A new Formbook campaign is targeting oil and gas companies.

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.

The hackers have claimed a number of disruptions over the past week, blurring the lines between amateurs and groups linked to governments.

TeaBot resurrected with evolved malware distribution tactics active across Google Play Store, primarily circulating through OR Code Apps…

The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short…

FortiGuard Labs discovered more than 500 Microsoft Excel files involved in a campaign to deliver a fresh Emotet Trojan variant. Read to learn more how to avoid this lure.…

Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service provide…

Proofpoint provides insights into TA416's activity targeting European governments as conflict in Ukraine escalates. Learn more about this Chinese state threat group.

Webhards is a platform used to distribute malware, and it is mainly used by attackers that mainly target Korean users. The ASEC analysis team has been monitoring malware types distributed through webhards and has uploaded multiple blog posts about them in…

The ASEC analysis team has discovered distribution of malicious HWP file disguised as “Press Release of 20th Presidential Election Early Voting for Sailors” as the presidential election draws near. The attacker distributed the malicious HWP file on February…

We analyze RURansom, a malware variant discovered to be targeting Russia. Originally suspected to be a ransomware because of its name, analysis reveals RURansom to be a wiper.

We detail APT41's persistent effort that allowed them to successfully compromise at least 6 U.S. state government networks by exploiting vulnerable web apps.

FortiGuard Labs discovered a phishing email addressed to a Ukrainian recipient that masqueraded as purchase order containing a PPT attachment aiming to deploy the Agent Tesla RAT. Learn more.…

In the first of a two-part series of blogs, we will delve deeper into Daxin, examining the driver initialization, networking, key exchange, and backdoor functionality of the malware.

We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis.

Read our blog post to learn how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

What Global Network Visibility Reveals about the Resurgence of One of the World’s Most Notorious Botnets Executive Summary Since its reemergence on Nov. 14, 2021, Black Lotus Labs has once again been tracking Emotet, one of the world’s most prolific malware…

Avast Releases Decryptor for the Prometheus Ransomware. Prometheus is a ransomware strain written in C# that inherited a lot of code from an older strain called Thanos. Skip to how to use the Prometheus ransomware decryptor.  How Prometheus Works Prometheus…

In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they…

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords…