tldrdailynews.com logo
Tag

Mandiant

All articles tagged with #mandiant

"Ars Technica Targeted in Unprecedented Malware Campaign with Advanced Obfuscation"
cybersecurity2 years ago

"Ars Technica Targeted in Unprecedented Malware Campaign with Advanced Obfuscation"

Security firm Mandiant reported a never-before-seen malware campaign that used Ars Technica and Vimeo to serve second-stage malware, employing obfuscation techniques to cover its tracks. The campaign, attributed to threat actor UNC4990, involved embedding malicious strings in benign content on the websites, which were automatically retrieved by devices infected with the first-stage malware. This novel approach, along with previous techniques used by UNC4990, demonstrates a sophisticated and evolving threat landscape in cybersecurity.

via Ars Technica|
#ars-technica#cybersecurity#malware-campaign
Zero-Day Exploits: Ivanti VPN Targeted by Nation-State Actors
cybersecurity2 years ago

Zero-Day Exploits: Ivanti VPN Targeted by Nation-State Actors

Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure to deploy custom malware for espionage since early December, targeting a small number of customers. The threat actor, UNC5221, uses a set of tools for post-compromise activities, including custom malware for webshell planting, command execution, and credential theft. The attackers used compromised Cyberoam VPN appliances as command and control servers and are suspected to be an advanced persistent threat (APT) targeting high-priority victims. While there is no attribution, system admins are advised to implement mitigations provided by Ivanti as there is currently no security update addressing the zero-days.

via BleepingComputer|
#custom-malware#cybersecurity#espionage
ALPHV ransomware leverages Veritas Backup Exec vulnerabilities for entry
cybersecurity3 years ago

ALPHV ransomware leverages Veritas Backup Exec vulnerabilities for entry

The ALPHV ransomware affiliate, UNC4466, has been observed exploiting three vulnerabilities in Veritas Backup Exec to gain initial access to target networks. The flaws, which were disclosed in March 2021, allow for arbitrary file access, remote unauthorized access, and arbitrary command execution. Despite a fix being released over two years ago, many endpoints remain vulnerable. UNC4466 uses publicly-available tools like Metasploit and SOCKS5 tunneling to communicate with the command and control server and evade detection. Mandiant provides guidance for defenders to detect and mitigate these attacks.

via BleepingComputer|
#alphv-ransomware#cybersecurity#mandiant