Collaborate Disseminate
TL;DR JavaScriptCore (JSC) is the JavaScript engine used by Safari, Mail, App Store and many other apps in MacOs. The JSC engine is responsible for executing every line of JavaScript (JS) that needs to be…
The post The Mysterious Realm of JavaScriptC… Continue reading The Mysterious Realm of JavaScriptCore
Lately, we’ve been busy researching the developing field of cloud and container threats. Why focus here? Because, as this technology becomes more popular and continues to evolve, attackers are also evolving their techniques to infiltrate…
The post Ki… Continue reading Kinsing: The Malware with Two Faces
TL/DR Qualys has reported that Sudo, before 1.9.4p2, has a heap-based buffer overflow vulnerability that allows privileged escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Detecting a success… Continue reading How to Audit and Test for Sudo’s CVE-2021-3156 with LogRhythm
Imagine there’s an attacker lurking inside your network right now. Do you have the ability to find out and respond before they can cause harm? Now imagine your adversary has privileged access to virtually every file…
The post The Anatomy of the Solar… Continue reading The Anatomy of the SolarWinds Attack Chain
Sextortion is an emerging online scam that takes advantage of people’s fear that their most intimate moments will be exposed to the public. They usually come in the form of emails, which are not only dangerous and unsettling but can have serious real-w… Continue reading Sextortion Email Scams | Avast
Introduction
Egregor is considered to be one of the most prolific ransomware threat groups. Yet it gained this reputation in a very short time due to its uncompromising double extortion methodology.
The post Egregor Ransomware Adopting New Techni… Continue reading Egregor Ransomware Adopting New Techniques
Introduction
In this post, we will be covering CinaRAT loader`s evasive TTPs (tactics, techniques, and procedures) as have been identified and prevented by Morphisec’s zero-trust endpoint security solution, powered by moving target defense technol… Continue reading CinaRAT Resurfaces With New Evasive Tactics and Techniques
With so much of daily life tethered to digital communication and most of our important information residing in data clouds, we’ve all got a lot riding in this virtual atmosphere. So naturally, the seemingly endless…
The post Breach of Trust: How Cybe… Continue reading Breach of Trust: How Cyber-Espionage Thrives On Human Nature
2020 has witnessed an uptick in ransomware attacks targeting hospitals and healthcare facilities. See, for example, C5 Capital Founder André Pienaar’s account of a ransomware attack in the early days of COVID-19 in the U.K. Another high-profile in… Continue reading The ransomware threat to the healthcare sector
Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer Credential theft malware continues to be one of the most prevalent types of malware used in cyber attacks. The main objective of nearly all…
The post Meet Oski Stealer: An In-d… Continue reading Meet Oski Stealer: An In-depth Analysis of the Popular Credential Stealer