News • Insights • Analysis
A version-rollback vulnerability has been discovered by a cybersecurity researcher that allows a fully patched Windows machine to be downgraded to older version, allowing the exploitation of previously patched zero-days and vulnerabilities. Alon Leviev unveiled his findings at Black Hat Read More …
Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution. Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would Read More …
On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Their investigation identified that the suspicious behavior was emanating from the installation of Notezilla, a program that allows for the creation of sticky notes Read More …
Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Read More …
In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused on the group’s attacks on Read More …
The original purpose of BitLocker is to address the risks of data theft or exposure from lost, stolen, or improperly decommissioned devices. Nonetheless, threat actors have found out that this mechanism can be repurposed for malicious ends to great effect. Read More …
In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild. While searching for samples related to Read More …
An integer overflow vulnerability exists in the Libarchive library included in Microsoft Windows. The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of Read More …
Attacks with a Conti ransomware code-based backdoor have been deployed by the new Muliaka ransomware operation against businesses across Russia since at least December, according to The Record, a news site by cybersecurity firm Recorded Future. Windows systems and VMware Read More …
In January 2024, FortiGuard Labs collected a PDF file written in Portuguese that distributes a multi-functional malware known as Byakugan. The PDF image shows a blurred table and asks the victim to click the malicious link on the PDF file Read More …
