Since mid-2021, we have been investigating a rather elusive threat actor called Earth Lusca that targets organizations globally via a campaign that uses traditional socialRead more
The security research community had been expecting something like this to come along for a while. So it was with a sense of dread thatRead more
Log4j does not sanitize inputs. Tactical Measures The first challenge is to find out where your code and applications might have the vulnerability. There areRead more
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. By: AbrahamRead more
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimateRead more
AWS re:Invent 2021 Guide: Checklist & Key Sessions Cyber Threats Welcome to your complete guide to AWS re:Invent 2021, where you will find tips onRead more
Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However,Read more
Void Balaur and the Rise of the Cybermercenary Industry APT & Targeted Attacks One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threatRead more
ADS goes here!If you don't see it, then please turn OFF
AD blocker for this website.
Our ads are not aggressive and help us
pay for the server and coffee.
THANK YOU for your support!