Recent cybersecurity developments have revealed that cybercriminals are actively exploiting the newly discovered “Log4Shell” vulnerability in the widely used Log4j library. This vulnerability has enabled attackers to exploit unpatched servers, allowing them to deploy cryptocurrency miners, utilize Cobalt Strike for additional malicious objectives, and integrate compromised devices into expanding botnets.…
Recent investigations into the Qakbot malware, often described as a multi-faceted threat, have revealed its infection strategies, segmented into distinct components. Microsoft has characterized these “building blocks” as vital for the proactive detection and neutralization of this threat, aiming to enhance cybersecurity measures significantly. The Microsoft 365 Defender Threat Intelligence…
Recent cybersecurity analysis has uncovered the deployment of a newly identified binary called “Owowa,” specifically targeting Microsoft Exchange’s Outlook Web Access servers. This malicious Internet Information Services (IIS) web server module seeks to extract user credentials and facilitate remote command execution on compromised systems. The Owowa module, reportedly written in…
Recent research has unveiled an advanced malware campaign characterized by its use of legitimate code signing certificates to elude cybersecurity measures. This stealthy approach aims to deploy notorious payloads such as Cobalt Strike and BitRAT across compromised systems. The loader, identified as “Blister” by Elastic Security experts, exhibits an alarming…
A recently identified strain of ransomware, dubbed “White Rabbit,” has emerged, likely linked to the financially motivated threat actor known as FIN8. This malware was reportedly employed in an attack against a U.S.-based local bank in December 2021. According to research by Trend Micro, the technical characteristics of White Rabbit…
Recent cybersecurity reports have surfaced detailing a series of SQL injection attacks attributed to a newly identified hacker group named GambleForce. This group has predominantly targeted organizations across the Asia-Pacific (APAC) region since September 2023, raising significant concerns regarding the vulnerabilities in web application security practices. According to Group-IB, a…
In an alarming series of spear-phishing attacks between October and November 2021, the Russia-linked advanced persistent threat group APT29 targeted European diplomatic missions and Ministries of Foreign Affairs. This activity showcases a troubling trend of cyberespionage aimed at sensitive political partners. ESET’s T3 2021 Threat Report, provided to The Hacker…
Targeted Attacks on Vulnerable Microsoft SQL Servers Uncovered Recent cybersecurity reports indicate that threat actors are actively exploiting vulnerable internet-facing Microsoft SQL (MS SQL) Servers as part of a disturbing new campaign. This effort aims to install the Cobalt Strike adversary simulation tool on compromised systems, revealing serious implications for…
The Emotet botnet, notorious for its insidious operations, resurged in November 2021 after a significant period of inactivity, accumulating over 100,000 compromised hosts. The botnet’s activities have demonstrated a steady increase, indicating a troubling return to form for this malware. According to researchers from Lumen’s Black Lotus Labs, since its…
