Weekly Intelligence Trends and Advisory – 12 Sep 2021

Researchers recently discovered a new malware family dubbed PRIVATELOG and its installer, STASHLOG. The malware deploys a novel and interesting technique in the samples used to hide data. The PRIVATELOG and STASHLOG rely on CLFS – a log framework that was introduced by Microsoft in Windows Vista and Windows Server 2003 R2 for high performance – to hide a second-stage payload in registry transaction files.

Weekly Intelligence Trends and Advisory – 5 Sep 2021

Surfacing in April 2020, the infamous ShinyHunters threat actor group has been behind several high-profile data breaches. The threat actor group has claimed responsibility for a string of data breaches including Bonobos, Pixlr, ChqBook, Tokopedia, BigBasket, Microsoft’s GitHub account, and MeetMindful, among others.

Weekly Intelligence Trends and Advisory – 29 Aug 2021

Researchers discovered a trojan named Triada snook into one of the modified versions of the WhatsApp messenger called FMWhatsapp 16.80.0 along with an advertising Software Development Kit (SDK).

Weekly Intelligence Trends and Advisory – 22 Aug 2021

Researchers have disclosed multiple intrusion activities attributed to UNC215 – a Chinese cyber-espionage group aimed at Israeli organizations. The threat actors exploited a SharePoint vulnerability (CVE-2019-0604) to gain initial access and carried out a fixed pattern for credential harvesting and internal reconnaissance (via web shells) to identify important systems within the targeted network.

Weekly Intelligence Trends and Advisory – 15 Aug 2021

Researchers have recently observed a new Android trojan used by attackers to compromise Facebook accounts. Dubbed as FlyTrap, the malware has Impacted approximately 10,000 users from at least 144 countries since March 2021.

Weekly Intelligence Trends and Advisory – 8 Aug 2021

Researchers have discovered a unique, long-running operation, called GhostEmperor. The campaign used Microsoft Exchange vulnerabilities to target high-profile victims with an advanced toolset and shown no similarity to any known threat actor.

Weekly Intelligence Trends and Advisory – 1 Aug 2021

Disclosed earlier this week the zero-day flaw that exists in iOS and macOS platforms – being actively exploited in the wild – can allow attackers to take over an affected device.

Weekly Intelligence Trends and Advisory – 25 July 2021

Researchers highlight that an increasing number of ransomware groups are using virtual machines in a bid to evade detection. While encrypting files on the host computer the ransomware payload “hides” within a VM to avoid raising suspicions or triggering antivirus software.

Weekly Intelligence Trends and Advisory – 18 July 2021

What makes BIOPASS RAT particularly interesting is that it can sniff its victim’s screen by abusing the framework of OBS Studio, a popular live streaming and video recording app, to establish live streaming to a cloud service via RTMP

Weekly Intelligence Trends and Advisory – 11 July 2021

Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications, and has been gaining popularity in recent times. In a survey in 2019, 84 percent of enterprises surveyed indicated they were running containers in production.