Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. “This attack is particularly intriguing due to the attacker’s use of packers and rootkits to conceal the malware,” Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue, tracked as CVE-2023-29357 (CVSS score: 9.8), is a privilege escalation flaw that could be exploited by an attacker to gain

Act now! Ivanti vulnerabilities are being actively exploited

Software vendor Ivanti has warned customers about two actively exploited vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways. Successful exploitation would give an attacker the ability to run arbitrary code on Ivanti’s Virtual Private Network (VPN) system. The warning is echoed by several international security agencies like CISA and […]

Stories from the SOC: BlackCat on the prowl

This blog was co-authored with Josue Gomez and Ofer Caspi. Executive summary BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat […]

Social engineering attacks: Real-life examples and how to avoid them

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.  In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that […]

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

Max Groot & Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response. Existing scripts that extract quarantined files do […]

Ransomware review: December 2023

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. […]