Supply Chain Security Leaders Collaborate to Help Developers Choose Open-Source

Supply Chain Security Leaders Collaborate to Help Developers Choose Open-Source By Trellix, Checkmarx and Illustria · September 05, 2023 Working together to keep open source safe At the beginning of 2023, top researchers from industry-leading companies established the Supply Chain Attack Research...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra, Joao Marques, and Raghav Kapoor · September 1, 2023 Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement agencies to take it down in...

ICYMI: Emotet Reappeared Early This Year, Unfortunately

ICYMI: Emotet Reappeared Early This Year, Unfortunately By Adithya Chandra and Joao Marques · September 1, 2023 This blog was also written by Raghav Kapoor Executive Summary Emotet first appeared in 2014 and continues to be a dangerous and resilient malware, despite attempts by law enforcement...

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution fro...

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat

Decoding the DNA of Ransomware Attacks: Unveiling the Anatomy Behind the Threat By Trellix Advanced Research Center · August 28, 2023 Introduction Ransomware, a malicious software that encrypts valuable data and demands a ransom for its release, has a notorious history marked by its evolution fro...

The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain

The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain By Chintan Shah · August 24, 2023 Executive Summary On July 11 2023, Microsoft released a patch fixing multiple actively exploited RCE vulnerabilities and disclosed a phishing campaign conducted by the threat actor,...

The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain

The Tale of Two Exploits - Breaking Down CVE-2023-36884 and the Infection Chain By Trellix · August 24, 2023 This blog was written by Chintan Shah Executive Summary On July 11 2023, Microsoft released a patch fixing multiple actively exploited RCE vulnerabilities and disclosed a phishing campaign...

Scattered Spider: The Modus Operandi

Scattered Spider: The Modus Operandi By Trellix · August 17, 2023 This story was also written by Phelix Oluoch Executive Summary Scattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022...

Scattered Spider: The Modus Operandi

Scattered Spider: The Modus Operandi By Trellix · August 17, 2023 This story was also written by Phelix Oluoch Executive Summary Scattered Spider, also referred to as UNC3944, Scatter Swine, and Muddled Libra, is a financially motivated threat actor group that has been active since May 2022...

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar and Antonio Ribeiro · August 10, 2023 Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool called NetSupport Manager...

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT

Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar · August 10, 2023 This blog was also written by Antonio Ribeiro Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool...

AI is the Solution, Not the Problem

AI is the Solution, Not the Problem By Trellix · August 07, 2023 This story was also written by Oded Margalit. AI Artificial Intelligence / ML Machine Learning has recently been painted as the master evil. In this blog I would like to suggest a different view, where we can use it to make a better...

AI is the Solution, Not the Problem

AI is the Solution, Not the Problem By Trellix · August 07, 2023 This story was also written by Oded Margalit. AI Artificial Intelligence / ML Machine Learning has recently been painted as the master evil. In this blog I would like to suggest a different view, where we can use it to make a better...

Resilient Security Requires Mature Cyber Threat Intelligence Capabilities

Resilient Security Requires Mature Cyber Threat Intelligence Capabilities By Trellix Advanced Research Center · August 5, 2023 Threat intelligence and the ability to add context to each technology environment to global threats has never been more important to the role of the CISO, or to the board...

The Bug Report - July 2023 Edition

The Bug Report – July 2023 Edition By Trellix · August 02, 2023 This story was also written by John Dunlap. A Storm is Brewing! Why am I here? Summer is now in full swing, and our July Bug Report is similarly coming out swinging. This month comes with a red-hot list of software vulnerabilities...

The Bug Report - July 2023 Edition

The Bug Report – July 2023 Edition By Trellix · August 02, 2023 This story was also written by John Dunlap. A Storm is Brewing! Why am I here? Summer is now in full swing, and our July Bug Report is similarly coming out swinging. This month comes with a red-hot list of software vulnerabilities...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

Uncover the Hidden Story of Ransomware Victims – They’re Not Who You Think

Uncover the Hidden Story of Ransomware Victims – They’re Not Who You Think By Trellix Advanced Research Center · July 31, 2023 Ransomware attacks against large corporations often dominate headlines. High-profile attacks against organizations like Kaseya, Colonial Pipeline, and MOVEit might make y...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

Uncover the Hidden Story of Ransomware Victims – They’re Not Who You Think

Uncover the Hidden Story of Ransomware Victims – They’re Not Who You Think By Trellix Advanced Research Center · July 31, 2023 Ransomware attacks against large corporations often dominate headlines. High-profile attacks against organizations like Kaseya, Colonial Pipeline, and MOVEit might make y...

Beyond File Search: A Novel Method

Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...

Beyond File Search: A Novel Method

Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Sijo Jacob · July 26, 2023 This blog was also written by Mathanraj Thangaraju Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit...

The Bug Report - June 2023 Edition

The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...

The Bug Report - June 2023 Edition

The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...

