Threat Research
Malware leveraging public infrastructure like GitHub on the rise
The use of public services as command-and-control (C2) infrastructure isn’t a revolutionary technique for malicious actors. ReversingLabs has observed such behavior in several malware campaigns throughout the last few years. Malware authors ...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both ...
Imperva Detects Undocumented 8220 Gang Activities
Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has ...
Avast Threat Report shows humans are better targets that software
When you think of cybercriminals, you might conjure up a movie image of people working in dark rooms with complex spreads of monitors filled with lines and lines of code as they ...
How Google Bard Utilizes Your Business’ Content (For Free)
Google Bard is based on LaMDA language model and can use data gathered by the Googlebot search engine crawler to train the LLM and respond to queries ...
Under Siege: Ransomware and Your Business
Ransomware attacks can have a devastating impact on enterprise organizations. In addition to the ransom payment, organizations face the cost of recovering from the attack, such as downtime, lost productivity, and damage ...
Protestware taps npm to call out wars in Ukraine, Gaza
Newly discovered open source software packages on the npm platform contain scripts that broadcast peace messages related to ongoing conflicts in Ukraine and on the Gaza Strip when they are deployed, according ...
IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
ReversingLabs has identified connections between a malicious campaign that was recently discovered and reported by the firm Phylum and several hundred malicious packages published to the NuGet package manager since the beginning ...
DDoS Attacks Leveraged by Attackers in Israel Conflict
Over the last few years, we’ve observed Distributed Denial of Service (DDoS) attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist ...
Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs researchers have identified a new, malicious supply chain attack affecting the npm platform. The “typosquatting” campaign first appeared in August and pushed a malicious package, node-hide-console-windows, which downloaded a Discord bot ...
