Cyber defenders, listen up! The CYFIRMA Research podcast has some juicy intel on the latest cyber threats that are lurking in the shadows. Tune in to this security briefing to stay on top of emerging threats and be ready to tackle digital risk like never before.
…
continue reading
1
CYFIRMA Research - TRACKING RANSOMWARE : APRIL 2024
3:59
3:59
Play later
Play later
Lists
Like
Liked
3:59
Stay informed about the latest developments in cybersecurity with CYFIRMA's April 2024 Ransomware Report. This edition highlights a shift in the ransomware landscape, with Hunter group now dominating while LockBit's influence declined. The manufacturing sector emerges as a prime target globally, with the USA, Canada, the UK, Germany, and Brazil exp…
…
continue reading
1
CYFIRMA Research - New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware
2:55
2:55
Play later
Play later
Lists
Like
Liked
2:55
CYFIRMA’s Research team embarked on a mission to uncover a targeted attack on Indian defense personnel via WhatsApp Messenger. Suspected to originate from Pakistan, the threat actor deployed malicious Android apps disguised as "MNS NH Contact" and "Posted out off," aiming to gain unauthorized access to sensitive information. Our Investigation revea…
…
continue reading
1
CYFIRMA Research - Emerging Security Threats: Analysis of CVE-2024-3400
3:36
3:36
Play later
Play later
Lists
Like
Liked
3:36
Palo Alto Networks has uncovered CVE-2024-3400, a critical vulnerability exploited by threat actor 'UTA0218' in a sophisticated two-stage attack. This flaw allows unauthorized command execution on vulnerable PAN-OS devices via a backdoor mechanism. Adding to the urgency, CISA has promptly listed CVE-2024-3400 in its Known Exploited Vulnerabilities …
…
continue reading
1
CYFIRMA Research - Obfuscated Batch Script’s Journey to Monero Mining
5:16
5:16
Play later
Play later
Lists
Like
Liked
5:16
At CYFIRMA, we provide timely insights into prevalent threats and malicious tactics affecting organizations and individuals. Our research team have identified an open directory listing URLs containing highly obfuscated malicious Windows batch scripts in the wild, which executes a stealthy Monero (XMR) crypto miner as the final payload. This payload…
…
continue reading
1
CYFIRMA Research - Fletchen Stealer: An Information Stealer with Sophisticated Anti-Analysis Measures
3:22
3:22
Play later
Play later
Lists
Like
Liked
3:22
Cyfirma research team discovered a new information stealer named Fletchen Stealer. It is a sophisticated information-stealing malware, offered by its creator as stealer-as-a-service for free that poses a significant threat to cybersecurity. A potent malware written in Rust which boasts advanced anti-analysis capabilities exhibits a high degree of r…
…
continue reading
1
CYFIRMA Research - APT Quarterly Highlights: Q1 – 2024
5:45
5:45
Play later
Play later
Lists
Like
Liked
5:45
Our Q1 2024 APT Quarterly Highlights Report unveils a surge of dynamic and innovative cyber activities from APT groups from Iran, Russia, China, and North Korea, challenging the global cybersecurity landscape. Detailed analysis reveals escalating cyber threats, with Iranian groups like Homeland Justice and Mint Sandstorm targeting governmental and …
…
continue reading
1
CYFIRMA Research - The Shadow War between Israel and Iran Escalates
5:21
5:21
Play later
Play later
Lists
Like
Liked
5:21
A shadow war between Israel and Iran is escalating, but despite unprecedented attacks, both sides are so far trying to keep the conflict below the level of an all-out-war. Israel has vowed to respond to Iran's unprecedented attack; however, the war cabinet seems to be divided over the issue of retaliation. Political considerations are increasingly …
…
continue reading
1
CYFIRMA Research - Ivanti RCE (CVE-2024-21894) Vulnerability Analysis and Exploitation
3:01
3:01
Play later
Play later
Lists
Like
Liked
3:01
A critical vulnerability, CVE-2024-21894, has been discovered in Ivanti's Connect Secure and Policy Secure gateways, posing a severe global threat to digital security. CYFIRMA’s research team have conducted a thorough analysis of this vulnerability. Immediate action is strongly advised: apply the latest patches provided by Ivanti to secure your sys…
