A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon. This article has been indexed from Securelist Read the original article: Cobalt Strike Beacon delivered via GitHub…
Category: Securelist
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon. This article has been indexed from Securelist Read the original article: Cobalt Strike Beacon delivered via GitHub…
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
Explaining the ToolShell vulnerabilities in SharePoint: how the POST request exploit works, why initial patches can be easily bypassed, and how to stay protected. This article has been indexed from Securelist Read the original article: ToolShell: a story of five…
The SOC files: Rumble in the jungle or APT41’s new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: The SOC files: Rumble in the jungle or APT41’s new target…
The SOC files: Rumble in the jungle or APT41’s new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: The SOC files: Rumble in the jungle or APT41’s new target…
Rumble in the jungle: APT41’s new target in Africa
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa. This article has been indexed from Securelist Read the original article: Rumble in the jungle: APT41’s new target in Africa
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
In an incident response case in Asia, Kaspersky researchers discovered a new backdoor for Microsoft Exchange servers, based on open-source tools and dubbed “GhostContainer”. This article has been indexed from Securelist Read the original article: GhostContainer backdoor: malware compromising Exchange…
Forensic journey: Breaking down the UserAssist artifact structure
A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool. This article has been indexed from Securelist Read the original article: Forensic journey: Breaking down the UserAssist artifact structure
Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer. This article has been indexed from Securelist Read the original article: Code highlighting with Cursor AI for $500,000
Batavia spyware steals data from Russian organizations
Kaspersky experts have discovered a new spyware called Batavia, which steals data from corporate devices. This article has been indexed from Securelist Read the original article: Batavia spyware steals data from Russian organizations