Skuld: The Infostealer that Speaks Golang

Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...

Skuld: The Infostealer that Speaks Golang

Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...

The Bug Report - May 2023 Edition

The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...

The Bug Report - May 2023 Edition

The Bug Report – May 2023 Edition By Mark Bereza · June 7, 2023 Why am I here? In the film The Number 23, Jim Carrey masterfully portrays Walter Sparrow, a man who finds himself obsessed with the number 23 after coming upon a book detailing the 23 enigma, and begins to see it everywhere he looks,...

Feeding Gophers to Ghidra

Feeding Gophers to Ghidra By Max Kersten · June 6, 2023 The scripts discussed in the article are based on the magnificent work of Dorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze these files without diving into a...

Feeding Gophers to Ghidra

Feeding Gophers to Ghidra By Trellix · June 6, 2023 This blog was written by Max Kersten The scripts discussed in the article are based on the magnificent work ofDorka Palotay from CUJOai. Golang malware is becoming increasingly prevalent, requiring analysts to know how to effectively analyze the...

Industrial and Manufacturing CVEs: Addressing the SCADA in the Room

Industrial and Manufacturing CVEs: Addressing the SCADA in the Room By Charles McFarland · May 22, 2023 The industrial and manufacturing spaces are critical to the global economy. They produce the goods and services we rely on every day, from food and clothing to cars and electronics. Disruptions...

Industrial and Manufacturing CVEs: Addressing the SCADA in the Room

Industrial and Manufacturing CVEs: Addressing the SCADA in the Room By Trellix · May 22, 2023 This blog was written by Charles McFarland The industrial and manufacturing spaces are critical to the global economy. They produce the goods and services we rely on every day, from food and clothing to...

Detecting and Visualizing Lateral Movement Attacks with Trellix XDR - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2

Detecting and Visualizing Lateral Movement Attacks with Trellix Helix Connect - Part 2 By Maulik Maheta · May 21, 2023 This blog was also written by Chintan Shah Executive summary In the part 1 of this series we discussed in depth about the known Lateral movement attacks like abusing weak service...

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan By Daksh Kapur, Leandro Velasco · May 17, 2023 Figure 1 image from freepik.com “In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber-attacks on a variety of industries and institutions...

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan

China-Taiwan Tensions Spark Surge in Cyberattacks on Taiwan By Daksh Kapur, Leandro Velasco · May 17, 2023 Figure 1 image from freepik.com “In the past few years, we noticed that geopolitical conflicts are one of the main drivers for cyber-attacks on a variety of industries and institutions...

Trucking on with DotDumper

Trucking on with DotDumper By Max Kersten · May 11, 2023 On the 11th of August 2022, the initial public version of DotDumper was released. A brief refresh: DotDumper is an open-source automatic unpacker for DotNet Framework targeting files. This blog marks a public update which supports unmanaged...

Trucking on with DotDumper

Trucking on with DotDumper By Trellix · May 11, 2023 This blog was written by Max Kersten On the 11th of August 2022, the initial public version of DotDumper was released. A brief refresh: DotDumper is an open-source automatic unpacker for DotNet Framework targeting files. This blog marks a publi...

The Bug Report – April 2023 Edition

The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

The Bug Report – April 2023 Edition

The Bug Report – April 2023 Edition By Trellix · May 03, 2023 This story was also written by John Rodriguez. It’s never easy coming back. Why am I here? Seems as if some of us should have stayed at our tropical vacation getaway. Nothing like coming back to the cyber world screeching about...

Using Data Loss Prevention to Prevent Data Leakage via ChatGPT

Using Data Loss Prevention to Prevent Data Leakage via ChatGPT By Zak Krider · April 17, 2023 The rapid advancement of Artificial Intelligence AI technology has garnered much attention in recent weeks for its potential to enhance workplace productivity and efficiency. However, this focus on AI...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Max Kersten · April 13, 2023 The underground intelligence was obtained by N074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang, previously known for their e-crim...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Trellix · April 13, 2023 This blog was written by Max Kersten The underground intelligence was obtained byN074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang,...

Genesis Market No Longer Feeds The Evil Cookie Monster

Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker, Ernesto Fernández Provecho and Max Kersten · April 05, 2023 We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement taskforce spanning agencies acro...

The Bug Report - March 2023 Edition

The Bug Report – March 2023 Edition By Trellix · April 05, 2023 This story was also written by Kasimir Schulz. It really is bussin, though. Why am I here? Welcome back to the Bug Report, Ides of March edition! Last month was highlighted by glimpses into the past, with a historic attack technique...

Genesis Market No Longer Feeds The Evil Cookie Monster

Genesis Market No Longer Feeds The Evil Cookie Monster By John Fokker and Ernesto Fernández Provecho · April 05, 2023 This blog was also written by Max Kersten We would like to thank Steen Pedersen and Mo Cashman for their remediation advice. On the 4th and the 5th of April, a law enforcement...