…
continue reading
1
CYFIRMA Research - Threat to Offshore Infrastructure in a Maritime-Centric Century
5:00
5:00
Play later
Play later
Lists
Like
Liked
5:00
The most important evolving threat to the electric grids is cyber threats and physical security. The power grid in the US and more so in Europe is experiencing a transformation, as the world shifts to sustainable energy, which entails increased reliance on offshore wind farms and undersea infrastructure that are going to supply large chunks of the …
…
continue reading
1
CYFIRMA Research: Tracking Ransomware- March-2024
4:42
4:42
Play later
Play later
Lists
Like
Liked
4:42
Stay ahead of cybersecurity trends with CYFIRMA's March 2024 Ransomware Report. Lockbit, despite a decline in infections, continues to dominate. The manufacturing sector is a primary target across the globe. Notably, the USA remains a primary victim, trailed by Canada, the UK, Germany, and Spain. Witness the evolution of ransomware tactics as group…
…
continue reading
1
CYFIRMA Research- A New Campaign Identified Targeting Individuals in South Asia
4:28
4:28
Play later
Play later
Lists
Like
Liked
4:28
Cyfirma’s latest research uncovers a sophisticated cyber threat targeting individuals in South Asia. Our research team identified a malicious campaign involving a deceptive SFX archive executable. These files, embedded in the malicious binary and decoy PDF, are part of a multifaceted attack aimed at infiltrating systems and executing malicious acti…
…
continue reading
1
CYFIRMA Research - Vulnerability Analysis and Exploitation: Understanding CVE-2024-27198 in JetBrains TeamCity
5:01
5:01
Play later
Play later
Lists
Like
Liked
5:01
Our latest report sheds light on CVE-2024-27198, a severe vulnerability that has been exploited for unauthorized admin access and privilege escalation in JetBrains TeamCity, marked by CISA on March 7, 2024, as a significant threat. This breach has led to Jasmin ransomware attacks and unauthorized user setups, linked to the BianLian and Jasmin famil…
…
continue reading
1
CYFIRMA Research -Threat to Undersea Infrastructure
6:16
6:16
Play later
Play later
Lists
Like
Liked
6:16
A new concern is beginning to surface as part of the instability in the vital Red Sea shipping corridor: the Houthis or other threat actors may target the numerous subsea cables that transport almost all of the data and financial communications between Europe and Asia. In our blog, we highlight how subsea infrastructure is vulnerable to attack and …
…
continue reading
Cyfirma research team discovered a new document stealer Sync-Scheduler, a potent malware written in C++ boasting defense evasion and anti-analysis capabilities. It is being distributed as an embedded component in the Office document file. Malware code is hidden under the page title of the first slide of the PowerPoint presentation and file-nesting …
…
continue reading
1
CYFIRMA Research - FortiOS/FortiProxy (CVE-2024-21762)- Vulnerability Analysis and Exploitation
2:57
2:57
Play later
Play later
Lists
Like
Liked
2:57
A critical vulnerability, CVE-2024-21762, has been identified in Fortinet's FortiOS/FortiProxy, posing a severe global threat to digital security. CYFIRMA researchers have conducted an exhaustive analysis of the vulnerability. Immediate action is strongly advised. Apply the latest patches provided by Fortinet to secure your systems. Enhance access …
…
continue reading
1
CYFIRMA Research - NIKKI STEALER: EX-DEFACER TURNS SELLER OF DISCORD STEALER
4:15
4:15
Play later
Play later
Lists
Like
Liked
4:15
An individual, formerly known for defacing websites, has transitioned to selling a Discord stealer called Nikki Stealer, developed using the Electron framework. With a moderate level of confidence, we assess the developer is from either Brazil or Portugal. This individual has a history of website defacement and is now engaged in selling this steale…
…
continue reading
1
CYFIRMA Research - Islamic State’s Telegram Hustle: How a Terrorist Organization Raises Funds
3:22
3:22
Play later
Play later
Lists
Like
Liked
3:22
