Today > | 1 Medium vulnerabilities - You can now download lists of IOCs here!
9 attack reports | 189 vulnerabilities
A zero-day vulnerability exploited by an advanced adversary to gain access to a victim’s network, according to research by FortiGuard Labs and the Centre for Strategic Intelligence (CISA).
A newly identified variant of FASTCash "payment switch" malware specifically targets the Linux operating system, as well as Microsoft Windows, according to CISA and the Department of Homeland Security (DHS).
A report by HarfangLab EDR and MITRE ATT&CK on the threat posed by the Lumma Stealer malware, published on 11 October, 2024, outlines the tactics used to deploy the malware.
SideWinder APT group has expanded its activities, targeting high-profile entities in the Middle East and Africa. The group employs a multi-stage infection chain using spear-phishing emails with malicious attachments. A new post-exploitation toolkit called 'StealerBot' has been discovered, designed …
This report delves into an analysis of CoreWarrior, a persistent trojan designed for rapid propagation. It creates multiple copies of itself, attempts connections to various IP addresses, opens backdoor access, and hooks Windows UI elements for monitoring purposes. The malware employs techniques li…
This report delves into the analysis of 40 recent variants of the banking trojan TrickMo, uncovering novel capabilities like stealing unlock patterns/PINs and geolocating victims. It examines the malware's advanced features, including credential theft, data exfiltration, and command-and-control mec…
This report examines a campaign called 'ErrorFather' that utilizes an undetected variant of the Cerberus Android Banking Trojan. The campaign employed a sophisticated multi-stage dropper technique to deploy the malicious payload, which incorporated features like keylogging, overlay attacks, VNC, an…
Water Makara, a threat actor group, is targeting enterprises in Brazil with a spear phishing campaign using the Astaroth banking malware. The attackers employ obfuscated JavaScript to bypass security defenses, often impersonating official tax documents to trick users. The campaign primarily affects…
EDRSilencer, a red team tool designed to interfere with endpoint detection and response (EDR) solutions, has been discovered being abused by threat actors. It leverages the Windows Filtering Platform to block EDR traffic, concealing malicious activity. The tool dynamically identifies running EDR pr…