analysis

Hunting injected processes by the modules they keep

| | analysis, digital investigations, Incident Detection, Incident Response, IR, Kansa, Kansa collector command line arguments, Kansa collectors, Triage, Windows
A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our ...
trustedsignal -- blog

Analyzing an Instance of Meterpreter’s Shellcode

| | analysis, DFIR, Digital Forensics, digital investigations, forensics, Incident Response, IR, Malware, Triage
In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
trustedsignal -- blog

Magecart hits again, leveraging compromised sites and newly registered domains

| | analysis, Compromise, Obfuscation
During alert monitoring, ThreatLabZ researchers came across multiple cases of shopping sites being compromised and injected with a skimming script. This injected script looks for the payment method and personally identifiable information ...
Research Blog
public cloud

Hyperfocused Security for the Cloud

| | agent-based security, agentless security, analysis, Cloud Security, Cloud Service Providers
The cloud is the future and the future has arrived. Gartner predicts the worldwide public cloud service market will grow from $182.4 billion in 2018 to $331.2 billion in 2022, representing an ...
Security Boulevard
How can I check if I am GDPR compliant?

How can I check if I am GDPR compliant?

| | analysis, Compliance, cyber, EU GDPR, gap, GDPR, GDPR compliance, Latest news
It’s been two years since the GDPR (General Data Protection Regulation) took effect, and despite many people saying it was a lot of fuss over nothing, it has had a significant effect ...
Vigilant Software – Compliance Software Blog

Abuse of hidden “well-known” directory in HTTPS sites

| | analysis, Compromise, Malware, Phishing, Ransomware
WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious ...
Research Blog

Qealler – a new JAR-based information stealer

| | analysis, Evasion/Stealth, Malware
Recently, the Zscaler ThreatLabZ team came across a new type of malware called Qealler, which is written in Java and designed to silently steal sensitive information from an infected machine. Qealler is ...
Research Blog
Deeper Down the Rabbit Hole: Second-Stage Attack and a Fileless Finale

Deeper Down the Rabbit Hole: Second-Stage Attack and a Fileless Finale

| | analysis, Bromium Threat Labs, Data Talks, Malware, office, threat report, threats, word
­­In our last blog, “Following a Trail of Confusion: PowerShell in Malicious Office Documents”, we systematically unraveled multiple layers of obfuscation initiated by a weaponized first-stage Microsoft Word document to reveal a ...
Bromium
Following a Trail of Confusion: PowerShell in Malicious Office Documents

Following a Trail of Confusion: PowerShell in Malicious Office Documents

| | analysis, Bromium Threat Labs, Data Talks, Malware, powershell, threat report, threats
While the threat landscape continues to evolve, Microsoft Office documents continue to see steady usage by malicious actors. These documents, often times equipped with nothing more than the built-in capability offered by ...
Bromium

Spam campaigns leveraging .tk domains

| | Advertising, analysis, Compromise, scam
For the last couple quarters, the Zscaler ThreatLabZ research team has been closely monitoring services that provide free domain names. We’ve identified a campaign utilizing '.tk' TLD (top level domain) domains that ...
Research Blog
Load more