The CYFIRMA Research team embarked on an investigation to uncover activities linked to the banned organization Islamic State. We aimed to gain access to the group or identify individuals endorsing its ideology. During our investigation we infiltrated a Telegram channel promoting Islamic State’s beliefs, which was also part of a private RocketChat s…
…
continue reading
1
CYFIRMA Research - Tracking Ransomware- February 2024
4:28
4:28
Play later
Play later
Lists
Like
Liked
4:28
Stay informed on the evolving cybersecurity landscape with CYFIRMA's February 2024 Monthly Ransomware Report. LockBit leads the charts despite a takedown by law enforcement, showcasing resilience and technical prowess. Manufacturing takes the hit, recording a 40% rise in attacks. The USA remains a prime target, followed by the UK, Canada, France, a…
…
continue reading
1
CYFIRMA Research - A Ransomware That Doesn't Extort Money - WinDestroyer & Its Origin
3:57
3:57
Play later
Play later
Lists
Like
Liked
3:57
The CYFIRMA research team has uncovered a new and highly destructive malware, WinDestroyer. It lacks ransom demands, is geopolitically motivated, and is developed for hacktivism against the backdrop of the Russia-Ukraine conflict. The malware employs DLL reload attacks, API hammering, and lateral movement capabilities, rendering systems unusable. D…
…
continue reading
1
CYFIRMA Research - Exploiting Document Templates: Stego-Campaign Deploying Remcos RAT and Agent Tesla
4:45
4:45
Play later
Play later
Lists
Like
Liked
4:45
Our latest cyber threat research at Cyfirma reveals a complex stego-campaign, showcasing a malicious .docx file that's raising serious concerns in the cybersecurity landscape. Our dedicated team unearthed a sophisticated attack chain that employs template injection, effectively bypassing conventional email security measures. The malicious .docx fil…
…
continue reading
1
CYFIRMA Research - The ScreenConnect Saga: A Deep Dive into the LockBit Connection
3:44
3:44
Play later
Play later
Lists
Like
Liked
3:44
Dive into the cybersecurity storm as ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708) open the door to a looming LockBit ransomware threat. With over 95,311 instances at risk, organizations worldwide must act swiftly. Discover the nuances of this critical connection. Link to the Research Report: The ScreenConnect Saga: A Deep Dive into…
…
continue reading
1
CYFIRMA Research - Exploit Analysis: SSRF and Command Injection for Unauthenticated RCE in Ivanti Connect Secure
3:27
3:27
Play later
Play later
Lists
Like
Liked
3:27
Read our Cyfirma Research report, which explores why Ivanti Connect Secure & Policy Secure users, should be cautious of a critical SSRF vulnerability (CVE-2024-21893) which affects your systems, enabling attackers to bypass mitigations and execute remote code. Exploits, like CVE-2023-46805 & CVE-2024-21887, demonstrate the severity. Ivanti has rele…
…
continue reading
1
CYFIRMA Research - Xeno RAT: A New Remote Access Trojan with Advance Capabilities
3:30
3:30
Play later
Play later
Lists
Like
Liked
3:30
CYFIRMA’s research team has discovered a new Remote Access Trojan named Xeno-RAT, featuring sophisticated capabilities. Through comprehensive analysis, our report explores the various evasion techniques utilized by threat actors to circumvent detection, as well as elucidates the methods employed in creating robust malware payloads. Xeno RAT, a pote…
…
continue reading
1
CYFIRMA Research - Iran Contributes to the Escalating Geo-Political Threat Landscape
6:09
6:09
Play later
Play later
Lists
Like
Liked
6:09
The recent acceleration in hostilities involving Iran-backed militias and the United States, coupled with a surge in Israeli strikes on Iranian positions in Syria, seems to have compelled Tehran to reassess elements of its regional strategy. These regional escalations come at an inopportune time for Iran. This report assesses the current situation …
…
continue reading
1
CYFIRMA Research - Jenkins (CVE-2024-23897) – Vulnerability Analysis and Exploitation
3:32
3:32
Play later
Play later
Lists
Like
Liked
3:32
Urgent Security Advisory! A critical vulnerability, CVE-2024-23897, has surfaced in Jenkins, posing a global threat to digital security. CYFIRMA researchers have conducted an in-depth analysis and exploitation, Immediate action is advised - secure your systems with the latest Jenkins patches. Strengthen access controls, fortify your digital infrast…
