Following several reports from security firms, it appears that ransomware operators are abusing the remote monitoring and management (RMM) product Action1 RMM which is used by Managed Service Providers (MSPs) to manage endpoints on customer networks remotely. The software package allows patch
In a recently published report by security firm Check Point, a newly discovered ransomware is breaking new records for the fastest encryptor. That might be the headlining grabbing feature of Rorschach, but the malware’s developers have looked to use the best features from several other variants to c
Security researchers for the major telecommunications company AT&T have discovered a new variant of BlackGuard, a new info stealer that is gaining popularity with threat actors using underground hacking forums. This new variant is actively being distributed in the wild and boosts several new fe
On March 7, 2022, Bleeping Computer broke the news that Emotet activity had surged back to life and the malware was once again facilitating the sending of malicious spam emails. After a three-month break, the malware’s operators deemed it was time to ramp up operations once more from an all too bri
Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The
Security firm Sentinel One just published a report detailing how a phishing campaign used to target victims in Eastern Europe is being used to deliver the Remcos RAT and DBateLoader malware strains. As with so many malware distribution campaigns, things kick off with a phishing email campaign, in th
Chinese advanced persistent threat group, APT27, also known as Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, or TG-3390, is now developing Linux version of their custom malware payloads. The group is best known for its cyber espionage abilities by leveraging custom malware packages. With th
For many of the readers of this publication they will be aware of the heyday of exploit kits, effective toolsets to take advantage of vulnerable software packages. When Adobe’s Flash and Microsoft’s Internet Explorer had significant market dominance these toolkits were far more common and used to ga
On February 21, 2023, South African publication MyBroadband published an article noting that Porshe South Africa’s headquarters in Johannesburg had possibly suffered a ransomware attack. The publication stated, “MyBroadband understands the attackers used a relatively new ransomware strain cal
Following several reports from security firms and cyber security publications it is apparent several ransomware gangs are actively exploiting a two-year-old vulnerability that allows for remote code execution on VMWare ESXi servers. One of the initial warnings was issued by the French Computer Emerg