The Bug Report - March 2023 Edition

The Bug Report – March 2023 Edition By Trellix · April 05, 2023 This story was also written by Kasimir Schulz. It really is bussin, though. Why am I here? Welcome back to the Bug Report, Ides of March edition! Last month was highlighted by glimpses into the past, with a historic attack technique...

A Royal Analysis of Royal Ransom

A Royal Analysis of Royal Ransom By Alexandre Mundo, and Max Kersten · April 3, 2023 We would like to thank Advanced Cyber Services team within Trellix Professional Services for the incident response-related data. Emerging in early 2022 as a private group which used multiple strains of ransomware...

A Royal Analysis of Royal Ransom

A Royal Analysis of Royal Ransom By Trellix · April 3, 2023 This blog was also written by Alexandre Mundo and Max Kersten We would like to thank Advanced Cyber Services team within Trellix Professional Services for the incident response-related data. Emerging in early 2022 as a private group whic...

Shining Light on Dark Power: Yet Another Ransomware Gang

Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc, Max Kersten and Tomer Shloman · March 23, 2023 Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the...

Shining Light on Dark Power: Yet Another Ransomware Gang

Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc and Tomer Shloman · March 23, 2023 This blog was also written by Max Kersten Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives...

CVE-2023-23397: The Notification Sound You Don’t Want to Hear

CVE-2023-23397: The Notification Sound You Don’t Want to Hear By Mark Bereza · March 17, 2023 This story was also written by John Dunlap. Overview During the March "Patch Tuesday" security update, a new Outlook security vulnerability was revealed as being exploited in the wild. This is a serious...

Trellix HAX 2023 Capture the Flag Results!

Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...

Trellix HAX 2023 Capture the Flag Results!

Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...

CVE-2023-23397: The Notification Sound You Don’t Want to Hear

CVE-2023-23397: The Notification Sound You Don’t Want to Hear By Mark Bereza · March 17, 2023 This story was also written by John Dunlap. Overview During the March "Patch Tuesday" security update, a new Outlook security vulnerability was revealed as being exploited in the wild. This is a serious...

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

ChatGPT: A tool for offensive cyber operations?! Not so fast!

ChatGPT: A tool for offensive cyber operations?! Not so fast! By Trellix · March 09, 2023 This story was also written by John Rodriguez. To ChatGPT or to not ChatGPT? That is a predominant question in the cyber landscape these days. It’s no surprise that AI bots have taken society by storm. On th...

Qakbot Evolves to OneNote Malware Distribution

Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, Raghav Kapoor, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju · March 07, 2023 Qakbot aka QBot, QuakBot, and Pinkslipbot is a sophisticated piece of malware that has been active since at least 2007. Since the end...

Qakbot Evolves to OneNote Malware Distribution

Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, John Fokker J.E. and Alejandro Houspanossian · March 07, 2023 This blog was also written by Raghav Kapoor and Mathanraj Thangaraju Qakbot aka QBot, QuakBot, and Pinkslipbot is a sophisticated piece of malware that has been active...

The Bug Report – February 2023 Edition

The Bug Report – February 2023 Edition By Trellix · March 1, 2023 This story was also written by Sam Quinn. Figure 1: Ironic. It could protect other devices from threats, but not itself. Why am I here? Welcome back to the Bug Report! For those in the audience unfamiliar with our shtick, we compil...

The Bug Report – February 2023 Edition

The Bug Report – February 2023 Edition By Trellix · March 1, 2023 This story was also written by Sam Quinn. Figure 1: Ironic. It could protect other devices from threats, but not itself. Why am I here? Welcome back to the Bug Report! For those in the audience unfamiliar with our shtick, we compil...

Cybercrime Takes Advantage of 2023-Recession with Job-Themed Scams

Cybercrime Takes Advantage of 2023 Recession with Job-Themed Scams By Daksh Kapur · February 28, 2023 Figure 1 image from freepik.com and flaticon.com The current economic climate globally is grim because of the ongoing recession. In this environment, job-themed emails have become a prime target...

Cybercrime Takes Advantage of 2023-Recession with Job-Themed Scams

Cybercrime Takes Advantage of 2023 Recession with Job-Themed Scams By Daksh Kapur · February 28, 2023 Figure 1 image from freepik.com and flaticon.com The current economic climate globally is grim because of the ongoing recession. In this environment, job-themed emails have become a prime target...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 image from freepik.com & flaticon.com The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria

Exploiting Tragedy: Fake Donation Scams Amid Earthquake in Turkey & Syria By Daksh Kapur · February 23, 2023 Figure 1 image from freepik.com & flaticon.com The recent earthquake that shook Syria and Turkey left a devastating trail of destruction. The whole world has shown its support and...

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS By Trellix · February 21, 2023 This blog was written by Austin Emmitt Introduction Since the first version of iOS on the original iPhone, Apple has enforced careful restrictions on the software that c...

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS By Trellix · February 21, 2023 This blog was written by Austin Emmitt Introduction Since the first version of iOS on the original iPhone, Apple has enforced careful restrictions on the software that c...

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

Global ESXiArgs Ransomware Attack on the Back of a Two-Year-Old Vulnerability By John Fokker, Alfred Alvarado, Tim Hux, Jeffrey Sman, Joao Marques · February 09, 2023 Figure 1: Global Telemetry from Trellix ATLAS for Ips connecting to port 427 Introduction: Early this week, VMware issued a...

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

CVE-2023-0286: The OpenSSL Who Cried “Severity: High” By Mark Bereza · February 9, 2023 This story was also written by John Dunlap. Background It feels like just yesterday that OpenSSL was the subject of widespread scrutiny over two buffer overflow vulnerabilities rated Severity: High. Fortunatel...