…
continue reading
1
CYFIRMA Research - Malware Development Competition Fuels Creation of 20+ Malware
6:06
6:06
Play later
Play later
Lists
Like
Liked
6:06
Our latest report talks about the XSSLite Stealer; an infostealer born from a malware development competition on a Russian hacking forum. This infostealer comes with anti-sandbox & anti-debugging capabilities, in addition to a web panel's source code to receive the stealer logs from compromised victims. A hefty prize pool of tens of thousands of US…
…
continue reading
1
CYFIRMA Research - Ransomware Trends- January 2024
4:39
4:39
Play later
Play later
Lists
Like
Liked
4:39
Uncover the latest trends in the cybersecurity landscape with CYFIRMA's January 2024 Monthly Ransomware Report. LockBit takes the lead with 64 victims, targeting diverse industries, notably Manufacturing. Despite a 20.51% dip in incidents from December 2023, the long-term trend indicates a persistent rise in ransomware threats. New players like Slu…
…
continue reading
1
CYFIRMA Research - Caught in the Crossfire: How International Relationships Generate Cyber Threats
4:39
4:39
Play later
Play later
Lists
Like
Liked
4:39
In times of conflict, the cyber realm becomes a battleground too! Instances like the Russia-Ukraine war & Israel-Gaza conflict show how hacktivists are playing a role. They launch attacks using DDoS tools, deface websites, and even mentor others to disrupt organizations. In the ongoing Israel-Palestine conflict, hackers are wreaking havoc online to…
…
continue reading
1
CYFIRMA Research - Comprehensive Analysis of CVE-2024-21833 Vulnerability in TP-Link Routers : Threat Landscape, Exploitation Risks, and Mitigation Strategies
3:42
3:42
Play later
Play later
Lists
Like
Liked
3:42
CYFIRMA’s research team, reveals a critical OS command injection vulnerability (CVE-2024-21833) affecting TP-Link Routers, demanding immediate attention. With a high CVSS score of 8.8, this flaw poses a significant risk, attracting state-sponsored entities and threat groups. Active exploitation is observed, emphasizing the need for prompt patching,…
…
continue reading
1
CYFIRMA Research - Russian Threat Actors Abuse Cloudflare and Freenom Services to run DaaS Program
4:03
4:03
Play later
Play later
Lists
Like
Liked
4:03
The CYFIRMA research team reveals a Russian-origin Drainer-as-a-Service (DaaS) project gaining traction in the hacking community. This crypto drainer targets wallets on Ethereum, BNB, Polygon, etc with a massive affiliate network of 10k members. Our investigation reveals how the threat actors are creating phishing infrastructure at no cost, subsequ…
…
continue reading
1
CYFIRMA Research - LOOKING INTO THE CRYSTAL BALL: WHAT WILL 2024 BRING IN GEOPOLITICS
7:42
7:42
Play later
Play later
Lists
Like
Liked
7:42
The geopolitical landscape in 2024 is at a critical juncture! As we begin the year, explore five key events may shape the course of global affairs and have profound effect on the Cyber Threat Landscape through this Cyfirma blog! Covering the below key events: · World Goes to the Polls: Over four billion people in nearly 80 countries will participat…
…
continue reading
1
CYFIRMA Research - From Screen Captures to Crypto wallets: Analyzing the Multi-Faceted Threat of Rage Stealer
3:28
3:28
Play later
Play later
Lists
Like
Liked
3:28
“CYFIRMA’ s research team has identified a new stealer in the wild called “Rage Stealer”. Rage Stealer employs a multifaceted approach, covertly extracting sensitive data encompassing browsers, cryptocurrency wallets, files, credentials, and various applications data. What sets "Rage Stealer" apart is its systematic organization of extracted inform…
…
continue reading
1
CYFIRMA Research - Pakistan-based Threat Actor Targets Indians with Fake Loan Android Application
3:15
3:15
Play later
Play later
Lists
Like
Liked
3:15
The CYFIRMA team recently discovered a malicious Android package orchestrating a sophisticated extortion scheme. Masked as a loan app promising quick funds, unsuspecting users are duped into revealing sensitive information during the installation process. The deceptive app coerces victims into submitting KYC details, including a selfie, gradually a…
…
