Article / Jun 21, 2018
With the vast availability of new exploits and the competition for victims’ resources, the multi-exploit trend continues to be popular among attackers.
Article / May 9, 2018
Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.
Article / Apr 12, 2018
Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.
Article / Apr 6, 2018
The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.
Article / Mar 28, 2018
Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.
Article / Mar 8, 2018
The rTorrent XML-RPC function configuration error targeted to mine Monero in February was also targeted in January in a campaign to spoof user-agents for RIAA and NYU.
Article / Feb 28, 2018
A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.
Article / Jan 15, 2018 (MODIFIED: Jan 25, 2018)
Ramnit’s latest twist includes targeting the most widely used web services during the holidays: online retailers, entertainment, banking, food delivery, and shipping sites.
Article / Jan 3, 2018 (MODIFIED: Jan 25, 2018)
A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.
Article / Dec 15, 2017 (MODIFIED: Jan 18, 2018)
Zealot Apache Struts campaign targets vulnerabilities in Windows, Linux, and DotNetNuke, then uses leaked NSA exploits to mine Monero on internal networks.
Article / Sep 14, 2017 (MODIFIED: Oct 17, 2017)
TrickBot released a new worm module, shifted its focus towards the US, and soared past the one thousand target URLs mark in a single configuration.
Article / Jul 27, 2017 (MODIFIED: Sep 1, 2017)
As TrickBot evolves, we examine version 24, which heavily targets Nordic financial institutions, and we take a close look at the Dyre–TrickBot connection.
Article / Apr 12, 2017 (MODIFIED: Jul 6, 2017)
Readily available hacking tools provide new ways for civil disobedience groups to antagonize their targets anonymously.
Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)
Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.
Article / Mar 27, 2017 (MODIFIED: Jul 24, 2017)
It is amazing how quickly threat actors using old web vulnerabilities in their campaigns can adapt and switch to new zero-days to deliver the same payloads.
Article / Feb 13, 2017 (MODIFIED: Jan 12, 2018)
It’s easy to brush off low-risk vulnerabilities as trivial—until they’re combined to create a deep-impact attack.
Article / Nov 15, 2016 (MODIFIED: Jul 6, 2017)
A new DDoS attack vector that leverages LDAP for reflection-amplification attacks is seeing increased usage.