Conti Targets Critical Firmware

Conti Targets Critical Firmware

| | research
In late February of this year, an unknown individual began leaking internal information and communications from the notorious Conti ransomware organization. These leaks appear to confirm the long-suspected connections between Conti and ...
BMC Attack Demo

Quanta Servers (Still) Vulnerable to Pantsdown

| | research
Eclypsium research has identified that Quanta Cloud Technology (QCT) server models are vulnerable to the well-known ‘Pantsdown’ BMC vulnerability (CVE-2019-6260). We have developed a proof-of-concept exploit demonstrating how even an unsophisticated attacker ...
Active Exploitation of F5 BIG-IP Devices (CVE-2022-1388)

Active Exploitation of F5 BIG-IP Devices (CVE-2022-1388)

| | Industry, research
The Eclypsium research team has detected in-the-wild exploitation of CVE-2022-1388 by multiple threat actors. This CVE impacts all F5 BIG-IP firmware versions released prior to May 4, 2022.  ...
Using Favicons to Discover Phishing & Brand Impersonation Websites

Using Favicons to Discover Phishing & Brand Impersonation Websites

In this blog, we take a look at how favicons can be leveraged to find possible phishing & brand impersonation websites ...
The Russia-Ukraine crisis shakes up the cybercriminal ecosystem

The Russia-Ukraine crisis shakes up the cybercriminal ecosystem

Table of Contents Introduction Russian Side UNC1151/Ghostwriter/TA445 The Red Bandits Conti Team Ukrainian side IT Army of Ukraine Anonymous Belarusian Cyber Partisans AgainstTheWest (ATW) Network Battalion 65′ (NB65) Underground forums position Raidforums ...
Microsoft disables Excel, Office macros by default. Will it matter?

Microsoft disables Excel, Office macros by default. Will it matter?

Rage Against the Machine was at the top of the charts back when Microsoft first introduced the Excel4 Macros (XLM) feature in 1992 - a powerful scripting language that boosted the capabilities ...
After Russian arrests, REvil implants persist

After Russian arrests, REvil implants persist

| | research, Threat Research
Almost two weeks after Russian authorities orchestrated high profile arrests of cyber criminals affiliated with the notorious ransomware group, there has been little change in the availability of malicious files and implants ...
Global threat Corruption Business Abroad

WEF Report: Cyber Risks Pose Global Threats

The World Economic Forum’s (WEF) Global Risks Report 2022 outlined what they believe are the greatest worldwide threats and risks to economic development. In some ways, it reads like an Exodusian litany ...
Security Boulevard
The biggest cyber threats among European CSPs

The biggest cyber threats among European CSPs

In the second half of 2021, adware exploded. This is explored in depth in the Allot H2 2021 Cyber Threat Report. The report found that, during the second half of 2021, Allot ...
Wiring between an SPI flash memory and a bus interface

Methods for Extracting Firmware from OT Devices for Vulnerability Research

This second part of our hardware hacking series focuses on how to dump the memory contents for two different kinds of memory packages, WSON and SOP/SOIC. The post Methods for Extracting Firmware ...