Resources

Filter By:
Threat Report
Microsoft Teams Local Information Disclosure in Windows, Linux, and macOS
Security researchers have disclosed that the Microsoft Teams desktop application stores access tokens in clear-text.
security general icon
Cybersecurity
Threat Report
Patch Tuesday – September 2022
Today, September 13, is Patch Tuesday. Patch Tuesday is the second Tuesday of each month when Microsoft and other vendors, such as Adobe, release security updates to their products to patch discovered vulnerabilities. This month there was patches released for 64 new vulnerabilities with five rated with a severity of Critical, 57 Important, and two Moderate.
security general icon
Cybersecurity
Threat Report
Chrome Extension Banking Trojan Targeting Mexico
On August 20, 2022, the CRU observed a banking trojan delivered via a .zip file with a JavaScript payload. This script then downloaded several files that created persistence on the machine in the form of shortcuts that attempt to open the Google Chrome browser loaded with a planted extension. The goal of this malware was to steal banking credentials, specifically targeting banking logon pages from Mexico, and track victim browsing activity.
security general icon
Cybersecurity
Threat Report
Formbook and Remcos Backdoor RAT
CRU Senior Threat Researcher Stu Gonzalez breaks down a payload the CRU captured in one of our spam traps. This was a Formbook payload that then downloaded the Remcos backdoor RAT.
security general icon
Cybersecurity
Threat Report
Initial Access Brokers
Successful cybercrime attacks often take groups of individuals working together. Some are extremely organized cybercrime syndicates such as the Conti group, but often individual criminals provide services to other criminals as vendors operating through a marketplace. Ransomware-as-a-Service (RaaS) or Botnet-as-a-Service (BaaS) providers regularly advertise their services on forums such as Exploit or XSS and setup affiliate programs. One type of service that can be found within the cybercrime ecosystem is the initial access broker (IAB).
security general icon
Cybersecurity
Threat Report
Follina - A New Microsoft Office 0-day RCE
Follina is a new remote code execution 0-day vulnerability in Microsft Office products.
security general icon
Cybersecurity
Threat Report
Patch Tuesday - May 2022
A brief overview of the latest security patches released by Microsoft including patches for 74 vulnerabilities; 7 are critical (2 elevation of privilege and 5 remote code execution), 66 are important, and 1 is rated as low.
security general icon
Cybersecurity
Threat Report
Threat Profile: REvil
Supplemental material for the 2022 MSP Threat Report.
security general icon
Cybersecurity