Palo Alto Networks

IronNetInjector: Turla’s New Malware Loading Tool

The method, known as Bring Your Own Interpreter (BYOI), involves use of an interpreter, not present on a system by default, to run malicious code of an interpreted programming or scripting language.

Exploits in the Wild for WordPress File Manager RCE Vulnerability (CVE-2020-25213)

Successful exploitation of this vulnerability allows an attacker to upload an arbitrary file with arbitrary names and extensions, leading to Remote Code Execution (RCE) on the targeted web server.

Pro-Ocean: Rocke Group’s New Cryptojacking Malware

Pro-Ocean uses known vulnerabilities to target cloud applications. Additionally, it attempts to remove other malware and miners including Luoxk, BillGates, XMRig, and Hashfish before installation.

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

The actor used the BumbleBee webshell to upload and download files to and from the compromised Exchange server, but more importantly, to move laterally to other servers on the network.

TA551: Email Attack Campaign Switches from Valak to IcedID

The recent campaign has targeted German, Italian and Japanese speakers. TA551 has historically pushed different families of information-stealing malware like Ursnif and Valak.

SolarStorm Timeline: Details of the Software Supply-Chain Attack

While this is not the first software supply-chain compromise, it may be the most notable, as the attacker was trying to gain widespread, persistent access to a number of critical networks.

European Commission Proposes Bold Steps on Cybersecurity

NIS 2 seeks to promote voluntary cyberthreat information sharing by directing Member States to ensure that covered entities can share cyberthreat information among themselves to improve cybersecurity.

An Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

On December 4, 2020, the Kubernetes Product Security Committee disclosed a new medium-severity vulnerability (CVE-2020-8554) affecting all Kubernetes versions and is currently unpatched.

PyMICROPSIA: New Information-Stealing Trojan from AridViper

Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region, and identified a new information stealer with relations to the MICROPSIA malware.

PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

Unit 42 researchers uncovered a novel Linux-based cryptocurrency mining botnet that exploits a disputed PostgreSQL remote code execution (RCE) vulnerability that compromises database servers for cryptojacking.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags