threat report - Tagged - Security Boulevard
All Our Devices Aren't Belong 2 Us - Scott Scheferman - RSA21

May Firmware Threat Report

| | threat report
Sometimes it takes a thunderstorm before seeing positive outcomes and real change: Cyber May Flowers, if you will. The SolarWinds and related supply chain attacks put our government through the crucible of ...
April Firmware Threat Report

April Firmware Threat Report

| | threat report
April has been a month of awakening. The highest levels of government and some of the most influential tech companies in the industry have made it clear: we have crossed a threshold ...
f5 big ip rce | CVE-2021-22986 poc

March Firmware Threat Report

| | threat report
Beware the Ides of March. On the heels of the ongoing SUNBURST supply chain campaign, several other impactful campaigns came into full light this month. While the Halfnium MS Exchange attacks dominated ...
MineBridge RAT

MineBridge Is on the Rise, With a Sophisticated Delivery Mechanism

Introduction The MineBridge RAT was first identified in January 2020 by security researchers at FireEye, who observed the backdoor attacking financial institutions in the United States with some targets located in South ...
"Server platforms: experiment with your expensive hardware too!" - Jeremy Kerr (LCA 2021 Online)

February Firmware Threat Report

| | threat report
A short month, but one packed with developments in cybersecurity! The Sunburst supply chain campaign continues to unfold with significant revelations, including one by Microsoft, who discovered the attackers viewed and exfiltration ...
January Firmware Threat Report

January Firmware Threat Report

| | threat report
2021 kicks off much as 2020 ended, with continued attacks on US Hospitals by the Trickbot /Ryuk actors now armed with TrickBoot’s UEFI targeting capability. Having netted over $150M in profit, the ...
FIN7 JSSLoader post

The Evolution of the FIN7 JSSLoader

Morphisec Labs has been tracking FIN7 (Carbanak Group) activity for the past several years. Morphisec’s ability to collect rich forensic data from memory has provided unique visibility into multiple FIN7 campaigns that ...
FF_301_Eng - Vulnerabilities of Machine Learning Infrastructure

December Firmware Threat Report

| | threat report
This month’s top story in the threat landscape boils down to one word:  TrickBoot.  Put simply: the most prominent and dangerous criminal malware apparatus behind the TrickBot toolset (yes, the same campaigns ...
October Device Threat Report

October Device Threat Report

| | threat report
A scary Halloween it is! Researchers discovered a long-running campaign that has been leveraging a UEFI implant based on the stolen and leaked 2015 Hacking Team code, bringing renewed focus and concern ...
COVID-19 Exacerbated Existing Cybercrime Patterns, Europol Says

COVID-19 Exacerbated Existing Cybercrime Patterns, Europol Says

Europol has published its seventh Internet Organized Crime Threat Assessment (IOCTA), the agency’s annual cybercrime report containing updates on the latest trends and effects of cybercrime in the European Union and beyond ...