In a recently published report by security firm Check Point, a newly discovered ransomware is breaking new records for the fastest encryptor. That might be the headlining grabbing feature of Rorschach, but the malware’s developers have looked to use the best features from several other variants to c
Security researchers for the major telecommunications company AT&T have discovered a new variant of BlackGuard, a new info stealer that is gaining popularity with threat actors using underground hacking forums. This new variant is actively being distributed in the wild and boosts several new fe
On March 7, 2022, Bleeping Computer broke the news that Emotet activity had surged back to life and the malware was once again facilitating the sending of malicious spam emails. After a three-month break, the malware’s operators deemed it was time to ramp up operations once more from an all too bri
Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The
Security firm Sentinel One just published a report detailing how a phishing campaign used to target victims in Eastern Europe is being used to deliver the Remcos RAT and DBateLoader malware strains. As with so many malware distribution campaigns, things kick off with a phishing email campaign, in th
Chinese advanced persistent threat group, APT27, also known as Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, or TG-3390, is now developing Linux version of their custom malware payloads. The group is best known for its cyber espionage abilities by leveraging custom malware packages. With th
For many of the readers of this publication they will be aware of the heyday of exploit kits, effective toolsets to take advantage of vulnerable software packages. When Adobe’s Flash and Microsoft’s Internet Explorer had significant market dominance these toolkits were far more common and used to ga
On February 21, 2023, South African publication MyBroadband published an article noting that Porshe South Africa’s headquarters in Johannesburg had possibly suffered a ransomware attack. The publication stated, “MyBroadband understands the attackers used a relatively new ransomware strain cal
Following several reports from security firms and cyber security publications it is apparent several ransomware gangs are actively exploiting a two-year-old vulnerability that allows for remote code execution on VMWare ESXi servers. One of the initial warnings was issued by the French Computer Emerg
On January 26, 2023, the Federal Bureau of Investigation (FBI), along with the US Department of Justice and Europol, announced that a successful campaign to infiltrate Hive ransomwares infrastructure and disrupt operations had been carried out. Hive ransomware had developed a reputation for targetin