Ransomware Qilin Ransomware Adopts Aggressive Credential Harvesting - October 2024 Update Threat Group: - Qilin (formerly known as "Agenda") Threat Type: - Ransomware-as-a-Service (RaaS) Exploited Vulnerabilities: - Zero-day vulnerabilities, VPN access without multi-factor authentication (MFA), spear-phishing, and remote monitoring tools Malware Used: - Qilin Ransomware, with variants developed in Golang and Rust Threat Score: - High (8.8/10)
Ransomware KOK08 Ransomware: What to Know Overview KOK08 ransomware, identified as a variant of the Matrix ransomware family, is involved in malicious activities including file encryption and data exfiltration. This ransomware uses sophisticated methods that are consistent with the broader trends observed in 2024, where targeted attacks on critical infrastructure and high-value targets have become more
Malware PEAKLIGHT: What You Need to Know Overview PEAKLIGHT is a sophisticated memory-only malware recently identified by cybersecurity researchers at Mandiant. This malware is particularly concerning due to its stealthy nature, residing exclusively in a computer's RAM, which allows it to evade traditional antivirus solutions that rely on disk scanning. The infection is initiated through
Malware The Styx Stealer Threat: What You Need to Know Overview Styx Stealer is a sophisticated information-stealing malware targeting Windows systems, with a primary focus on cryptocurrency theft and data exfiltration. It is an advanced variant of the older Phemedrone Stealer and has been actively distributed since April 2024. This malware exploits vulnerabilities in outdated Windows Defender versions, making it
Vulnerabilities Microsoft Reveals Critical IPv6 Flaw Impacting Every Windows System Overview A critical security vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, specifically affecting systems using the IPv6 protocol. This vulnerability is classified as a Remote Code Execution (RCE) flaw, meaning that an attacker can gain control over a system without any user interaction. Given
Malware DeerStealer Uses Google Authenticator as a Trojan Horse Overview DeerStealer is a recent and increasingly concerning information-stealing malware. It has gained notoriety for its use of deceptive distribution methods, specifically by disguising itself as legitimate applications such as Google Authenticator. The malware is typically spread through fake advertisements and malicious downloads. Once installed, DeerStealer harvests sensitive data including
Vulnerabilities Entra ID Cybersecurity Threat: UnOAuthorized Admin Privilege Escalation Summary A critical vulnerability known as "UnOAuthorized" has been discovered in Microsoft Entra ID (formerly Azure Active Directory). This vulnerability allows attackers with specific administrative roles, such as Application Administrator or Cloud Application Administrator, to escalate their privileges to Global Administrator. This escalation is made possible due to
Ransomware SharpRhino Explained: Key Facts and How to Protect Your Data Overview Quorum Cyber's Incident Response team has discovered a new malware, SharpRhino, during a recent ransomware investigation. SharpRhino, attributed to the ransomware group Hunters International, functions as both an initial infection vector and a Remote Access Trojan (RAT). This malware exemplifies the sophisticated methods ransomware groups are employing
Malware ACR Stealer: Bypassing Defender SmartScreen and How to Mitigate Overview ACR Stealer is a sophisticated information-stealing malware actively distributed as Malware-as-a-Service (MaaS). It has evolved from its predecessor, GrMsk Stealer, and is known for its advanced obfuscation and anti-analysis techniques, making it a significant threat to user data security. Technical Details ACR Stealer targets sensitive user information by employing
Ransomware Eldorado Strikes Windows and Linux Overview Eldorado is a new ransomware-as-a-service (RaaS) operation that has emerged targeting both Windows and Linux systems. First appearing on March 16, 2024, when an advertisement for its affiliate program was posted on the ransomware forum RAMP, Eldorado has since gained notoriety for its sophisticated capabilities and widespread impact. Technical
