Research, News, and Perspectives

Cyber Threats

Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals

Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu's motives seem to have changed since at least October 2022.

Latest News May 30, 2023

Save to Folio

Latest News May 30, 2023

Save to Folio

Malware

New Info Stealer Bandit Stealer Targets Browsers, Wallets

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

May 26, 2023

Save to Folio

May 26, 2023

Save to Folio

Compliance & Risks

Health Industry Cybersecurity Best Practices 2023

This blog explains the new resources of health industry cybersecurity practices and landscape analysis which the HHS (U.S. Department of Health and Human Services) released in Apr 2023.

Security Strategies May 25, 2023

Save to Folio

Security Strategies May 25, 2023

Save to Folio

Abusing Web Services Using Automated CAPTCHA-Breaking Services and Residential Proxies

This blog entry features three case studies that show how malicious actors evade the antispam, antibot, and antiabuse measures of online web services via residential proxies and CAPTCHA-breaking services.

Research May 25, 2023

Save to Folio

Research May 25, 2023

Save to Folio

Connected Car

How Connected Car Cyber Risk will Evolve

Learn how connected car cyber risk will evolve in the coming years.

Research May 23, 2023

Save to Folio

Research May 23, 2023

Save to Folio

Cyber Threats

Future Exploitation Vector: File Extensions as Top-Level Domains

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards.

May 23, 2023

Save to Folio

May 23, 2023

Save to Folio

Malware

Info Stealer Abusing Codespaces Puts Discord Users at Risk

In this entry, we detail our research findings on how an info stealer is able to achieve persistence on a victim’s machine by modifying the victim’s Discord client.

Research May 23, 2023

Save to Folio

Research May 23, 2023

Save to Folio

Ransomware

BlackCat Ransomware Deploys New Signed Kernel Driver

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.

Research May 22, 2023

Save to Folio

Research May 22, 2023

Save to Folio

Cloud

Rust-Based Info Stealers Abuse GitHub Codespaces

This is the first part of our security analysis of an information stealer targeting GitHub Codespaces (CS) that discusses how attackers can abuse these cloud services for a variety of malicious activities.

May 19, 2023

Save to Folio

May 19, 2023

Save to Folio

Compliance & Risks

Healthcare cybersecurity updated in HIMSS23

This update reports on the current state of cybersecurity in the healthcare industry from the CISA’s keynote in Cybersecurity forum of HIMSS23.

Security Strategies May 18, 2023

Save to Folio

Security Strategies May 18, 2023

Save to Folio