Researchers have uncovered Plague, a previously undetected Linux backdoor masquerading as a malicious Pluggable Authentication Module (PAM) to enable persistent SSH access and authentication bypass.| blog.polyswarm.io
SOC teams identified three clear challenges they face each day: too much data; too many tedious tasks; and, too many reporting requirements.| Help Net Security
LodaRAT is a remote access trojan (RAT) known for stealing sensitive data, executing commands, and maintaining persistence on infected systems. Commonly spread via phishing and malicious documents, it now uses advanced tactics like process injection, encrypted C2, and data exfiltration through legitimate services. Recently, a new variant of LodaRAT emerged that can steal saved passwords […] The post Detecting LodaRAT malware with Wazuh appeared first on Wazuh.| Wazuh
Auto-color is a stealthy Linux backdoor used in cyberattacks targeting government institutions and universities across North America and Asia. Attributed to an unknown threat actor, Auto-color is specifically designed for persistence and evasion, allowing it to remain undetected on infected systems for extended periods. The malware disguises itself as a harmless color-enhancement utility to avoid […] The post Detecting Auto-color malware with Wazuh appeared first on Wazuh.| Wazuh
Paste, Click, Compromised| Binary Defense
Web browsers have evolved from passive document viewers into complex platforms essential for cloud-based work. But this transformation has also made them a prime target for cyber threats, leaving enterprises and government networks vulnerable.| MixMode
이번 글에서는 보안을 위해 설치한 스팸 방지 플러그인 CleanTalk이 오히려 사이트의 보안을 위협하게 된 두 가지 취약점의 악용 가능 여부 및 영향과, 실제로 취약한 워드프레스 플러그인 영향을 받는 사이트를 위협 헌팅 도구로 찾는 방법을 알아보도록 한다.| CIP Blog
Written by ARC Labs contributors, John Dwyer and Eric Gonzalez ARC Labs recently capture and analyzed the second and third stage payloads used during a Cleo MFT compromise. The compromise is a result of exploitation of CVE-2024-50623 which allows for unauthorized remote code execution. Additional reports suggest that exploitation of the vulnerability continues to be possible even after […] The post Cleo MFT Mass Exploitation Payload Analysis appeared first on Binary Defense.| Binary Defense
This blog post demonstrates how to use Wazuh to detect and respond to Daolpu malware on an infected Windows endpoint.| Wazuh
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...| blog.virustotal.com
Part 2 of analyzing the KrakenKeylogger Malware| Toxin Labs