The Security Blog From Gridinsoft
BianLian Exploits TeamCity Vulnerability to Deploy Backdoors
BianLian, a group of cybercriminals known for their ransomware attacks, recently caught the attention of the information security community. By…
PUA:Win32/Softcnapp Detection Analysis & Description
PUA:Win32/Softcnapp is a generic detection name of Microsoft Defender, assigned to an unwanted program. It sometimes appears as false positive…
Microsoft is Hacked, Again by Midnight Blizzard
Microsoft acknowledges being hacked for the second time this year, by the same Russia state-sponsored group Midnight Blizzard. The company…
Phantom Hacker Scams On The Rise, Target Elderly
Phantom hacker scams is a specific type of fraud that aims at convincing the victim to transfer the funds due…
WingsOfGod.dll – WogRAT Malware Analysis & Removal
WogRAT, also known as WingsOfGod RAT, is a novice remote access trojan that attacks users from Asian countries. Named after…
Docker API Vulnerability Exploited in Cryptojacking Campaign
A new campaign named “Commando Cat” uses a Docker API vulnerability. It uses Docker to gain initial access to a system and then deploys a series of malicious payloads. This…
Hewlett Packard Enterprise Hacked, Darknet Forum Sales Data
On February 1, 2024, a post on a Darknet hacker forum selling Hewlett Packard Enterprise data appeared. Threat actor known as IntelBroker claims hacking into the company’s network and grabbing…
Mastodon Vulnerability Allows for Account Takeover
A security vulnerability loophole discovered by cybersecurity experts has revealed that decentralized social network Mastodon contains a critical vulnerability. Also, the flaw could potentially allow attackers to gain unauthorized access…
Mispadu Banking Trojan Exploits SmartScreen Flaw
Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered…
Claro Company Hit by Trigona Ransomware
Claro Company, the largest telecom operator in Central and South America, disclosed being hit by ransomware. Representatives shared this information in response to the service disruptions in several regions. From…
New FritzFrog Botnet Sample Exploits Log4Shell and PwnKit
Researchers detected a new sample of FritzFrog malware, that is known for creating significant botnets. The new threat sample includes the functionality to exploit flaws in network assets, including the…
Critical Vulnerability Uncovered in Apple iOS and macOS Exploited
The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, particularly iOS and macOS. It has been added to the agency’s Known Exploited Vulnerabilities catalog.…
White Phoenix Decryptor by CyberArk Updated With Web Interface
CyberArk has released an online version of a file decryptor. This is a simplified, web version of the “White Phoenix” decryptor, initially available from the source code placed on GitHub.…
GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk
In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing…
4 Junos OS Vulnerabilities Fixed, Update Now
In the latest security bulletin, Juniper Networks announced the release of fixes for a selection of vulnerabilities in their Junos OS. Among the fixed flaws is a high-severity one that…
Panda Security Driver Vulnerabilities Uncovered in APT Simulation
Security researchers discovered critical security driver vulnerabilities in Panda Security software. This chain of flaws abuses legitimate drivers to disable EDR products. Despite having relatively low CVSS scores, they may…
Kasseika Ransomware Exploits Vulnerable Antivirus Drivers
A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group…