Trickbot Expands Its Attack Methods

The operators of TrickBot malware have resurfaced with new tricks that aim to increase its foothold by expanding its distribution channels, ultimately leading to the deployment of ransomware such as…

FIN 12 – Financial Threat Actor

A financially motivated threat actor has been identified as linked to a string of RYUK ransomware attack, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available…
ZuRu Exploits Baidu

ZuRu Exploits Baidu

A new Mac malware dubbed ZuRu, has been detected spreading via poisoned search engine results in China via Baidu. The criminals masquerade as iTerm2, which is an alternative to the…

Vermilion Cobalt Strike

Security researchers have identified a reimplementation of the infamous Cobalt Strike Beacon payload, which features completely new code. Dubbed Vermilion Strike, the malware can be used to target Linux and Windows devices…
BlueLight Payload

BlueLight Payload

Researchers from Volexity recently investigated a Strategic Web Compromise of the Daily NK website by InkySquid. The targeted site is an online newspaper based in South Korea that posts news…
Cobalt Strike takes down bots

Cobalt Strike takes down bots

Cybersecurity experts have found Cobalt Strike (DoS) exploit that allows Beacon blocking C2 communication deployments and new channels. Cobalt Strike is a genuine penetration testing tool built to work as…
Kaseya VSA Fake Update

Kaseya VSA Fake Update

Threat actors are trying to capitalize on the ongoing Kaseya ransomware attack crisis by targeting potential victims in a spam campaign pushing Cobalt Strike payloads disguised as Kaseya VSA security…
Mongolian CA Compromised

Mongolian CA Compromised

MonPass major CA appears to have been breached at least six months ago, with the attackers returning to a compromised public web server approximately eight times. The attackers backdoored installers…