New Campaign Targeting Apache Struts 2, WebLogic Deploys Malware Using VBScript

Article / Jun 21, 2018

By liron segal

With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

Article / Apr 12, 2018

By andrey shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

Article / Mar 28, 2018

By andrey shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

Article / Mar 8, 2018

By andrey shalnev

The rTorrent XML-RPC function configuration error targeted to mine Monero in February was also targeted in January in a campaign to spoof user-agents for RIAA and NYU.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

Article / Feb 28, 2018

By andrey shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

Ramnit Goes on a Holiday Shopping Spree, Targeting Retailers and Banks

Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)

By doron voolf

Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.

New Python-Based Crypto-Miner Botnet Flying Under the Radar

Article / Jan 3, 2018 (MODIFIED: Jan 25, 2018)

By maxim zavodchik liron segal aaron brailsford

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

Zealot: New Apache Struts Campaign Uses EternalBlue and EternalSynergy to Mine Monero on Internal Networks

Article / Dec 15, 2017 (MODIFIED: Jan 18, 2018)

By maxim zavodchik liron segal

Zealot Apache Struts campaign targets vulnerabilities in Windows, Linux, and DotNetNuke, then uses leaked NSA exploits to mine Monero on internal networks.

Academic Research: A Survey of Email Attacks

Article / Oct 31, 2017 (MODIFIED: Dec 14, 2017)

By david hammerstrom sara mcgarvey russel parham kyle uecker anthony wade

Email has become such an ordinary part of our daily lives that we can forget how vulnerable it is.

Academic Research: Web Application Attacks

Article / Oct 10, 2017 (MODIFIED: Nov 9, 2017)

By andrew cox daniel freese matthew martin daniel massie

Personally identifiable information and user credentials are the primary nuggets attackers are after when they exploit known vulnerabilities in web applications.

Trickbot Rapidly Expands its Targets in August, Shifting Focus to US Banks and Credit Card Companies

Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)

By sara boddy jesse smith doron voolf

TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.

Trickbot Focuses on Wealth Management Services from its Dyre Core

Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)

By doron voolf sara boddy jesse smith

As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.

Doxing, DoS, and Defacement: Today’s Mainstream Hacktivism Tools

Article / Apr 12, 2017 (MODIFIED: Jul 6, 2017)

By ray pompon

Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)

By doron voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

From DDoS to Server Ransomware: Apache Struts 2 – CVE-2017-5638 Campaign

Article / Mar 27, 2017 (MODIFIED: Jul 24, 2017)

By maxim zavodchik ilya chernyakov julia karpin dylan syme

It is amazing how quickly threat actors using old web vulnerabilities in their campaigns can adapt and switch to new zero-days to deliver the same payloads.

DNS Is Still the Achilles’ Heel of the Internet

Article / Mar 10, 2017 (MODIFIED: Jul 24, 2017)

By ray pompon

Since the Internet can’t survive without DNS, let’s make our best effort to defend it.

How Three Low-Risk Vulnerabilities Become One High

Article / Feb 13, 2017 (MODIFIED: Jan 12, 2018)

By keiron shepherd ray pompon

It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.

Old Protocols, New Exploits: LDAP Unwittingly Serves DDoS Amplification Attacks

Article / Nov 15, 2016 (MODIFIED: Jul 6, 2017)

By liron segal

A new DDoS attack vector that leverages LDAP for reflection-amplification attacks is seeing increased usage.

Follow us on social media.