Learn about the latest cyber attacks and vulnerabilities
in our monthly Campaigns.
Matanbuchus is a malware-as-a-service that first surfaced back in 2021 but has since resurfaced; threat researchers recently discovered a malicious phishing campaign that spreads the malware in order to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing product that is also widely used by threat actors.
Like other malware loaders, Matanbuchus is engineered to download and execute other executables on the target system, evading detection and opening the way to wider exploitation. Matanbuchus’ capabilities are extensive and include the ability to launch a .exe or .dll directly to memory, add or modify task schedules, launch customer PowerShell commands, and leverage a standalone executable to load malicious DLLs.
It’s an extremely dangers malware and can drop tons of threats on compromised systems. Explore the Matanbuchus Spotlight and learn more about this menacing malware.
And the next stop is – root privileges! Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]
Banshee InfoStealer: The Threat You Can’t Ignore A Next-Gen Malware Demands Next-Level Defense: Banshee InfoStealer is rewriting the rules with stealth tactics that evade even […]
Spotlight on APT44 (Sandworm): Defend Against a Notorious Threat APT44—also known as Sandworm, ELECTRUM, and VOODOO BEAR—is a destructive threat group linked to Russia’s Unit […]
Inside This Campaign: Stay Ahead of Emerging ThreatsDiscover Fancy Bear (APT28)•Who they are: A Russian cyber-espionage group linked to military intelligence.•Their mission: Advanced geopolitical intelligence […]
Discover & Defend: Apache OFBiz SpotlightUncover the critical vulnerability lurking in Apache OFBiz, the open-source ERP system at the core of Atlassian JIRA, used by […]
Stay Ahead of the PG_MEM Malware Threat! Protect Your PostgreSQL Servers Today. The PG_MEM Malware is a growing threat targeting PostgreSQL databases. Weak security practices, […]
CVE-2024-38063 is a critical Remote Code Execution (RCE) vulnerability affecting the Windows TCP/IP stack systems with IPv6 enabled. This flaw allows remote code execution without […]
Master regreSSHion: Protect Your Systems from Critical Exploits RegreSSHion (CVE-2024-6387) is a severe vulnerability that grants unauthenticated attackers root privileges on vulnerable machines. This is […]
Argo CD, a popular open-source tool for managing Kubernetes applications through GitOps, has a critical security flaw. A recently discovered vulnerability, CVE-2024-31989, exposes Argo CD’s […]
Kerberos is a commonly used authentication protocol that leverages a robust ticket system to identify users. However, the system isn’t without vulnerabilities that attackers can […]
In January 2024, a critical zero-day exploit sent shockwaves through the cybersecurity landscape. Attackers targeted Ivanti products, exploiting a combination of vulnerabilities that had been […]
Quasar is a remote administration tool that allows administrators to connect to and manage remote computers. Over the years, threat actors have modified Quasar to […]
Scattered Spider is a newly discovered threat actor that targets large players in the business enterprise sector. In September of 2023, the group launched a […]
The Lazarus Group, a well-known cybercrime group from North Korea, has carried out sophisticated and large-scale attacks over the years. Its high-profile attacks have gained […]
Our latest Campaign of the Month, “APT40”, offers a deep dive into this sophisticated and malicious cyber espionage group, covering key topics and areas related […]
The Horabot botnet is a sophisticated threat that has been active for over two years, primarily focusing on targets in the Americas. It uses a […]
Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]
In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]
Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]
Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]
AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]
Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]
In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]
Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely […]
In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]
“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]
ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]
Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]
On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]
BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses […]
Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]
Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]
And the next stop is – root privileges! Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]
Banshee InfoStealer: The Threat You Can’t Ignore A Next-Gen Malware Demands Next-Level Defense: Banshee InfoStealer is rewriting the rules with stealth tactics that evade even […]
Spotlight on APT44 (Sandworm): Defend Against a Notorious Threat APT44—also known as Sandworm, ELECTRUM, and VOODOO BEAR—is a destructive threat group linked to Russia’s Unit […]
Inside This Campaign: Stay Ahead of Emerging ThreatsDiscover Fancy Bear (APT28)•Who they are: A Russian cyber-espionage group linked to military intelligence.•Their mission: Advanced geopolitical intelligence […]