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

CVE-2023-0286: The OpenSSL Who Cried “Severity: High” By Mark Bereza · February 9, 2023 This story was also written by John Dunlap. Background It feels like just yesterday that OpenSSL was the subject of widespread scrutiny over two buffer overflow vulnerabilities rated Severity: High. Fortunatel...

Global ESXiArgs ransomware attack on the back of a two-year-old vulnerability

Global ESXiArgs Ransomware Attack on the Back of a Two-Year-Old Vulnerability By John Fokker, Alfred Alvarado, Tim Hux, Jeffrey Sman, Joao Marques · February 09, 2023 Figure 1: Global Telemetry from Trellix ATLAS for Ips connecting to port 427 Introduction: Early this week, VMware issued a...

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...

We Don’t Just Patch – We Hack

We Don’t Just Patch – We Hack By Trellix · February 1, 2023 This blog was written by Douglas McKee If you have read any security advisories, technology news articles or even our very own Bug Report, you have continually been bombarded with the message to patch, patch, patch! Patching is critical ...

The Bug Report January 2023 Edition

The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! Think about it. We'll wait. For many of us, January began with a headache ...

When Pwning Cisco Persistence Is Key When Pwning Supply Chain Cisco Is Key

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key By Trellix · February 1, 2023 This story was also written by Kasimir Schulz and Sam Quinn. Unlike those of the past, modern routers now function like high-powered servers with many ethernet ports running not only routi...

When Pwning Cisco Persistence Is Key When Pwning Supply Chain Cisco Is Key

When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key By Trellix · February 1, 2023 This story was also written by Kasimir Schulz and Sam Quinn. Unlike those of the past, modern routers now function like high-powered servers with many ethernet ports running not only routi...

We Don’t Just Patch – We Hack

We Don’t Just Patch – We Hack By Trellix · February 1, 2023 This blog was written by Douglas McKee If you have read any security advisories, technology news articles or even our very own Bug Report, you have continually been bombarded with the message to patch, patch, patch! Patching is critical ...

The Bug Report January 2023 Edition

The Bug Report – January 2023 Edition By Trellix · February 1, 2023 This story was also written by Jesse Chick. Pretty sure we’ve all seen this episode before. Why am I here? Welcome to the Bug Report, Space-Hash™ Edition! Think about it. We'll wait. For many of us, January began with a headache ...

GuLoader: The NSIS Vantage Point

GuLoader: The NSIS Vantage Point By Nico Paulo Yturriaga · January 24, 2023 GuLoader is an advanced shellcode downloader infamous for using anti-analysis tricks to evade detection and obstruct reverse engineering. As of this writing, the GuLoader campaign is aggressively ongoing. Trellix’s...

Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity

Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity By Daksh Kapur, Tomer Shloman, Robert Venal and John Fokker · January 24, 2023 Figure 1 It has been almost a year since Russia invaded Ukraine in a major escalation of the Russo-Ukrainian War...

Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity

Cyberattacks Targeting Ukraine Increase 20-fold at End of 2022 Fueled by Russia-linked Gamaredon Activity By Daksh Kapur, Tomer Shloman, Robert Venal and John Fokker · January 24, 2023 Figure 1 It has been almost a year since Russia invaded Ukraine in a major escalation of the Russo-Ukrainian War...

GuLoader: The NSIS Vantage Point

GuLoader: The NSIS Vantage Point By Nico Paulo Yturriaga · January 24, 2023 GuLoader is an advanced shellcode downloader infamous for using anti-analysis tricks to evade detection and obstruct reverse engineering. As of this writing, the GuLoader campaign is aggressively ongoing. Trellix’s...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

Trellix Advanced Research Center patches 61,000 vulnerable open-source projects

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...

The Bug Report December 2022 Edition

The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...

The Bug Report December 2022 Edition

The Bug Report — December 2022 Edition By Trellix · January 4, 2023 This story was also written by John Borrero Rodriguez Everyone gets it Why am I here? Ho Ho Ho! Welcome back to the Bug Report, or a more fitting name for this time of year: The NAUGHTY List! Yes, we checked it twice. It is no...

The Bug Report – November 2022 Edition

The Bug Report — November 2022 Edition By Trellix · December 07, 2022 This blog was written by Austin Emmitt Like granny always said, “never hack on an empty stomach.” Why am I here? This year I am thankful for some vivifying vulnerabilities and exceptional exploits! The world of enterprise...

The Bug Report – November 2022 Edition

The Bug Report — November 2022 Edition By Trellix · December 07, 2022 This blog was written by Austin Emmitt Like granny always said, “never hack on an empty stomach.” Why am I here? This year I am thankful for some vivifying vulnerabilities and exceptional exploits! The world of enterprise...

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s...

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti

Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s...

Trellix Global Defenders: Analysis and Protections for Destructive Wipers

Trellix Global Defenders: Analysis and Protections for Destructive Wipers By Ayed Al Qartah · November 17, 2022 Modern cyber warfare involves the actions of a nation-state or their proxies organized crime and hacker groups to attack and attempt to damage other nations’ computers or information...

LockBit3.0: A Threat that Persists

LockBit3.0: A Threat that Persists By Alexandre Mundo · November 17, 2022 LockBit is a very well-known family of ransomware that has created havoc worldwide over the last few years. In March 2022, a new variant of the ransomware was discovered. The LockBit3.0 variant presented with a mix of...

Email Cyberattacks on Arab Countries Rise in Lead to Global Football Tournament

Email Cyberattacks on Arab Countries Rise in Lead to Global Football Tournament By Daksh Kapur · November 17, 2022 This story was also written by Sparsh Jain. Figure 1 Global eyes are soon to be turned to the first global football tournament to be held in the Arab world kicking off on November 20...