Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-09-19The RecordCatalin Cimpanu
@online{cimpanu:20210919:alaska:5238129, author = {Catalin Cimpanu}, title = {{Alaska discloses ‘sophisticated’ nation-state cyberattack on health service}}, date = {2021-09-19}, organization = {The Record}, url = {https://therecord.media/alaska-discloses-sophisticated-nation-state-cyberattack-on-health-service/}, language = {English}, urldate = {2021-09-22} } Alaska discloses ‘sophisticated’ nation-state cyberattack on health service
2021-09-16CiscoTiago Pereira, Vitor Ventura
@online{pereira:20210916:operation:133992d, author = {Tiago Pereira and Vitor Ventura}, title = {{Operation Layover: How we tracked an attack on the aviation industry to five years of compromise}}, date = {2021-09-16}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/09/operation-layover-how-we-tracked-attack.html}, language = {English}, urldate = {2021-09-19} } Operation Layover: How we tracked an attack on the aviation industry to five years of compromise
AsyncRAT Houdini NjRAT
2021-09-09SymantecThreat Hunter Team
@online{team:20210909:grayfly:60c5478, author = {Threat Hunter Team}, title = {{Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware}}, date = {2021-09-09}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware}, language = {English}, urldate = {2021-09-10} } Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
CROSSWALK MimiKatz SideWalk
2021-09-07CUJOAIAlbert Zsigovits
@online{zsigovits:20210907:threat:cabca94, author = {Albert Zsigovits}, title = {{Threat Alert: Mirai/Gafgyt Fork with New DDoS Modules Discovered}}, date = {2021-09-07}, organization = {CUJOAI}, url = {https://cujo.com/mirai-gafgyt-with-new-ddos-modules-discovered/}, language = {English}, urldate = {2021-09-10} } Threat Alert: Mirai/Gafgyt Fork with New DDoS Modules Discovered
Bashlite Mirai
2021-08-31Cisco TalosEdmund Brumaghin, Vitor Ventura
@online{brumaghin:20210831:attracting:5d141c1, author = {Edmund Brumaghin and Vitor Ventura}, title = {{Attracting flies with Honey(gain): Adversarial abuse of proxyware}}, date = {2021-08-31}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/proxyware-abuse.html}, language = {English}, urldate = {2021-09-02} } Attracting flies with Honey(gain): Adversarial abuse of proxyware
2021-08-26Minerva LabsMinerva Labs
@online{labs:20210826:become:f38fe74, author = {Minerva Labs}, title = {{Become A VIP Victim With New Discord Distributed Malware}}, date = {2021-08-26}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/become-a-vip-victim-with-new-discord-distributed-malware}, language = {English}, urldate = {2021-09-12} } Become A VIP Victim With New Discord Distributed Malware
BlackNET RAT RedLine Stealer
2021-08-12Cisco TalosVanja Svajcer
@online{svajcer:20210812:signed:728ea8f, author = {Vanja Svajcer}, title = {{Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT}}, date = {2021-08-12}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/08/raccoon-and-amadey-install-servhelper.html}, language = {English}, urldate = {2021-08-20} } Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
Amadey Raccoon ServHelper
2021-07-27Bleeping ComputerSergiu Gatlan
@online{gatlan:20210727:uc:4b59fb1, author = {Sergiu Gatlan}, title = {{UC San Diego Health discloses data breach after phishing attack}}, date = {2021-07-27}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/}, language = {English}, urldate = {2021-07-29} } UC San Diego Health discloses data breach after phishing attack
2021-07-27Trend MicroAlfredo Oliveira, David Fiser
@online{oliveira:20210727:threat:dd84d57, author = {Alfredo Oliveira and David Fiser}, title = {{Threat Actors Exploit Misconfigured Apache Hadoop YARN}}, date = {2021-07-27}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/g/threat-actors-exploit-misconfigured-apache-hadoop-yarn.html}, language = {English}, urldate = {2021-08-31} } Threat Actors Exploit Misconfigured Apache Hadoop YARN
Kinsing
2021-07-22SophosSean Gallagher, Andrew Brandt
@online{gallagher:20210722:malware:ca3a4e3, author = {Sean Gallagher and Andrew Brandt}, title = {{Malware increasingly targets Discord for abuse}}, date = {2021-07-22}, organization = {Sophos}, url = {https://news.sophos.com/en-us/2021/07/22/malware-increasingly-targets-discord-for-abuse}, language = {English}, urldate = {2021-07-27} } Malware increasingly targets Discord for abuse
2021-07-22The RecordCatalin Cimpanu
