Posted on 2021-07-30Dmitry Melikov
Pegasus is an advanced cyber-espionage tool that includes plenty of functionality that allows you to spy on mobile users. Cybersecurity researchers are not aware of many of the vectors that the team uses to identify victims. One of them is sending the user a malicious link that exploits a specific vulnerability to install the implant. It is not a problem for them to know the victim's location using the GPS locator function. The attackers get access to the phonebook and also to the files stored on the victim's device. They can read SMS messages and view the call history.
Posted on 2021-07-19Dmitry Melikov
Email-borne pathogens frequently commence with the inclusion of a malicious document. This long-running trend continues to pose a serious threat to the security of organizations and users. Criminals are constantly improving their methods and looking for new ways to compromise victims. Payload trends change over time, with Ransomware being one that is capturing many headlines.
Posted on 2021-06-30Isabelle Quinn
According to the 2020 Verizon Breach and Investigation report, Email is still the most common vector by which organizations are attacked. The importance of implementing email security best practices, therefore, cannot be exaggerated, considering most enterprises rely heavily on this channel for everyday business communications. Unfortunately, threat actors can often trivially exploit the overlooked vulnerabilities of corporate email security through vulnerabilities like the HAFNIUM (CVE-2021-26855), malware or ransomware, phishing attacks, and accidental configurations or employee mistakes.
Posted on 2021-06-28Dmitry Melikov
The Agent Tesla Remote Access Trojan (RAT) family of malware has had a long-standing presence in the threat landscape. This malicious software is sold as a remote access service for targeted systems, as such, the authors are constantly updating their malicious code to evade detection efforts. Attackers/customers of the service are also continuously developing and expanding their infrastructure to enhance their distribution/infection rates. Through analysis of one sample associated with such a campaign to send malicious files, we will see how they currently function and what new additions have been introduced into the latest versions.
Posted on 2021-06-16Dmitry Melikov
A few days ago, we found an interesting document in the wild that aims to download spyware applications. The sample in question shows low detection rates across multiple antivirus engines, which rouses our suspicion. The email containing the attachment document was allegedly sent from a logistics campaign.