<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Malware

The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware

Cybereason is following an active campaign to deliver seven different types of malware that are able to steal data, mine for cryptocurrency, and deliver ransomware to victims all over the world.

How to Prevent the Next Big POS Breach

Malware

How to Prevent the Next Big POS Breach

A new malware discovered in October called Anchor is being used to target financial, manufacturing, and retail businesses across North America and Europe. The threat actor has been leveraging Anchor and TrickBot together to infect, explore, and exploit high-value targets that implement point of sale systems.

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Hacking

Dropping Anchor: From a TrickBot Infection to the Discovery of the Anchor Malware

Cybereason Nocturnus detected a series of targeted attacks against high-profile targets that uses a new variant of Anchor_DNS and a new malware dubbed Anchor.

Fileless Malware 101: Understanding Non-Malware Attacks

Malware

Fileless Malware 101: Understanding Non-Malware Attacks

Unlike attacks carried out using traditional malware, fileless malware attacks don’t entail attackers installing software on a victim’s machine. Instead, tools that are built-in to Windows are hijacked by adversaries and used to carry out attacks. Essentially, Windows is turned against itself.

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

Advanced Persistent Threat

Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers

In 2018, the Cybereason Nocturnus team identified an advanced, persistent attack targeting global telecommunications providers.

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

Cybersecurity

New Pervasive Worm Exploiting Linux Exim Server Vulnerability

There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. Read about the attack first here.

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

Malware

Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data

In this research, we explain one of the most recent and unique campaigns involving the Astaroth trojan. This Trojan and information stealer was recognized in Europe and chiefly affected Brazil through the abuse of native OS processes and the exploitation of security-related products.

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Phishing

LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack

Cybereason detected an evasive infection technique used to spread a variant of the Ramnit banking Trojan as part of an Italian spam campaign. We investigate this attack, its use of sLoad, and its adoption of LOLbins to minimize discovery.

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives

Antivirus

Fauxpersky: CredStealer malware written in AutoHotKey masquerades as Kaspersky Antivirus, spreading through infecting USB drives

Cybereason researchers discovered a credstealer written with AutoHotKey that masquerades as Kaspersky Antivirus and spreads through infected USB drives. We’ve named it Fauxpersky.

What you need to know about PowerShell attacks

Malware

What you need to know about PowerShell attacks

PowerShell is a powerful scripting language that provide unprecedented access to a machine’s inner core, including unrestricted access to Windows APIs