continue reading
1
CYFIRMA Research - APT QUARTERLY HIGHLIGHTS: Q4 – 2023
6:15
6:15
Play later
Play later
Lists
Like
Liked
6:15
CYFIRMA’s Q4 2023 APT report focusses on APT groups from Iran, Russia, China, and North Korea, that brought forth a wave of dynamic and innovative cyber activities, challenging the global cyber security landscape. Iranian actors targeted telecom, higher education, and tech sectors, showcasing updated techniques and new C2 frameworks in the backdrop…
…
continue reading
1
CYFIRMA Research - Russian Stealer Log Aggregator Releases Fully Native Infostealer
5:03
5:03
Play later
Play later
Lists
Like
Liked
5:03
Monster Cloud, an emerging player in the Russian stealer log threat landscape, has shifted from just offering stealer logs to a Malware-as-a-Service (MaaS) model. Operating on Telegram, these threat actors have announced the release of their fully native proprietary information stealer. In this report, we dive into the operations of the Russian-spe…
…
continue reading
1
CYFIRMA Research - Apache Struts RCE (CVE-2023-50164)- Vulnerability Analysis and Exploitation
2:57
2:57
Play later
Play later
Lists
Like
Liked
2:57
A critical vulnerability has been identified in Apache Struts 2, exposing a global threat to digital security. CYFIRMA Researchers have analysed this flaw, uncovering potential risks of unauthorized access and data breaches. It is advised to take immediate action - secure your systems with the latest Apache Struts 2 patches. Strengthen access contr…
…
continue reading
Taiwan’s election marks the first on the calendar in what will be the largest election year in history. Understanding how the onslaught of disinformation will impact the opinions of the Taiwanese public will be critical for Taiwan’s election, but the tactics and behaviors will likely be duplicated elsewhere, not only by the Chinese Communist Party …
…
continue reading
1
CYFIRMA Research- Tracking Ransomware- December 2023
3:39
3:39
Play later
Play later
Lists
Like
Liked
3:39
Dive into Cyfirma’s December 2023 Ransomware Report for an exploration of evolving cyber threats. The rise of new players like Hunters International, Dragon Force and WereWolves highlight a severe threat. With 75% more incidents in 2023 than in 2022, this report unveils critical insights into the escalating global cybersecurity threat. Covering key…
…
continue reading
1
CYFIRMA Research - Episode 072: Decoding the Cryptocurrency Malware Landscape - A Comprehensive Analysis of a Mining Threat Disseminated Through A YouTube Channel
3:48
3:48
Play later
Play later
Lists
Like
Liked
3:48
At Cyfirma, we are committed to providing up-to-date information on the most prevalent threats and tactics used by malicious actors to target both organizations and individuals. This comprehensive analysis delves into the dissemination of cryptocurrency miners through a YouTube channel. Examining the tactics employed, the report reveals a concernin…
…
continue reading
1
CYFIRMA Research - Episode 071: A Gamer Turned Malware Developer: Diving Into SilverRat And It’s Syrian Roots
4:06
4:06
Play later
Play later
Lists
Like
Liked
4:06
This report provides a glimpse into the evolving landscape of RAT development and malicious activities performed by threat actors working under name of ‘Anonymous Arabic’. Our team investigated the Silver RAT (written in C sharp) which has capabilities to bypass anti-viruses and covertly launch hidden applications, browsers, keyloggers, and other m…
…
continue reading
1
CYFIRMA Research - Episode 070: Future of Communication - Satellite Mega Constellations
6:49
6:49
Play later
Play later
Lists
Like
Liked
6:49
Satellites now sit at the heart of geopolitical power, playing a pivotal role in warfare and strategy. SpaceX's Tranche 0 satellites for the U.S. military and Starlink's impact in Ukraine exemplify this shift. Yet, amidst the dazzle of rocket launches and mega constellations, a silent cyber battle is escalating. This report explores the interconnec…
…
continue reading
1
CYFIRMA Research - OwnCloud: CVE-2023-49103 Vulnerability Analysis and Exploitation
3:43
3:43
Play later
Play later
Lists
Like
Liked
3:43
