Learn about the latest cyber attacks and vulnerabilities
in our monthly Campaigns.
BluStealer, first detected in May 2021 by Twitter user James_inthe_box, is an information-stealing malware with the ability to steal cyrpto wallet data, swap crypto addresses present in the clipboard, find and steal document files, exfiltrate data through SMTP and the Telegram Bot API and more.
Recently, it’s authors decided to step up its powers by giving it the ability to bypass EDRs and evade process-based defenses. This is in addition to its existing anti-forensic and anti-VM capabilities, making BluStealer a major threat to security teams.
Explore the BluStealer Spotlight now and get to know BluStealer’s attack flow and capabilities as well as the main techniques it employs such as process hollowing and direct syscalls.
CVE-2024-38063 is a critical Remote Code Execution (RCE) vulnerability affecting the Windows TCP/IP stack systems with IPv6 enabled. This flaw allows remote code execution without […]
Master regreSSHion: Protect Your Systems from Critical Exploits RegreSSHion (CVE-2024-6387) is a severe vulnerability that grants unauthenticated attackers root privileges on vulnerable machines. This is […]
Argo CD, a popular open-source tool for managing Kubernetes applications through GitOps, has a critical security flaw. A recently discovered vulnerability, CVE-2024-31989, exposes Argo CD’s […]
Kerberos is a commonly used authentication protocol that leverages a robust ticket system to identify users. However, the system isn’t without vulnerabilities that attackers can […]
In January 2024, a critical zero-day exploit sent shockwaves through the cybersecurity landscape. Attackers targeted Ivanti products, exploiting a combination of vulnerabilities that had been […]
Quasar is a remote administration tool that allows administrators to connect to and manage remote computers. Over the years, threat actors have modified Quasar to […]
Scattered Spider is a newly discovered threat actor that targets large players in the business enterprise sector. In September of 2023, the group launched a […]
The Lazarus Group, a well-known cybercrime group from North Korea, has carried out sophisticated and large-scale attacks over the years. Its high-profile attacks have gained […]
Our latest Campaign of the Month, “APT40”, offers a deep dive into this sophisticated and malicious cyber espionage group, covering key topics and areas related […]
The Horabot botnet is a sophisticated threat that has been active for over two years, primarily focusing on targets in the Americas. It uses a […]
Over the last weeks, hundreds of organizations including 2 DOE Agencies, were impacted by ransomware attacks, as a result of the the MOVEit Transfer Vulnerability, […]
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, […]
In March 2023, Microsoft published a critical update notifying users of a vulnerability affecting Microsoft Outlook. This vulnerability (CVE-2023-23397) is exploitable by attackers on Windows-based […]
Only recently discovered, “Beep” malware is already making headlines in the world of cybersecurity. Designed to fly under the radar of security software with a […]
Agent Tesla, a leading malware threat to organizations, has the ability to steal sensitive information and is continuing to evolve and spread. It is offered […]
AWS Lambda, one of AWS’ 200 outstanding services, is an event-driven, serverless computing platform that allows you to run code for applications and backend services […]
Multifactor Authentication (MFA) is a popular and crucial security concept used by organizations worldwide. However, it is not invulnerable. A good example of threats to […]
In early August 2022, the Vietnam-based Cybersecurity company GTSC, discovered a zero-day vulnerability in the Microsoft Exchange platform, which received the name “ProxyNotShell”. The Zero […]
Metasploit is one of the most widely used exploit frameworks globally; threat actors, penetration testers and red teams alike use it, as it is completely […]
In the never-ending war between cyber criminals and defense teams across the globe, adversaries continue to develop innovative methods to penetrate organizations. One of the […]
“Tropical Scorpius”, a group of threat actors associated with the Cuba Ransomware (aka COLDDRAW), was recently observed deploying the malware with previously undocumented tactics, techniques, […]
ChromeLoader, aka, ChoziosiLoader, is part of the browser hijacker malware family and targets both Windows and macOS. First discovered in February, it is well-known in […]
Over the past few months, reports about Magniber ransomware infections have been increasing worldwide. Social engineering methods for delivering Magniber have become increasingly sophisticated over […]
On May 19th, 2022, a malware sample uploaded to VirusTotal containing malicious payload, Brute Ratel C4, went undetected by all 56 antiviruses that evaluated it. […]
Conti is a ransomware-as-a-service program and is one of the most prolific ransomwares of the past year. In what is believed to have been an […]
Out of over 200 teams, BCC Grupo Cajamar’s cyber defense team, “Blue’s Boys”, was one of only 13 teams to make it to the finals. […]
And the next stop is – root privileges! Microsoft has recently discovered several vulnerabilities, collectively referred to as Nimbuspwn. This lethal combination could allow an […]
Microsoft’s recently discovered vulnerabilities, collectively referred to as ‘Nimbuspwn’, could allow attackers to elevate privileges to root level privileges (the highest level privileges e.g., administrator) […]