FortiGuard Labs continues to track many malware families, including Emotet, Qbot, and Icedid. Read more about some of the most common details and techniques used by these malicious campaigns for ma…

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fo...

Research by: Marc Salinas Fernandez Background & Key Findings The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to its many links to several well-known malware families. In this piece…

The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency.

A fresh exploration of the malware uncovers a new tactic for bypassing security products by abusing a known driver vulnerability

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.

A novel backdoor for Microsoft SQL servers controlled using SQL queries

In this article, we will analyze LockBit 3.0 ransomware attack cases to show you how attacks similar to these cases can be prevented.



What is LockBit 3.0 Ransomware?



LockBit 3.0 (also known as LockBit Black) is ransomware created by the cybercrime syndicate…

For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed.

A simple tool for detecting memory modifications to Windows API. - ytk2128/api-monitor32

Read the ransomware trends for 2022 - UK has 5% of total attacks shifting just 0.1% YOY. Read our full report

Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users.

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods - optiv/Freeze

In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.

Aftermath is a free macOS IR framework. Contribute to jamf/aftermath development by creating an account on GitHub.

In this blog, we will give the required background for understanding the vulnerability and the detection logic that Microsoft Defender for Identity uses to...

In a Cybersecurity Advisory released today, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) exposed the