reports

BumbleBee a New Modular Backdoor Evolved From BookWorm

Posted on September 2, 2022September 2, 2022 by Admin

BumbleBee a New Modular Backdoor Evolved From BookWorm Malware In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. By: Vickie Su, Ted Lee, Nick Dai September 02, 2022 Read time: ( words) In March 2021, we investigated a backdoor with a unique modular architecture and…

New Golang Ransomware Agenda Customizes Attacks

Posted on August 25, 2022August 25, 2022 by Admin

Analysis and notable features The Agenda ransomware is a 64-bit Windows PE file written in Go. Go programs are cross-platform and completely standalone, meaning they will execute properly even without a Go interpreter installed on a system. This is possible since Go statically compiles necessary libraries (packages). Upon execution, this ransomware accepts various command-line arguments that define the malware flow and functionality, as listed in the table below. Argument Description -alter {int} Defines the port number…

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

Posted on August 24, 2022August 24, 2022 by Admin

The mhyprot2.sys driver that was found in this sequence was the one built in August 2020. Going back to social media streams, we can see that shortly after Genshin Impact was released in September 2020, this module was discussed in the gaming community because it was not removed even after the game was uninstalled and because it allowed bypassing of privileges. A PoC, provided by user kagurazakasanae, showed that a library terminated 360 Total Security….

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Posted on August 17, 2022August 17, 2022 by Admin

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets Cloud While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows. By: David Fiser, Alfredo Oliveira August 17, 2022 Read time: ( words) The use of environment variables is a common practice in the DevOps community as it provides easy access to configuration properties. It comes in handy…

Oil and Gas Cybersecurity: Recommendations Part 3

Posted on August 15, 2022August 15, 2022 by Admin

Oil and Gas Cybersecurity: Recommendations Part 3 Cyber Threats In the final part of our series, we look at the APT33 case study and several recommendations from our expert team. By: Trend Micro August 15, 2022 Read time: ( words) The oil and gas industry continues to be a prime target for threat actors who want to disrupt the operation and wreak havoc. In part two, we discussed various threats that can affect an oil…

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

Posted on August 12, 2022August 12, 2022 by Admin

We confirmed that both the legitimate and the malicious versions of the chat installer were unsigned, which means the users of MiMi chat were probably used to all these extra steps to finally install the application despite all the macOS watchguards. HyperBro The HyperBro malware family has been around since 2017 and has been extensively analyzed. It was updated in mid-2019, which we described in detail in our Operation DRBControl paper. The version used in…

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

Posted on August 11, 2022August 11, 2022 by Admin

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies Malware We tracked the latest deployment of the group behind CopperStealer, this time stealing cryptocurrencies and users’ wallet account information via a malicious Chromium-based browser extension. By: Jaromir Horejsi, Joseph C Chen August 11, 2022 Read time: ( words) We published our analyses on CopperStealer distributing malware by abusing various components such as browser stealer, adware browser extension, or remote desktop. Tracking the cybercriminal group’s latest…

Oil and Gas Cybersecurity: Threats Part 2

Posted on August 11, 2022August 13, 2022 by Admin

Oil and Gas Cybersecurity: Threats Part 2 Cyber Threats In part two of our oil and gas series, we look at more threats that can expose the industry to cyberattacks. By: Trend Micro August 11, 2022 Read time: ( words) The Russia-Ukraine war has posed threats to the oil and gas industry. Our team even uncovered several alleged attacks perpetrated by various groups during a March 2022 research. In part one, we exhibit how a…

« 1 … 10 11 12 13 14 … 27 »

BumbleBee a New Modular Backdoor Evolved From BookWorm

New Golang Ransomware Agenda Customizes Attacks

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

Oil and Gas Cybersecurity: Recommendations Part 3

Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users

CopperStealer Distributes Malicious Chromium-based Browser Extension to Steal Cryptocurrencies

Oil and Gas Cybersecurity: Threats Part 2

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)