LummaC2: Obfuscation Through Indirect Control Flow
A recent analysis of the LummaC2 (LUMMAC.V2) malware reveals its use of advanced obfuscation techniques, specifically leveraging indirect control flow manipulation to make reverse engineering…
Attacker tradecraft dissected — TTPs, detection opportunities and practical mitigation guidance.
45 reports
A recent analysis of the LummaC2 (LUMMAC.V2) malware reveals its use of advanced obfuscation techniques, specifically leveraging indirect control flow manipulation to make reverse engineering…
In July 2024, the cybersecurity world was shaken by the RockYou2024 breach, the largest recorded password leak in history. Nearly 10 billion passwords were exposed on a hacking forum in a dataset…
CVE-2022-38028 is a critical vulnerability in the Windows Print Spooler service that allows for arbitrary code execution with elevated privileges. The exploit was addressed by Microsoft in a…
A new phishing campaign leveraging Autodesk Drive has come to light, targeting corporate users through seemingly legitimate PDF files. Cybersecurity experts at Netcraft have uncovered that…
A critical vulnerability, designated as CVE-2024-3400, has been identified within the GlobalProtect component of Palo Alto Networks' PAN-OS. This zero-day flaw is classified under CWE-77 (Command…
In the rapidly evolving landscape of cyber threats, the importance of robust and sophisticated cybersecurity measures cannot be overstated. One of the key initiatives in this domain is TIBER-EU –…
The recent paper, " You Cannot Escape Me: Detecting Evasions of SIEM Rules in Enterprise Networks " highlights the ongoing battle in cybersecurity between attackers' evasion tactics and the…
LummaC2, a notorious malware-as-a-service (MaaS), has developed sophisticated evasion techniques to circumvent security measures and exfiltrate sensitive data from compromised systems. The…
The NetSupport RAT has emerged as a significant cyber threat, exploiting legitimate remote administration tools for malicious purposes. This report provides an in-depth analysis of recent…
APT29, a Russian hacker group, has strategically employed the CVE-2023-38831 vulnerability in WinRAR in a series of cyberattacks targeting embassies. Known for its various aliases, including Cozy…
LockBit ransomware group has restructured its negotiation methods, addressing declining ransom payments. The lack of standard negotiation protocols previously led to varied results, with many…
Since February 2023, APT35, a notorious Iranian-backed threat actor, has been intensifying its cyber operations with a series of global password spray attacks. These attacks represent a strategic…