Today > 5 Critical | 8 High | 34 Medium vulnerabilities - You can now download lists of IOCs here!
7 attack reports | 0 vulnerabilities
The New OceanLotus group has reactivated after a year, employing a novel tactic of MSI file misuse. This APT campaign, targeting a domestic governmental enterprise, marks the first observed use of the MSI TRANSFORMS technique by an APT group. The attack utilizes a legitimate Microsoft installation …
A security flaw in Windows 7 and Server 2008 R2 allows kernel shellcode to be hidden in the registry and executed during boot, despite patches. This vulnerability was exploited in a 2018 targeted attack. The SAS CTF challenge involved analyzing this technique, which uses buffer overflows in DirectX…
This report delves into the technical aspects of the NOOPDOOR and NOOPLDR malwares employed by the APT10 threat actor in the Cuckoo Spear campaign. The analysis reveals how these tools operate and the potential risks they pose, helping cybersecurity professionals better understand and defend agains…
FortiGuard Labs recently encountered an ongoing malware campaign specifically targeting Chinese speakers. The attack utilizes a multi-stage malware named ValleyRAT, which employs diverse techniques to monitor and control victims while deploying arbitrary plugins. A notable characteristic is its hea…
The report details a ransomware campaign that modifies legitimate security software files from vendors like Sophos, AVG, BitDefender, Emsisoft, and Microsoft by overwriting their entry-point code and inserting decrypted payloads as resources. This allows the malicious files to masquerade as trusted…
This analysis examines the types of malicious payloads that attackers embed within Microsoft OneNote files to deceive users into executing malicious code. By analyzing approximately 6,000 malicious OneNote samples, it reveals that attackers frequently employ images resembling buttons to lure victim…
A malicious campaign has been discovered that exploits the legitimate GoTo Meeting online conferencing software to deploy the Remcos remote access trojan (RAT). The attack chain involves utilizing lures like porn downloads, software setup files, and tax forms with Russian and English file names. It…