Skip to content

Derek Krein

  • 55 Posts
Members Public

Cyber Threat Weekly – #13

With 483 cyber news articles combed through, the week of February 12th to the 18th was interesting to say the least.  Let’s start with a new stealthy malware using reverse proxy tools.  Execs targeted with an Azure account hijacking campaign, still ongoing.  Keeping an eye on dark LLMs.  QR

Members Public

Cyber Threat Weekly – #12

The evolving threat landscape simply doesn’t slow down, although this is a relatively light week.  Let’s start with Ivanti and yet another vulnerability.  Researchers share 2023 Ransomware leak site analysis.  JetBrains critical bug allows an unauthenticated attacker to bypass authentication checks. Volt Typhoon uses small office home office

Members Public

Cyber Threat Weekly – #11

A busy week in threat news.  Let’s start with a new ZLoader variant emerges.  An exploration of Telegram’s dark markets and a phishing expedition.  Criminals actively target network operator’s credentials.  Scanning attempts of Atlassian Confluence RCE Bug. Discovery and analysis of a new DLL Loader.  GitLab releases

Members Public

Cyber Threat Weekly – #10

This week’s newsletter is a bit lighter than earlier this month, although news volumes continue to increase.  Let’s start with exploit attempts on the critical Atlassian Confluence bug disclosed last week.  First zero-day flaw of the year for Apple.  Digging deeper into a pair of malicious traffic direction

Members Public

Cyber Threat Weekly – #9

Another busy news cycle last week.  Let’s start with potential remote code execution in over 178,000 SonicWall firewalls.  This is not good, Ivanti Connect Secure VPN now under mass exploitation.  CISA releases advisory on Androxgh0st malware.  Critical flaw in older versions of Atlassian Confluence Datacenter and Server.  First

Members Public

Cyber Threat Weekly - #8

It got busy last week, a bunch of news to cover.  Let’s start with a new extortion tactic by ransomware clown posse threat actors, cyber criminals suck.  A great piece on bullet proof hosting by Krebs.  Yet another means of extortion for ransomware victims, fake data deletion scam. Honey

Members Public

Is PikaBot the New QakBot?

Doing a bit of research, found the makings of a decent timeline.  PikaBot was first sighted by Palo Alto Unit 42 in early February 2023.  First thought to be Matanbuchus malware, turned out to be a new malware family.  It’s distributed in a similar manner to QakBot.  When first

Members Public

Cyber Threat Weekly - #7

Kicking off a new week, last week we saw several interesting threats.  Let’s start with a new variation of dynamic link library (DLL) search order hijacking technique.  Next, social engineering through LinkedIn, this is a notable trend.  Black Basta ransomware decryption tool released. Possible Cisco ASA vulnerability for sale

Members Public

Why 31337 InfoSec?

More than having fun with character sets, taunting others, or proclaiming greatness, ‘eleet’ is a mindset.  My favorite definition of 31337 is from urban dictionary:  to be elite.  One who has skills. Developing skills requires deliberate research, testing, failing forward, and diligently applying what you learn.  This is especially important

Members Public

Cyber Threat Weekly - #6

First off, Happy New Year, and so it begins…  a new start to another year.  Got to remember to use 2024 instead of 2023.  Let’s begin with Carbanak is back and has been observed in ransomware attacks.  Poorly secured Linux SSH servers actively attacked.  A new version of Medusa