@online{cimpanu:20210722:wiper:08d9833, author = {Catalin Cimpanu}, title = {{Wiper malware targeting Japanese PCs discovered ahead of Tokyo Olympics opening}}, date = {2021-07-22}, organization = {The Record}, url = {https://therecord.media/wiper-malware-targeting-japanese-pcs-discovered-ahead-of-tokyo-olympics-opening/}, language = {English}, urldate = {2021-08-20} } Wiper malware targeting Japanese PCs discovered ahead of Tokyo Olympics opening
VIGILANT CLEANER
2021-07-20Huntress LabsJohn Hammond
@online{hammond:20210720:security:50ec27a, author = {John Hammond}, title = {{Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident}}, date = {2021-07-20}, organization = {Huntress Labs}, url = {https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident}, language = {English}, urldate = {2021-07-26} } Security Researchers’ Hunt to Discover Origins of the Kaseya VSA Mass Ransomware Incident
REvil
2021-07-13MicrosoftMicrosoft Threat Intelligence Center (MSTIC)
@online{mstic:20210713:microsoft:5394367, author = {Microsoft Threat Intelligence Center (MSTIC)}, title = {{Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit}}, date = {2021-07-13}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/}, language = {English}, urldate = {2021-07-20} } Microsoft discovers threat actor (DEV-0322) targeting SolarWinds Serv-U software with 0-day exploit
2021-07-01360 netlabHui Wang, Alex.Turing, Jinye, houliuyang, Chai Linyuan
@online{wang:20210701:miraiptea:3ba235e, author = {Hui Wang and Alex.Turing and Jinye and houliuyang and Chai Linyuan}, title = {{Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability}}, date = {2021-07-01}, organization = {360 netlab}, url = {https://blog.netlab.360.com/mirai_ptea-botnet-is-exploiting-undisclosed-kguard-dvr-vulnerability-en/}, language = {English}, urldate = {2021-07-11} } Mirai_ptea Botnet is Exploiting Undisclosed KGUARD DVR Vulnerability
Mirai
2021-06-22CiscoNick Biasini
@online{biasini:20210622:attackers:ba60e36, author = {Nick Biasini}, title = {{Attackers in Executive Clothing - BEC continues to separate orgs from their money}}, date = {2021-06-22}, organization = {Cisco}, url = {https://blog.talosintelligence.com/2021/06/business-email-compromise.html}, language = {English}, urldate = {2021-06-24} } Attackers in Executive Clothing - BEC continues to separate orgs from their money
2021-06-04K7 SecurityMary Muthu Francisca
@online{francisca:20210604:glupteba:f7ec1dc, author = {Mary Muthu Francisca}, title = {{Glupteba back on track spreading via EternalBlue exploits}}, date = {2021-06-04}, organization = {K7 Security}, url = {https://labs.k7computing.com/?p=22319}, language = {English}, urldate = {2021-06-21} } Glupteba back on track spreading via EternalBlue exploits
Glupteba
2021-06-01CiscoJosh Pyorre
@online{pyorre:20210601:backdoors:577a28b, author = {Josh Pyorre}, title = {{Backdoors, RATs, Loaders evasion techniques}}, date = {2021-06-01}, organization = {Cisco}, url = {https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-backdoors-rats-loaders-evasion-techniques}, language = {English}, urldate = {2021-06-24} } Backdoors, RATs, Loaders evasion techniques
BazarNimrod GoldMax Oblique RAT
2021-05-26Cisco TalosWarren Mercer, Vitor Ventura
@online{mercer:20210526:elizabethan:40a80e7, author = {Warren Mercer and Vitor Ventura}, title = {{Elizabethan England has nothing on modern-day Russia}}, date = {2021-05-26}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2021/05/privateer-groups.html}, language = {English}, urldate = {2021-06-16} } Elizabethan England has nothing on modern-day Russia
2021-05-24Jamf BlogJaron Bradley
@online{bradley:20210524:zeroday:7196ca4, author = {Jaron Bradley}, title = {{Zero-Day TCC bypass discovered in XCSSET malware}}, date = {2021-05-24}, organization = {Jamf Blog}, url = {https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/}, language = {English}, urldate = {2021-06-11} } Zero-Day TCC bypass discovered in XCSSET malware
XCSSET
2021-05-18KEYSIGHT TECHNOLOGIESRadu Emanuel Chiscariu
@online{chiscariu:20210518:darkside:a38ef87, author = {Radu Emanuel Chiscariu}, title = {{DarkSide Ransomware Behavior and Techniques}}, date = {2021-05-18}, organization = {KEYSIGHT TECHNOLOGIES}, url = {https://blogs.keysight.com/blogs/tech/nwvs.entry.html/2021/05/18/darkside_ransomware-QfsV.html}, language = {English}, urldate = {2021-09-20} } DarkSide Ransomware Behavior and Techniques
DarkSide