Denial Of Service Vulnerability in VMWare Workstation 15
Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered a denial-of-service vulnerability in VMware Workstation 15.
VMware allows users to set up virtual machines and...
The FBI, DHS & CISA Top 10 Most Exploited Vulnerabilities
Two US cyber-security agencies published this week a list of the top 10 most commonly exploited software vulnerabilities across the last four years, between 2016 and 2019.
The report, authored...
Detecting Microsoft 365 and Azure Active Directory Backdoors
Mandiant has seen an uptick in incidents involving Microsoft 365 (M365) and Azure Active Directory (Azure AD). Most of these incidents are the result of a phishing email coercing...
New Snort & ClamAV Detection Signatures For Cobal Strike
New Snort, ClamAV coverage strikes back against Cobalt Strike
By Nick Mavis. Editing by Joe Marshall and Jon Munshaw.
Cisco Talos is releasing a new research paper called “The Art and Science...
How to Protect Your Crypto from Cyber Attacks During Covid
The 1997 indie horror movie Cube posited a dystopic future where unwilling prisoners are systematically dismembered by a high-tech prison. The SARS-CoV-2 pandemic has created an environment for a similar virtualized...
Hunting for exploits by looking for the author’s fingerprints
Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
Research by: Itay Cohen, Eyal Itkin
In the past months, our Vulnerability and Malware Research teams joined efforts...
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication
FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic...
Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine
Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new...
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
Executive Summary
In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository.
SUNSHUTTLE is a second-stage backdoor written in GoLang that...
Using Speakeasy Emulation Framework Programmatically to Unpack Malware
Andrew Davis recently announced the public release of his new Windows emulation framework named Speakeasy. While the introductory blog post focused on using Speakeasy as an automated malware sandbox...
