Analysis of Native Process CLR Hosting Used by AgentTesla
Overview SonicWall Capture Labs threat research team has observed fileless .Net managed code injection in a native 64-bit process. Native code or unmanaged code refers to low-level compiled code such as C/C++. Managed code refers […]
HydraCrypt Ransomware Targets Brazil and Charges $5,000 for Decryption
Overview The SonicWall Capture Labs threat research team has recently been tracking ransomware known as HydraCrypt. HydraCrypt originates from the CryptBoss ransomware family and was first seen in early 2016. The sample that we analyzed […]
Atlassian’s Confluence Server Unauthenticated Remote Code Execution
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability—an Unauthenticated Template Injection —in Atlassian Confluence platforms, assessed its impact and developed mitigation measures for it. Atlassian’s Confluence Server and Data […]
Microsoft Security Bulletin Coverage for April 2024
Overview Microsoft’s April 2024 Patch Tuesday has 147 vulnerabilities, 68 of which are Remote Code Execution (RCE) vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for April 2024 […]
Cryptominer Poses as Fake Java Utility
Overview The SonicWall Capture Labs threat research team analyzed a malware purporting to be a Java utility. It arrives as an installer for Java Access Bridge, but ultimately installs the popular open-source cryptominer, XMRig. Infection […]
SonicWall at RSAC 2024: The Art of the PlatformApril 24, 2024 - 3:34 pm
Analysis of Native Process CLR Hosting Used by AgentTes...April 23, 2024 - 2:15 pm- HydraCrypt Ransomware Targets Brazil and Charges $5,000...April 22, 2024 - 12:39 pm
- Atlassian’s Confluence Server Unauthenticated Remote Code...April 19, 2024 - 2:24 pm
This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish