Anti-Ransomware Day 2024: It’s Time to Eat Your Broccoli

Too Much Ice Cream May 12th, 2017 – a day that lives in infamy for all cybersecurity professionals. It was on this day that the WannaCry ransomware attack was unleashed, devastating hundreds of thousands around […]

CrushFTP Server-Side Template Injection (SSTI)

Overview SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools […]

Fake Windows Explorer Installs a Crypto Miner

Overview This week the SonicWall Capture Labs threat research team came across a sample purporting to be Windows Explorer. At a glance, everything checks out – it uses the legitimate Windows Explorer icon and the […]

Android Remote Access Trojan Equipped to Harvest Credentials

Overview The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. We’ve encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to […]

GitLab XSS Via Autocomplete Results

Overview The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published an advisory on this vulnerability […]

This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish