Executive Summary
Zscaler recently reported on a new .NET DNS backdoor “DnsSystem” used by the threat actor group known as Lyceum. It is primarily used to target entities in the Middle East.
Executive Summary
Intezer and BlackBerry recently reported on Symbiote, a difficult to detect Linux malware that relies on existing running processes to infect a system.
Executive Summary
Sonatype recently reported on Pymakfa, a malicious Python package in the PyPl registry dropping Cobalt Strike on macOS, Windows, and Linux.
Executive Summary
AT&T Alien Labs recently reported on Enemybot, an internet of things (IoT) malware targeting content management systems (CMS), Linux, and Android.
Key Takeaways
Background
Microsoft recently published an advisory on a newly identified zero-day vulnerability that affects Microsoft Support Diagnostic Tool (MSDT). CVE-2022-30190, which is being exploited in the wild, has been dubbed Follina by industry researcher Kevin Beaumont.
Many of you have given us feedback on our live and historical hunt functionality and we are thrilled to let you know that we are going live with your suggestions.
Background
ESET recently tweeted about a new version of ArguePatch, a malware loader used by VooDoo Bear (Sandworm) in multiple attacks against Ukrainian assets. ESET also gave an overview of the new version of ArguePatch on their WeLiveSecurity blog.
