The Ministry of Foreign Affairs for the Kingdom of Saudi Arabia has allegedly fallen victim to a massive data breach. The Saudi Foreign Affairs data breach purportedly exposed the personal information of more than 1.4 million employees affiliated with the ministry. In order to verify the claim of a data breach in Saudi Foreign Affairs, […]
This post is also available in: 日本語 (Japanese) Executive Summary During our research discovering threats in legitimate network traffic, activity generated by a certain type of Android Package Kit (APK) files kept hitting our radar. This activity led us to conduct an in-depth investigation on the associated APK files. Our research revealed a family of […]
Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. “These families allow the threat actors to circumvent authentication and provide backdoor access to these devices,” […]
This post is also available in: 日本語 (Japanese) Executive Summary Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive […]
Jan 12, 2024NewsroomDevSecOps / Software security GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has been awarded the maximum severity of 10.0 on the CVSS scoring system and could facilitate account takeover by […]
Snitchy & Scratchy The brainchild of Atlanta based producer/polymath Jonah Swilley – a founding member of Mattiel and also known for his production work with Moonwalks and Night Beats – and Columbus, GA rapper Brandon ‘Bez’ Evans, Revival Season’s debut album, Golden Age Of Self Snitching is out next month and looks like it’ll turn […]
Defense evasion by exploiting CVE-2023-36025 Once the malicious .url file exploiting CVE-2023-36025 is executed, it connects to an attacker-controlled server to download and execute a control panel item (.cpl) file. Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the .url file from an untrusted source. However, the attackers craft a […]
Technical Analysis Zscaler ThreatLabz has previously analyzed DreamBus and its modules. Each DreamBus module is an Executable and Linkable Format (ELF) binary that is packed by UPX with a modified header and footer. This alteration is designed to prevent the UPX command-line tool from statically unpacking DreamBus binaries. The magic bytes UPX! (0x21585055) are typically […]
Scope Neglect comes via the mighty Mute empire Iceland-based Australian composer Ben Frost has released his first studio album in six years. Scope Neglect, which is released via Mute, is described as an experimental and genre-shifting album forged from Frost’s admiration for heavy metal. The results meld elements of the genre with the composer’s dramatic, […]