Exploring the Inner Workings of DuckTail

In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility Read More …

Multiple Threats Target Adobe ColdFusion Vulnerabilities

This past July, Adobe responded to reports of exploits targeting pre-authentication remote code execution (RCE) vulnerabilities in their ColdFusion solution by releasing a series of security updates: APSB23-40, APSB23-41, and APSB23-47. An in-depth analysis of those exploits has been documented Read More …

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)

On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. Over the course of this follow up blog post, Mandiant researchers will detail how UNC4841 has Read More …

CISA Releases IOCs Associated with Malicious Barracuda Activity

CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as Read More …

Deconstructing ransomware, cybercriminals and their modus operandi

The problem of ransomware is a seemingly age-old problem that is not going away, at least not any time soon. Governments and law enforcement are banding together to try to battle this issue with financial sanctions and takedowns of the Read More …

Leaseweb trying to restore service following cyberattack

Cloud provider Leaseweb was forced to take some of its critical systems down to mitigate the effects of an ongoing cyberattack. One of the world’s largest cloud and hosting providers, Leasweb contacted its customers to alert them it spotted “unusual” Read More …

Poland investigates cyber-attack on rail network

Polish intelligence services are investigating a hacking attack on the country’s railways, Polish media say. Hackers broke into railway frequencies to disrupt traffic in the north-west of the country overnight, the Polish Press Agency (PAP) reported on Saturday. The signals Read More …

UK: Metropolitan Police on red alert after details of officers and staff hacked in massive security breach

The Metropolitan Police were on red alert tonight after details of officers and staff were hacked in a massive security breach. All 47,000 personnel were warned of the risk their photos, names and ranks had been stolen when cyber crooks Read More …