New Malspam campaign deploying FickerStealer Malware
FickerStealer malspam wave: lure templates, document-based delivery, info-stealing capabilities and host-level indicators for endpoint detection.
Category
Emerging Threats
Read the analysis
LokiBot campaign — update of 26 July 2021
LokiBot campaign update: lure templates, payload delivery patterns, info-stealer capabilities and indicators across the latest waves observed in July 2021.
The most trending vulnerabilities among Cybercriminals
CVEs most actively exploited by criminal groups: targeting trends, time-to-exploit metrics and prioritisation guidance for vulnerability management programmes.
China APT: LuminousMoth
LuminousMoth: China-aligned APT operations against Southeast Asian government and telecom targets, USB-based propagation, custom backdoors and infrastructure overlaps.
New ransomware threat against ESXi Linux servers: HelloKitty
HelloKitty ransomware variant targeting VMware ESXi Linux hypervisors: encryption of virtual machine files, hypervisor-level impact and detection considerations.
REvil Kaseya — sample analysis
Technical analysis of the REvil ransomware sample dropped through the Kaseya VSA supply-chain compromise: code structure, encryption logic, and supply-chain risk lessons.
WannaMine worm: analysis and intervention
WannaMine cryptominer worm: lateral movement via EternalBlue, Mimikatz credential harvesting, persistence mechanisms and the field intervention to remediate a long-running compromise.
Critical vulnerability: PrintNightmare
PrintNightmare (CVE-2021-34527): Windows Print Spooler privilege escalation and RCE, exploitation primitives, mitigation steps and detection across Windows estates.
Ransomware and Supply Chain Attack
Convergence of ransomware and supply-chain compromise: amplification mechanics, downstream propagation and defensive priorities for vendors and customers alike.
