Today > | 3 Medium | 1 Low vulnerabilities - You can now download lists of IOCs here!
4 attack reports | 0 vulnerabilities
Unit 42 investigated an extortion attempt where threat actors tested an AV/EDR bypass tool on rogue systems with Cortex XDR installed. The actors purchased network access via Atera RMM and used a BYOVD technique for the bypass tool. Researchers gained visibility into the actors' systems, uncovering…
ESET researchers have uncovered new Rust-based tools used by the Embargo ransomware group. The toolkit includes MDeployer, a loader that deploys MS4Killer and Embargo ransomware, and MS4Killer, an EDR killer that exploits a vulnerable driver. Embargo, first observed in June 2024, is a relatively ne…
A recent analysis by the ThreatDown MDR team has uncovered a novel attack method employed by the RansomHub ransomware gang. The attackers are utilizing two tools: TDSSKiller, a legitimate Kaspersky rootkit removal utility, to disable endpoint detection and response (EDR) systems, and LaZagne, a cre…
The BlackByte ransomware group continues leveraging established tactics and vulnerable drivers to bypass security controls, while also incorporating newly disclosed vulnerabilities and using stolen credentials for propagation. A new iteration of their encryptor appends the 'blackbytent_h' extension…