WildPressure has been attacking Windows for a long time, that’s why this is not the first time when Windows and macOS operating systems are being attacked by such malicious trojan. However, in 2019 Kaspersky had detected a malicious trojan named “Milum” that has been used by the threat actors of WildPressure. Since then Kaspersky has […]
The PrintNightmare vulnerability has turned out to be a big issue for Windows system users and the cybersecurity community. On Tuesday, Microsoft seemed to have finally addressed this flaw with the release of the KB5004945 update, though things might not turn out as expected. Just hours after the release of this update, researchers Matthew Hickey […]
A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Russian cybersecurity firm attributed the attacks to an advanced persistent […]
Microsoft has shipped an emergency out-of-band security update to address a critical zero-day vulnerability — known as “PrintNightmare” — that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems. Tracked as CVE-2021-34527 (CVSS score: 8.8), the remote code execution flaw impacts all supported […]
Cybersecurity experts report that a proof of concept (PoC) exploit and technical details related to an unpatched vulnerability in Windows systems have been leaked online by accident. The vulnerability in question, identified as PrintNightmare, affects the Windows Print Spooler and its exploitation would allow threat actors to take control of a Windows domain server and […]
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as CVE-2021-1675, the security issue could grant remote attackers full control of vulnerable systems. Print Spooler manages the printing process in Windows, including loading […]
Using Windows Server in a “Windows container”? Then beware of it, as recently, it has been confirmed that highly sophisticated malware has been active for over a year. The cybersecurity researchers at Palo Alto Networks Unit 42 have recently discovered a new malware, known as, “Siloscape,” and it uses Windows containers to access Kubernetes clusters. […]
A group of researchers has found a new malware variant designed to breach the security of Windows containers in order to reach Kubernetes clusters. Identified as Siloscape, experts describe this malware variant as something unusual due to its complex features. The report, prepared by Palo Alto Networks, notes that Siloscape was detected in early March, […]
Security researchers have discovered the first known malware, dubbed “Siloscope,” targeting Windows Server containers to infect Kubernetes clusters in cloud environments. “Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,” said Unit 42 researcher Daniel Prizmant. “Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run […]
Cybersecurity specialists reported the detection of an ambitious phishing campaign in which operators try to trick users while posing as employees of a paid service that must be cancelled. The goal of these hackers is to infect the attacked systems with the BazaLoader malware variant. This malware is able to implant a backdoor on Windows […]
Recently, a new malware campaign, STRRAT has been detected by the Microsoft security team, as per the security experts, the hackers are distributing a remote access Trojan (RAT) through this malware. This malware is stealing data from the infected systems, and not only this but the malware is remarkable, as it always conceals itself as […]
In the recent era, cyber crimes are happening quite often, and this is not the first time that a cybercriminal group pretending to be a legitimate security group and have impersonated its malware as a security analysis tool or Ethical hacking Tool. However, BI.ZONE Cyber Threats Research Team has detected that the notorious FIN7 hacking […]
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has […]
Cybersecurity experts report that a hacking group has developed a complex rootkit to perform backdoor tasks on Windows systems. As you will remember, a rootkit is a malicious tool designed to evade security mechanisms on a computer system to deploy subsequent attacks. This new malware, identified as Moriya, was discovered by Kaspersky researchers and is […]
The upcoming Windows 10 Sun Valley update has been in discussion for a while now. According to insiders, this will be one of the largest updates to the system, through which Microsoft hopes to “refresh the desktop PCs” and bring its OS back into the spotlight. Here’s what is currently known about this update. UI […]
A recent security report mentions that a dark web leak containing access keys has been published to more than 1.3 million Windows Remote Desktop servers. This is a clear indication of the scope of cybercrime and could even be binding on other incidents of which cybersecurity community knows little. It’s not all bad news, as […]
The use of phishing websites is one of the most common hacking techniques, as it is highly functional for threat actors to collect a lot of information from their targets. However, many people still are unaware that using similar techniques, more information can be collected from a user, including detecting their precise location. MapEye is […]
Recently, cybersecurity researchers have asserted that they have detected a botnet that is continuously targeting Windows devices that are rapidly growing in size. According to the experts, this new malware was dubbed as Purple Fox, and this new malware is active since 2018. In total, the researchers have spotted more than 90,000 incidents through the […]
The Federal Bureau of Investigation (FBI) released a security alert about the use of remote desktop systems such as TeamViewer on outdated operating systems, mainly Windows 7. The alert also refers to security risks for passwords and user accounts on these systems. The federal agency claims to have detected that multiple cybercriminal groups are able […]
This is a tool that allows you to offensively use YARA to apply a filter to the events being reported by windows event logging. Usage Grap the latest verison from here. EvtMuteHook.dll contains the core functionality, once it is injected it will apply a temporary filter which will allow all events to be reported, […]
RogueWinRM is a local privilege escalation exploit that allows to escalate from a Service account (with SeImpersonatePrivilege) to Local System account if WinRM service is not running (default on Win10 but NOT on Windows Server 2019). Briefly, it will listen for incoming connection on port 5985 faking a real WinRM service. It’s just a […]