Ransomware actor exploits unsupported ColdFusion servers – but comes away empty-handed

Servers are always a point of interest for threat actors as they are one of the most efficient attack vectors to penetrate an organization. Server-related accounts often have the highest privilege levels, making lateral movement to other machines in the Read More …

APT10: Tracking down LODEINFO 2022, part I

Kaspersky has been tracking activities involving the LODEINFO malware family since 2019, looking for new modifications and thoroughly investigating any attacks utilizing those new variants. LODEINFO is sophisticated fileless malware first named in a blogpost from JPCERT/CC in February 2020. Read More …

Water Basilisk Uses New HCrypt Variant to Flood Victims with RAT Payloads

A fileless campaign that used a new HCrypt variant to distribute numerous remote access trojans (RATs) in victim systems uses a newer obfuscation mechanism compared to what has been observed in past reports. It reached the peak of activity in Read More …

Negasteal Uses Hastebin for Fileless Delivery of Crysis Ransomware

Trend Micro researchers have recently encountered a Negasteal (also known as Agent Tesla) variant that used hastebin for the fileless delivery of the Crysis (also known as Dharma) ransomware. This is the first time that we have observed Negasteal with Read More …

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, Read More …