GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that Read More …

Bangkok Airways apologizes for passport info breach as LockBit ransomware group threatens data leak

Bangkok Airways has apologized for a data breach involving passport information and other personal data in a statement to customers. The company said that it discovered a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system” Read More …

Operation TunnelSnake

Formerly unknown rootkit used to secretly control networks of regional organizations Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Usually deployed as drivers, such implants have Read More …

New Malware Family Uses Custom UDP Protocol for C&C Communications

Security researchers have uncovered a new highly-targeted cyber espionage campaign, which is believed to be associated with a hacking group behind KHRAT backdoor Trojan and has been targeting organizations in South East Asia. According to researchers from Palo Alto, the hacking Read More …