Threat analysis
Process Doppelgänging meets Process Hollowing in Osiris dropper
Process doppleganging, a rare technique of impersonating a process, was discovered last year, but hasn't been seen much in the wild since. It was an interesting surprise, then, to discover its use ...
Exploit kits: summer 2018 review
Just like the beach, the EK landscape got a little crowded this summer. Find out what we discovered in our exploit kits summer review. Categories: Exploits Threat analysis Tags: drive-by downloadsdrive-bysEKEKsexploit kitsgrandsoftGreenFlash ...
‘Hidden Bee’ miner delivered via improved drive-by download toolkit
Threat actors switch to the Hidden Bee miner as a payload for this unusual and complex drive-by download campaign. Categories: Exploits Threat analysis Tags: bootkitcryptominerdrive-by attackexploithidden beehidden bee minerMBR (Read more...) The ...
New strain of Mac malware Proton found after two years
A new variant of the Mac malware Proton, which was rampant on macOS last year, has been found dating back to at least two years ago. Learn how this could still affect ...
Decision Analysis Applications in Threat Analysis Frameworks
Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I ...
Magniber ransomware improves, expands within Asia
After a controlled delivery focused on South Korea, an upgraded Magniber ransomware is now affecting other Asian countries. Categories: Exploits Threat analysis Tags: asiaEKmagniberMagnigateMagnitudeMalaysiaSouth KoreaTaiwan (Read more...) The post Magniber ransomware improves, ...
Obfuscated Coinhive shortlink reveals larger mining operation
A web miner injected into compromised sites is just the tip of the iceberg for an infrastructure hosting malicious Windows and Linux coin miners. Categories: Cryptomining Threat analysis Tags: cnhvcoinhiveminingmoneroshortlinks (Read more...) ...
New macro-less technique to distribute malware
The latest macro-less technique to distribute malware via Office documents does not involve exploits. Just a little bit of social engineering. Categories: Threat analysis Tags: deeplinkmacro-lessmalwareOfficesettingcontent-ms (Read more...) The post New macro-less ...
SamSam ransomware: controlled distribution for an elusive malware
SamSam ransomware is a unique malware for its explicit human interaction on selected targets and care to erase most of its tracks. Categories: Malware Threat analysis Tags: ransomwaresamsamsamsam ransomware (Read more...) The ...