Latest TrickBot cyber-gang activity
TrickBot operations update: infrastructure rebuilds, module evolution, partnership with ransomware affiliates and detection signals across recent campaigns.
Category
Emerging Threats
Read the analysis
Anatomy of an attack — Conti Ransomware
Conti ransomware operations: initial access patterns, Cobalt Strike pivoting, domain-controller compromise, exfiltration tooling and double-extortion mechanics.
FIN12: threat against Hospitals and Healthcare
FIN12 financially-motivated actor targeting healthcare: short dwell time, ransomware deployment patterns and operational priorities for hospital security teams.
New variant of the Jupyter malware
Jupyter (SolarMarker) malware new variant: PowerShell-driven loader, infostealer modules, persistence techniques and IOC indicators.
Backdoor inside REvil Ransomware
Backdoor discovered inside the REvil ransomware affiliate build: developer access to victim payments, affiliate-trust implications and underground reactions.
Windows bug allows RootKit installation
Windows kernel-level vulnerability enabling unsigned-driver loading: rootkit installation pathway, exploitation pre-conditions and detection considerations.
MSHTML CVE-2021-40444 vulnerability
MSHTML CVE-2021-40444 technical analysis: ActiveX abuse via Office documents, exploitation chain, mitigation steps and IOC indicators.
REvil/Sodinokibi Ransomware decryptor
Universal decryptor released for REvil/Sodinokibi: scope of recovery, conditions of usability and operational guidance for victims with encrypted backups.
OMIGOD: critical vulnerabilities in Azure cloud services
OMIGOD vulnerability set in Azure Open Management Infrastructure (OMI): unauthenticated RCE, automatic agent installation and remediation guidance for Azure tenants.
