In a recent phishing campaign, an attacker was able to execute a payload without writing anything to disk.

Malvertising occurs when an online advertising network knowingly or unknowingly serves up malicious advertisements on a website.  Malvertisements  are a type of “drive-by” threat that tend to result in users being infected with malware for simply visiting a website. The victims of this threat are often compromised when the malvertisement directs them to an exploit kit (EK) landing page. Depending on the applications running on the user’s system, the EK can successfully load malware into a system without user consent and without tipping the victim off that something suspicious is happening.

Analysis of a zero-day vulnerability in the MOVEit Transfer software, along with containment and hardening guidance.

The Shimcache is extremely powerful source of evidence to help focus investigations and provide greater confidence to every day tough questions.  

Beginning in January 2021, we observed multiple instances of abuse of Microsoft Exchange Server stemming from zero-day vulnerabilities.

We introduce a machine learning model that learns to rank strings based on their relevance for malware analysis.

This blog covers the growing trend of cyber criminals using blockchain domains for malicious infrastructure.

This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures (TTPs) of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, this report focuses on intrusion activity primarily observed at Israeli entities.

This blog post discusses the various trends that we have been observing related to cryptojacking activity.

We illustrate how to better understand and detect social media information operations using neural language models.