New Ramsay Malware That Can Breach Air Gapped Networks
Researchers from cyber-security firm ESET announced today that they discovered a never-before-seen malware framework with advanced capabilities that are rarely seen today.
Named Ramsay, ESET says this malware toolkit appears...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type
of threat actor, from red teamers to FIN groups to APTs. In this blog
post, we will discuss "VBA Purging", a...
Google Play Malware Spies On Users For Years
Kaspersky Lab experts have warned of the ongoing PhantomLance malware campaign, in which malicious applications in the Google Play Store secretly spy and steal user data on Android devices.
According to experts,...
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
A review of what's changed in malware in 2022, and what hasn't, based on Adam Kujawa's talk at RSAC 2022.
Earlier this year Malwarebytes released its 2022 Threat Review,...
Unauthorized Access of FireEye Red Team Tools
Overview
A highly sophisticated state-sponsored adversary stole FireEye Red Team tools. Because we believe that an adversary possesses these tools, and we do not know whether the attacker intends to...
Abusing Replication: Stealing AD FS Secrets Over the Network
Organizations are increasingly adopting cloud-based services such as Microsoft 365 to host applications and data. Sophisticated threat actors are catching on and Mandiant has observed an increased focus on...
This Chat is Being Recorded: Egregor Ransomware Negotiations Uncovered
July 21, 2021 | By Chris Caridi co-authored by Allison Wikoff | 8 min read
Ransomware attacks are topping the charts as the most common attack type to target organizations with a constant drumbeat of attacks impacting industries...
Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this...
German users targeted with Gootkit banker or REvil ransomware
After a noted absence, the Gootkit banking Trojan returns en masse to hit Germany. In an interesting twist, some of the victims may receive ransomware instead.
This blog post...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...
