Tag: Post-exploitation
Threat Actors Team Up for Post-Holiday Phishing Email Surge
Last week, two different threat actors teamed up to send thousands of post-holiday-break phishing emails destined for North American organizations.Other than volume, the campaign...
Breaking News
Web Shells Gain Sophistication for Stealth, Persistence
Web shells, a common type of post-exploitation tool that provides easy-to-use interface through which to issue commands to a compromised server, have become increasingly...
Gootloader Aims Malicious, Custom Bot Army at Enterprise Networks
The Gootloader Group, previously known only as an initial access broker (IAB) and malware operator, has unleashed a destructive new post-compromise tool, GootBot, which...
As Citrix Urges Its Clients to Patch, Researchers Release an Exploit
A critical security update is now available for the latest high-profile Citrix NetScaler vulnerability. But so is an exploit. And in some cases, the...
Stealth Falcon preying over Middle Eastern skies with Deadglyph
For years, the Middle East has maintained its reputation as a fertile ground for advanced persistent threats (APTs). In the midst of routine monitoring...
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor
ESET researchers discovered a Ballistic Bobcat campaign targeting various entities in Brazil, Israel, and the United Arab Emirates, using a novel backdoor we have...
‘Whiffy Recon’ Malware Transmits Device Location Every 60 Seconds
Researchers have uncovered the "Whiffy Recon" malware being deployed by the SmokeLoader botnet, which is a customized Wi-Fi scanning executable for Windows systems that...
Banks In Attackers’ Crosshairs, Via Open Source Software Supply Chain
In two separate incidents, threat actors recently tried to introduce malware into the software development environment at two different banks via poisoned packages on...
Microsoft Azure VMs Hijacked in Cloud Cyberattack
A threat actor known for targeting Microsoft cloud environments now is employing the serial console feature on Azure virtual machines (VMs) to hijack the...
Attackers Abuse PaperCut RCE Flaws to Take Over Enterprise Print Servers
Security researchers have revealed new details about how attackers are exploiting two flaws in the PaperCut enterprise print management system — used by more...
Microsoft, Fortra & Health-ISAC Team Up to Remove Illicit Cobalt Strike Tools
Microsoft's Digital Crimes Unit (DCU), security software vendor Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC), have joined forces to remove cracked...
Okta Post-Exploitation Method Exposes User Passwords
A post-exploitation attack method has been uncovered that allows adversaries to read cleartext user passwords for Okta, the identity access and management (IAM) provider...
MagicWeb Mystery Highlights Nobelium Attacker’s Sophistication
Microsoft has tracked down a sophisticated authentication bypass for Active Directory Federated Services (AD FS), pioneered by the Russia-linked Nobelium group. The malware that allowed...