Skip to content

Blog

Members Public

Is PikaBot the New QakBot?

Doing a bit of research, found the makings of a decent timeline.  PikaBot was first sighted by Palo Alto Unit 42 in early February 2023.  First thought to be Matanbuchus malware, turned out to be a new malware family.  It’s distributed in a similar manner to QakBot.  When first

Members Public

Cyber Threat Weekly - #7

Kicking off a new week, last week we saw several interesting threats.  Let’s start with a new variation of dynamic link library (DLL) search order hijacking technique.  Next, social engineering through LinkedIn, this is a notable trend.  Black Basta ransomware decryption tool released. Possible Cisco ASA vulnerability for sale

Members Public

Why 31337 InfoSec?

More than having fun with character sets, taunting others, or proclaiming greatness, ‘eleet’ is a mindset.  My favorite definition of 31337 is from urban dictionary:  to be elite.  One who has skills. Developing skills requires deliberate research, testing, failing forward, and diligently applying what you learn.  This is especially important

Members Public

Cyber Threat Weekly - #6

First off, Happy New Year, and so it begins…  a new start to another year.  Got to remember to use 2024 instead of 2023.  Let’s begin with Carbanak is back and has been observed in ransomware attacks.  Poorly secured Linux SSH servers actively attacked.  A new version of Medusa

Members Public

Cyber Threat Weekly - #5

Wishing you Happy Holidays, a Merry Christmas, a Happy New Year, all the things.  Kicking it off, over a 3-month period, Blackberry found there was a 70% increase in unique malware hashes from the previous reporting period, about 2.9 unique samples per minute.  A Smishing gang has recently changed

Members Public

Cyber Threat Weekly - #4

As the Threat Landscape continues to evolve…  We continue to track the latest threat trends and adversary behavioral patterns.  Kicking off this week, researchers uncover links between the Sandman threat group and the Chinese government.  Next, Lazarus Group (North Korea) is exploiting vulnerable Internet facing servers using Log4Shell (CVE-2021-44228) and

Members Public

Cyber Threat Weekly - #3

We got quite a bit to cover this week…  Let’s start with malvertising to deploy DanaBot leading to CACTUS ransomware.  A botnet uncovered by Palo Alto is upping its game.  A Russian APT abusing CVE-2023-23397 and other vulnerabilities.  Proofpoint tracking similar behavior from nation state threat actor.  To keep

Members Public

Cyber Threat Weekly - #2

Last week we saw some cyber threat patterns and this week they continue.  Quite a bit to cover, let’s start with Google Chrome zero-day, now fixed, under active exploitation.  Next up, ownCloud bugs mentioned last week are being exploited in the wild.  Defender Application Guard for Office and Windows.

Members Public

Cyber Threat Weekly - #1

This week let's start with an information stealer with a novel anti-sandbox technique, using trigonometry to detect human behavior.  Multiple APT groups are exploiting a WinRAR vulnerability.  Cl0p’s mass exploitation of MOVEit vulnerabilities is the gift that keeps on giving.  The legitimate NetSupport Manager being used for