Learn about the latest cyber attacks and vulnerabilities
in our monthly Campaigns.
In January 2024, a critical zero-day exploit sent shockwaves through the cybersecurity landscape. Attackers targeted Ivanti products, exploiting a combination of vulnerabilities that had been published in a company update. Attackers leveraged the attacks, before the updates were implemented, and unleashed devastating widespread attacks worldwide.
In our “Ivanti Zero-Day Combo” Campaign of the Month, we provide deeper insight into the attack, exploring and highlighting the vulnerabilities and relevant attack methods it leveraged.
CVE-2024-38063 is a critical Remote Code Execution (RCE) vulnerability affecting the Windows TCP/IP stack systems with IPv6 enabled. This flaw allows remote code execution without […]
Master regreSSHion: Protect Your Systems from Critical Exploits RegreSSHion (CVE-2024-6387) is a severe vulnerability that grants unauthenticated attackers root privileges on vulnerable machines. This is […]
Argo CD, a popular open-source tool for managing Kubernetes applications through GitOps, has a critical security flaw. A recently discovered vulnerability, CVE-2024-31989, exposes Argo CD’s […]
Kerberos is a commonly used authentication protocol that leverages a robust ticket system to identify users. However, the system isn’t without vulnerabilities that attackers can […]
Quasar is a remote administration tool that allows administrators to connect to and manage remote computers. Over the years, threat actors have modified Quasar to […]
Scattered Spider is a newly discovered threat actor that targets large players in the business enterprise sector. In September of 2023, the group launched a […]
The Lazarus Group, a well-known cybercrime group from North Korea, has carried out sophisticated and large-scale attacks over the years. Its high-profile attacks have gained […]
Our latest Campaign of the Month, “APT40”, offers a deep dive into this sophisticated and malicious cyber espionage group, covering key topics and areas related […]
The Horabot botnet is a sophisticated threat that has been active for over two years, primarily focusing on targets in the Americas. It uses a […]
Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]
In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]
Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]
Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]
AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]
Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]
In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]
Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely […]
In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]
“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]
ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]
Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]
On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]
BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses […]
Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]
Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]
And the next stop is – root privileges! Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]