Lucene search
K

6 matches found

Securelist
Securelist
added 2023/10/12 10:0 a.m.54 views

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2022/03/16 5:32 p.m.376 views

‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps

For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...

8.3AI score
Exploits0References11
Securelist
Securelist
added 2021/09/30 10:0 a.m.45 views

GhostEmperor: From ProxyLogon to kernel mode

Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...

1.3AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/13 4:6 p.m.167 views

Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks

Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...

7AI score
Exploits0References6
exploitpack
exploitpack
added 2019/01/14 12:0 a.m.62 views

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...

10CVSS0.3AI score0.23425EPSS
Exploits11
Exploit DB
Exploit DB
added 2019/01/14 12:0 a.m.132 views

Microsoft Windows 10 - COM Desktop Broker Privilege Escalation

Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...

10CVSS7.6AI score0.23425EPSS
Exploits11
Rows per page
Query Builder