Rapid7 managed services teams have observed exploitation of Adobe ColdFusion in multiple customer environments. The attacks our team has responded to thus far appear to be chaining CVE-2023-29298 , a…

https://resources.securityscorecard.com/research/technical-analysis-of-the-quasar-forked-rat-called-void-rat Source: A technical analysis of the Quasar-forked RAT called VoidRAT / SecurityScoreCard

Black Basta is a Russian-speaking group that was first spotted in early 2022. It is known for its double extortion attack, where it not only executes ransomware but also exfiltrates…

Original Document: https://isc.independent.gov.uk/wp-content/uploads/2023/07/ISC-China.pdf The “China” report by the Intelligence and Security Committee of Parliament provides an in-depth analysis of the perceived threats and challenges posed by China to the UK.…

SmokeLoader, also known as Dofoil, is a modular bot used primarily to download other malware onto a compromised system. It has been in operation since at least 2011 and has…

https://isc.independent.gov.uk/wp-content/uploads/2021/03/CCS207_CCS0221966010-001_Russia-Report-v02-Web_Accessible.pdf The “Russia” report by the Intelligence and Security Committee of Parliament provides an in-depth analysis of the perceived threats and challenges posed by Russia to the UK. Here are…

https://www.security.ntt/pdf/2022-global-threat-intelligence-report-v8.pdf The 2022 Global Threat Intelligence Report by NTT Security Holdings highlights several key trends and events in the cybersecurity landscape:

In April, Brenntag, a global chemical distribution company, was hit by a ransomware attack. The DarkSide hacker group claimed responsibility, extracting a significant ransom payment. The attack resulted in a…

In April, Quanta, a Taiwan-based manufacturer of Apple products, fell victim to a ransomware attack. The REvil group claimed responsibility, threatening to release sensitive data if a ransom was not…

In March, CNA Financial, one of the largest insurance providers in the U.S., was disrupted by a ransomware attack. The company had to disconnect systems and services for several days…