Tag: cybersecurity

15 Attack Reports | 0 Vulnerabilities

Attack reports

Pixel-Perfect Trap: The Surge of SVG-Borne Phishing Attacks

The Trustwave SpiderLabs Email Security team has identified a significant increase in SVG image-based attacks, where seemingly harmless graphics are used to conceal dangerous links. Cybercriminals are exploiting the ability of SVG files to embed JavaScript, which can execute automatically upon open…
obfuscation
phishing
social engineering
phaas
javascript
cybersecurity
email security
svg
2025-05-16
ursnif
tycoon2fa
Published: May 16, 2025
Downloadable IOCs: 4

Modern Incident Response: Tackling Malicious ML Artifacts

This analysis explores the emerging threat of machine learning model-based breaches, detailing their anatomy, detection methods, and real-world examples. It highlights the risks associated with sharing ML models, particularly through platforms like Hugging Face, and the potential for malicious acto…
cobalt strike
incident response
cybersecurity
metasploit
mythic
machine learning
2025-05-14
trickbot
sandboxing
pickle files
forensics
model-based breaches
malicious ai
Published: May 14, 2025
Downloadable IOCs: 2

Real-Time Anti-Phishing: Essential Defense Against Evolving Cyber Threats

Phishing remains a prevalent cybersecurity threat, causing financial loss, data theft, and malware deployment. Attackers are expanding targets across platforms and using AI to refine techniques, making detection more challenging. Real-time anti-phishing (RTAP) solutions using AI and machine learnin…
phishing
social engineering
ai
cybersecurity
machine learning
2025-03-21
real-time anti-phishing
employee awareness
Published: March 21, 2025
Downloadable IOCs: 11

Virtue or Vice? A First Look at Paragon's Proliferating Spyware Operations

The report investigates Paragon Solutions, an Israeli spyware company founded in 2019 that sells a product called Graphite. Through infrastructure analysis, the researchers identified potential Paragon deployments in several countries. They also found evidence linking Paragon to the Canadian Ontari…
surveillance
graphite
spyware
cybersecurity
human rights
law enforcement
2025-03-19
canada
italy
zero-click exploit
Published: March 19, 2025
Downloadable IOCs: 22

Patch it up: Old vulnerabilities are everyone's problems

This analysis emphasizes the importance of addressing old vulnerabilities in software systems globally. It highlights the end of Windows 10 support in October 2025 and the risks associated with unpatched systems. The article discusses the relevance of vulnerabilities regardless of geographic locati…
CVE-2024-4577
cybersecurity
vulnerabilities
CVE-2025-22224
taowu
2025-03-14
software updates
kev
windows 10
global threats
cve
patching
Published: March 14, 2025
Downloadable IOCs: 0

The adventures of an extroverted cyber nerd and the people who help to fight the good fight

The article describes the experiences of a Senior Security Strategist at Talos, highlighting the unique blend of technical expertise and communication skills required for the role. It emphasizes the importance of supporting NGOs in cybersecurity, detailing the author's involvement with the NGO-ISAC…
phishing
cybersecurity
2024-12-06
qr code attacks
ngo
communication skills
water systems vulnerabilities
Published: December 6, 2024
Downloadable IOCs: 0

First UEFI bootkit malware for Linux discovered

A groundbreaking discovery has been made in the realm of cybersecurity: the first UEFI bootkit specifically targeting Linux systems. Named 'Bootkitty,' this proof-of-concept malware marks a significant evolution in stealthy and hard-to-remove bootkit threats. Although currently limited to certain U…
malware
linux
cybersecurity
kernel
2024-11-27
uefi
bootkit
bcdropper
ubuntu
proof-of-concept
bootkitty
bcobserver
Published: November 27, 2024
Downloadable IOCs: 0

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape

Proofpoint researchers have identified a surge in the ClickFix social engineering technique across the threat landscape. This technique uses dialogue boxes with fake error messages to trick users into copying, pasting, and running malicious content on their computers. Multiple threat actors are emp…
xworm
phishing
social engineering
powershell
darkgate
lumma stealer
asyncrat
danabot
latrodectus
netsupport
cybersecurity
clickfix
threat actors
brute ratel c4
2024-11-18
malware delivery
lucky volunteer
recaptcha phish
threat landscape
Published: November 18, 2024
Downloadable IOCs: 0

How to Improve Cyber Threat Investigations with TI Lookup

This article discusses the use of Threat Intelligence (TI) Lookup, a centralized service for threat data exploration and analysis. It highlights key features such as fast search results, extensive search parameters, and access to a large database of malware and phishing samples. The article explain…
phishing
remcos
stealc
cybersecurity
lumma
malware analysis
threat intelligence
agenttesla
yara rules
2024-11-13
darkvision
sandbox
ioc
Published: November 13, 2024
Downloadable IOCs: 0

Automatically Detecting DNS Hijacking in Passive DNS

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking …
cybersecurity
machine learning
2024-11-05
dns hijacking
passive dns
network security
threat detection
domain compromise
Published: November 5, 2024
Downloadable IOCs: 37

Exploring GenAI in Cybersecurity: Gemini for Malware Analysis

This analysis explores the application of Generative AI, specifically Google's Gemini Advanced, in malware analysis. The experiment focuses on analyzing executable files, particularly a RisePro Stealer sample. The methodology involves decompiling the malware using Ghidra and IDA Pro, then using spe…
cybersecurity
malware analysis
genai
2024-10-07
risepro stealer
decompilation
ai-assisted analysis
ida pro
ghidra
gemini
executable files
2024-10-08
Published: October 8, 2024
Downloadable IOCs: 1

Exploring Newly Released Top-Level Domains

An investigation into 19 new top-level domains (TLDs) released in the past year revealed various malicious activities, including phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and pranking campaigns. The study found a correlation between the TLDs' general av…
phishing
dns
cybersecurity
2024-09-02
domain abuse
top-level domains
graph-based detection
redirection campaigns
domain registration
torrenting
Published: September 2, 2024
Downloadable IOCs: 22

How Managed Detection and Response Pressed Pause on a Play Ransomware Attack

This report details how Trend Micro's Managed Detection and Response (MDR) service successfully thwarted a sophisticated ransomware attack orchestrated by the notorious Play ransomware group. Through continuous monitoring and expert analysis, the MDR team swiftly identified and contained the intrus…
ransomware
incident response
cybersecurity
threat analysis
2024-08-23
systembc
grixba
malware campaign
Published: August 23, 2024
Downloadable IOCs: 1

Double Trouble: Latrodectus And ACR Stealer Observed Spreading Via Google Authenticator Phishing Site

The Cyble Research and Intelligence Lab (CRIL) discovered a sophisticated phishing website mimicking Google Safety Centre, designed to trick users into downloading malware. The malware, compromising security and stealing sensitive information, drops two threats: Latrodectus, which maintains persist…
malware
phishing
stealer
latrodectus
downloader
cybersecurity
acr stealer
2024-08-20
Published: August 20, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21412, CVE-2024-21893
Downloadable IOCs: 15

BlackSuit Ransomware: Insights and Defense Strategies

This report provides an in-depth analysis of the BlackSuit ransomware, a threat that has been actively targeting various sectors since May 2023. It presents statistics from incident response engagements, explores the ransomware's behavior and technical analysis, and offers insights into the potenti…
ransomware
encryption
data exfiltration
2024-07-08
blacksuit
cybersecurity
threat analysis
Published: July 8, 2024
Downloadable IOCs: 8
Click here to see more Attack Reports