
FBI warns of scammers soliciting donations for Ukraine
The FBI recently issued an announcement about a fraudulent scheme that proves there is no low that’s too low for...
Microsoft seized 41 domains used by Iran-linked Bohrium APT
Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes...
Another nation-state actor exploits Microsoft Follina to attack European and US entities
A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in...
AWS-Threat-Simulation-and-Detection – Playing Around With Stratus Red Team (Cloud Attack Simulation Tool) And SumoLogic
This repository is a documentation of my adventures with Attack Description Link aws.credential-access.ec2-get-password-data Retrieve EC2 Password Data Link aws.credential-access.ec2-steal-instance-credentials Steal...
A week in security (May 30 – June 5)
Last week on Malwarebytes Labs: Intuit phish says “We have put a temporary hold on your account”The Quad commits to...
Red TIM Research discovers a Command Injection with a 9,8 score on Resi
During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s...
Cobalt Stike Beacon Detected – 124[.]221[.]217[.]149:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 134[.]19[.]178[.]212:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 37[.]0[.]8[.]252:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
