endpoints

A Look Into Purple Fox’s Server Infrastructure

Posted on December 13, 2021December 16, 2021 by Admin

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Posted on December 3, 2021December 19, 2021 by Admin

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. By: Nitesh Surana December 03, 2021 Read time: ( words) Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this…

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Posted on November 23, 2021December 20, 2021 by Admin

Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies’ limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions — such as sandboxes — which may implement file…

QAKBOT Loader Returns With New Techniques and Tools

Posted on November 13, 2021December 25, 2021 by Admin

QAKBOT Loader Returns With New Techniques and Tools Malware QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using. By: Ian Kenefick, Vladimir Kropotov November 13, 2021 Read time: ( words) QAKBOT is a prevalent information-stealing malware that was first discovered…

This Week in Security News – November 12, 2021

Posted on November 12, 2021December 25, 2021 by Admin

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the prolific cybermercenaries, Void Balaur, and their recent attacks. Also, read on the 80-country agreement to mobilize safeguards against cyberattacks. Read on: Void Balaur and the Rise of the Cybermercenary Industry One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threat actor group that…

« 1 … 9 10 11

A Look Into Purple Fox’s Server Infrastructure

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

QAKBOT Loader Returns With New Techniques and Tools

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)