Click here to download all references as Bib-File.•
| 2025-02-02
⋅
Team82
⋅
Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated… CMS8000 Backdoor |
| 2025-01-31
⋅
ConnectWise
⋅
Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks Black Basta Black Basta ReedBed |
| 2025-01-30
⋅
Recorded Future
⋅
TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base Rhysida FAKEUPDATES MintsLoader Broomstick Remcos Rhysida WarmCookie |
| 2025-01-30
⋅
Bleeping Computer
⋅
Backdoor found in two healthcare patient monitors, linked to IP in China |
| 2025-01-30
⋅
CISA
⋅
Contec CMS8000 Contains a Backdoor CMS8000 Backdoor |
| 2025-01-30
⋅
Department of Justice
⋅
Cybercrime websites selling hacking tools to transnational organized crime groups seized |
| 2025-01-30
⋅
RevEng.AI
⋅
One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1 Lumma Stealer |
| 2025-01-29
⋅
SecurityScorecard
⋅
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign BeaverTail InvisibleFerret |
| 2025-01-29
⋅
Socket
⋅
North Korean APT Lazarus Targets Developers with Malicious npm Package BeaverTail InvisibleFerret |
| 2025-01-29
⋅
Google
⋅
ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator POISONPLUG ShadowPad SNAPPYBEE |
| 2025-01-28
⋅
Group-IB
⋅
Cat’s out of the bag: Lynx Ransomware-as-a-Service Lynx |
| 2025-01-28
⋅
Hunt.io
⋅
SparkRAT: Server Detection, macOS Activity, and Malicious Connections SparkRAT |
| 2025-01-27
⋅
The DFIR Report
⋅
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware GhostSocks LockBit SystemBC |
| 2025-01-27
⋅
SecurityScorecard
⋅
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign |
| 2025-01-27
⋅
Youtube (MalwareAnalysisForHedgehogs)
⋅
Malware Analysis - Binary Refinery URL extraction of Multi-Layered PoshLoader for LummaStealer Lumma Stealer |
| 2025-01-25
⋅
Sophos
⋅
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” ReedBed STAC5143 UNC4393 |
| 2025-01-23
⋅
Github (PaloAltoNetworks)
⋅
Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta) ReedBed |
| 2025-01-23
⋅
Netskope
⋅
Lumma Stealer: Fake CAPTCHAs & New Techniques to Evade Detection Lumma Stealer |
| 2025-01-23
⋅
Hunt.io
⋅
Mapping Suspected KEYPLUG Infrastructure: TLS Certificates, GhostWolf, and RedGolf/APT41 Activity KEYPLUG |
| 2025-01-23
⋅
AhnLab
⋅
RID Hijacking Technique Utilized by Andariel Attack Group CreateHiddenAccount JuicyPotato |