CYFIRMA’s Research team has conducted a thorough analysis of the critical security vulnerability, CVE-2023-49103, in OwnCloud's Graph. Uncovered by ownCloud on November 21, 2023, this vulnerability is assigned a CVSS score of 7.5, underscoring its severity. This flaw directly impacts OwnCloud/graphapi, posing a significant risk of unauthorized acce…
…
continue reading
1
CYFIRMA Research: Tracking Ransomware- November 2023
4:46
4:46
Play later
Play later
Lists
Like
Liked
4:46
Dive into the November 2023 Ransomware Report by CYFIRMA for a deep dive into evolving cyber threats. LockBit dominates with 108 victims. With a 25% surge in attacks on Manufacturing and a 78.3% rise in FMCG incidents, the need for defences is evident. Geographically, the USA remains a prime target, experiencing a 45.72% share of attacks. Explore t…
…
continue reading
1
CYFIRMA Research - From Macro to Payload: Decrypting the Sidewinder Cyber Intrusion Tactics
5:20
5:20
Play later
Play later
Lists
Like
Liked
5:20
This report explores a sophisticated cyber threat orchestrated by the Sidewinder APT group. Targeting Nepalese government officials, this advanced threat involves a malicious Word document wielding a stealthy Nim backdoor. Unraveling the attack chain reveals a symphony of tactics, including VB scripts, BAT scripts, and a deceptive payload camouflag…
…
continue reading
1
CYFIRMA Research - F5 BIG-IP Remote Code Execution – CVE-2023-46747 – Vulnerability Analysis and Exploitation
3:16
3:16
Play later
Play later
Lists
Like
Liked
3:16
A critical vulnerability, CVE-2023-46747, has surfaced in the F5 BIG-IP Traffic Management User Interface (TMUI), posing a significant global threat to organizations. This flaw enables unauthorized remote code execution, potentially compromising digital assets. CYFIRMA’s Research team has conducted an extensive analysis of this security flaw. Take …
…
continue reading
The world has witnessed an unprecedented surge in conflicts over the past two years, surpassing any period since the end of World War II. Amidst a fracturing world order and the waning Pax Americana, simmering tensions threaten to erupt suddenly, or at the very least, escalate into major crises with significant cyber repercussions. Link to the Rese…
…
continue reading
1
CYFIRMA Research - DanaBot Stealer: A Multistage MaaS Malware Re-emerges with Reduced Detectability
3:48
3:48
Play later
Play later
Lists
Like
Liked
3:48
At Cyfirma, we are committed to providing up-to-date information on the prevalent threats and tactics used by malicious actors. Our latest report delves into DanaBot Stealer and presents a comprehensive overview of its functionality and capabilities. DanaBot is a stealthy, multi-stage and versatile malware that infiltrates computers to steal valuab…
…
continue reading
1
CYFIRMA Research - Episode 063: Emerging MaaS Operator Sordeal Releases Nova Infostealer
4:57
4:57
Play later
Play later
Lists
Like
Liked
4:57
Cyfirma’s latest report concerning a new malware, Nova, being offered by MaaSoperators Sordeal who have been actively distributing it since early 2023. This information stealer exhibits advanced capabilities, leveraging sophisticated techniques for anti-forensics and defense evasion. Nova targets most of the commonly used browsers, exfiltrating aut…
…
continue reading
1
CYFIRMA Research - Episode 062: WITH THE WORLD DISTRACTED, CHINA STIRS TROUBLE IN THE ASIA PACIFIC
5:55
5:55
Play later
Play later
Lists
Like
Liked
5:55
Amidst the conflicts in Ukraine and Gaza, little attention has been paid to China’s ongoing coercion in the South China Sea. Yet Beijing and Manila are in the midst of an increasingly tense standoff over Second Thomas Shoal, which could easily escalate into a major crisis or even a conflict with cyber fallout. Link to the Research Report: WITH THE …
…
continue reading
1
CYFIRMA Research - Episode 061: TRACKING RANSOMWARE: OCTOBER 2023
4:32
4:32
Play later
Play later
Lists
Like
Liked
4:32
Explore the October 2023 Ransomware Report from CYFIRMA, uncovering the ever-changing landscape of cyber threats. LockBit leads the charge with 66 victims. Manufacturing takes a hit with 64 incidents, stressing the need for specific defences. The USA is a prime target, enduring 151 ransomware incidents, and now, a new player, Hunters International,…
…
continue reading