Recently, researchers have observed threat actors using a website previously associated with the popular AR game, PokemonGo to distribute a remote access trojan (RAT). The method of delivery is a cleverly disguised game installer that includes a copy of the commonly used NetSupport Manager application, which on its own is technically a trusted application. The surreptitious use … [Read more...]
New Oski Stealer Variant, “Mars Stealer”, Targets Credentials, Crypto, and 2FA
In early 2020, during the emergence of the COVID-19 pandemic, researchers discovered a novel malware named Oski Stealer, capable of stealing browser data such as cookies, history, payment information, and autofill information, as well as cryptocurrency wallets, login credentials of applications, and Authy 2FA information. It can also take screenshots of your desktop and perform … [Read more...]
Critical RCE Vulnerability in Log4J2
[Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library for java applications. CVE-2021-44228 is a full 10.0 on the CVSS vulnerability scoring system due to a combination of how trivial the exploit … [Read more...]
2021 World Password Day: How Many Will Be Stolen This Year?
You know what they say about passwords… You’re only one weak password away from a breach. Despite the increasing sophistication of hacker technologies and tools, the easiest step of a hack is still cracking the password. In fact, it’s so easy that many times it doesn’t even involve guessing at all. The scariest part about this is that regardless of how secure your password is, … [Read more...]
SolarWinds Supply Chain Hack Responsible for FireEye Breach
Last week, the cybersecurity consulting company FireEye announced they had suffered a breach where attackers stole sensitive “red team” hacking tools and potentially information related to certain government customers. FireEye has historically been one of if not the most prominent consultants brought in to investigate attacks against large organizations and government entities. … [Read more...]