Ransomware operators have a new tool, named AXLocker, which can encrypt several file types and make them completely unusable. Additionally, the ransomware steals Discord tokens from the victim’s machine and sends them to a separate Discord server ran by the threat actors (TAs) . Finally, the AXLocker ransomware shows a pop-up window that contains a […]
ViperSoftX: Hiding and Stealing
ViperSoftX is a multi-stage stealer that exhibits interesting hiding capabilities. Other than stealing cryptocurrencies, it also spreads the VenomSoftX browser extension, which performs man-in-the-browser attacks. One of the payloads ViperSoftX distributes is a specific information stealer in the form of a browser extension for Chromium-based browsers. Due to its standalone capabilities and uniqueness, we decided […]
Actor Profile: DEV-0243 – from FakeUpdates to Ransomware
Executive summary The threat actor that Microsoft tracks as DEV-0243, which overlaps with activity tracked by the cyber intelligence industry as EvilCorp , is a Russia-based cybercriminal group that’s been active since June 2014. It was also notorious for one of its earliest malware campaigns – the Dridex banking trojan. DEV-0243 is also one of the first […]
Windows Tech Tips and Tricks
How to Remove Windows 10’s Annoying Search Highlights Icons (Tom’s Hardware) How to auto shutdown Windows when it’s been idle for a while (OnMSFT) How to Transfer a Windows 10 or 11 License to Another PC (Tom’s Hardware) How to Run a Program as a Different User (RunAs) in Windows? (Windows OS Hub) How to Keep Windows Running Smoothly (Tom’s […]
Chinese threat actor targets South East Asia
Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and assess it has a China nexus. UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to […]
Why are Network Management Solution Important
The network management solution (NMS) market contains many products that claim to offer the best experience and network security. To this end, choosing a solution that meets your needs can be challenging. One of the biggest challenges has to do with trusting these solutions. Are they safe? Are they reliable? Remember that you need to keep your network […]
What are Advanced Persistent Threats(APT)
Cybercriminals often use an advanced persistent threat (APT) to sustain surveillance or attacks against targets. One of the most valuable assets in a business is its data. Cybercriminals use APTs to steal your information, including trade secrets and patents. Also, bad actors can use APTs to gain employee and client information for extortion or to […]
Essential Email Security Policies
Although the average person may not encounter a substantial amount of emails, businesses and people within these businesses use email every day. Unfortunately, cybercriminals often use this common messaging tool as an attack vector. In this year’s Cost of a Data Breach Report, phishing is the costliest initial attack vector, with an average of USD4.91 million. The […]
Why You Need Email Spam Filter
Unwanted communication, or email spam, is a common challenge for many businesses today. Cyberattackers often send mass emails to millions of email addresses they scraped from the internet. These emails usually have a sense of urgency, lucrative offers, or even mimic other genuine sites. However, the main motivation behind these emails is far more sinister. […]
Linux Tech Tips
Ubuntu Tips How to Install Ubuntu 22.04 Desktop [Step by Step Picture Guide] (Ubuntu Handbook) How to Upgrade to Ubuntu 20.04 LTS Using ‘do-release-upgrade’ Command (Allthings.how) How to enable SSH 2FA on Ubuntu Server 22.04 (TechRepublic) Install Grub Customizer to Configure the Boot Menu in Ubuntu 22.04 (Ubuntu Handbook) 31 Linux Commands Every Ubuntu User […]
Aurora a trending infostealer Malware
Since September 2022, Aurora malware is advertised as an infostealer and several traffers teams announced they added it to their malware toolset. Furthermore, SEKOIA.IO observed an increase in the number of Aurora samples distributed in the wild, as well as C2 servers. First advertised on Russian-speaking underground forums in April 2022, Aurora is a multi-purpose […]
Vulnerable SDK components lead to supply chain risks
Vulnerable SDK components lead to supply chain risks in IoT and OT environments Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets […]
Social Engineering Attack Costs Billions
Eli Lilly lost USD15 billion in market cap to a social engineering attack. The attack happened only days after Twitter announced a USD8 fee for the blue check mark verification last Wednesday. Following the social engineering attack, Twitter suspended the option. Since Twitter first applied the option, parody accounts of known companies and individuals got […]
Malware Delivered via Contact Forms
The DFIR Report expands on an intrusion from May 2022, where threat actors used BumbleBee as the initial access vector from a Contact Forms campaign. The intrusion began with the delivery of an ISO file that contained an LNK and a DLL. The threat actors leveraged BumbleBee to load a Meterpreter agent and Cobalt Strike […]
Spear-phising for Malware Delivery
Since it first started being active in 2020, Earth Longzhi’s long-running campaign can be divided into two based on the range of time and toolset. During its first campaign deployed from 2020 to 2021, Earth Longzhi targeted the government, infrastructure, and health industries in Taiwan and the banking sector in China. In its second campaign […]
Evasive Techniques used by injected Websites
Analysis of a new technique to inject websites with SocGholish malware found using zip compression, obfuscation, strrev functions, and other evasive techniques to avoid detection. Once installed, fake browser updates infect the victim’s computer with various types of malware including remote access trojans (RATs). SocGholish malware is often the first step in severe targeted ransomware […]
Hive Ransomware
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022. As of November 2022, Hive ransomware actors have victimized over 1,300 companies […]
5 Things to Consider When Assessing Your VM Density
Businesses try to get the most out of any capital expenditure to improve their bottom line. When it comes to virtualization, this means trying to get the highest possible return on their virtualization hardware investment. You can do this by increasing the number of virtual machines (VMs) hosted. The greater the number of VMs, the […]
Removing Uninstalled Software Data from Windows
It’s common for Windows users to uninstall applications from their computers. It’s pointless to keep applications on your disk if you no longer use them. Unfortunately, when you uninstall an application, some of its data may remain on the hard disk. To make matters worse, these application remnants sometimes contain sensitive data. In this article, […]
Microsoft 365 Tips and Tricks
Understanding Microsoft 365 security for your environment Why MFA Is More Important than Ever for Microsoft 365 How To Adjust The Multi-Factor Authentification (MFA) For Microsoft 365 How to Build Workflows Using Power Automate and AI in Microsoft 365 Microsoft 365 Login: Troubleshooting User Sign-In Problems How to Prevent Microsoft 365 From Purging Old Messages […]