Threat actors found their new favorite channel, LOLBins, to hide malicious activities from security providers and solutions. The Living Off the Land Binaries, or LOLBins, can be dangerous and challenging for security detections since they are tools that are trusted by security solutions. Since they are charged, they tend to bypass AV solutions and security...Continue Reading
An SEO poisoning attack is seen distributing the Atera Agent and Batloader malware which threat actors initiated to target professionals seeking productive tools such as TeamViewer, Visual Studio, and Zoom. Experts stated that the threat actors push SEO strategies to poison Google search results by ranking fake sites as the most searched keywords. In this...Continue Reading
Researchers discovered a new ransomware operation called DeadBolt which already impacted many QNAP NAS devices by encrypting its data. According to the latest reports, ransomware has already targeted and affected approximately 3,600 QNAP devices worldwide. The DeadBolt threat actors exploit a zero-day flaw to infect and compromise QNAP devices and encrypt files using their ransomware....Continue Reading
UpdateAgent, a macOS malware, was discovered propagating for a year. Researchers said that the malware started infecting macOS users a few years ago as a standard infostealer malware and nothing more. Unfortunately, the malware has been busy upgrading itself since its operators are non-stop developing its features. According to researchers, UpdateAgent has new functionalities never...Continue Reading
The TrickBot group has added new features to their obfuscation mechanics to counteract security groups’ identification rampage. According to analysts, multiple added layers of obfuscation and protection have been employed by its operators to their injections then utilised in many online banking frauds. Researchers analysed the most up-to-date anti-analysis features and injections of TrickBot to...Continue Reading
Security experts revealed that the North Korea-based threat group Konni RAT has upgraded its techniques and expanded its attack surface to target several political institutions in neighbouring countries like South Korea and Russia. The researchers managed to identify the new tricks of Konni after analysing the newly developed Konni RAT samples. Based on the analysis,...Continue Reading
Several cybersecurity firms continue to raise red flags regarding threat actors who use the Log4j critical flaw – Log4Shell – in their malicious activities. According to the researchers, they have observed several attacks that have been actively exploiting the vulnerability. In the past couple of months, various security firms released an advisory regarding threat actors...Continue Reading
A state-backed cybercriminal group called OceanLotus, also known as APT32, exploits the web archive file format to avoid detection from security solutions while distributing malware to intrude in target devices. The recent report of a cybersecurity researcher claims that the state-sponsored hackers are actively utilising the web archive files [.]MHTML, and [.]MHT for its campaign....Continue Reading
TellYouThePass ransomware has reemerged in the cybercriminal scene with an attack capability of utilising the Go language (Golang) added to its malicious arsenal. According to researchers, Golang can help ransomware groups target many operating systems, including Windows. A recent report also revealed a code-level change in the ransomware, making it effortless to compile for platforms...Continue Reading
Recent investigations revealed that a malware campaign performed by unknown threat actors had distributed a trojanized version of the [.]NET app called dnSpy. Threat actors have yet again proven that nobody is safe from cyberattacks since they operated a malware campaign that terrorizes researchers, analysts, and developers. The dnSpy is a prominent debugger and [.]NET...Continue Reading
