-
Cleo MFT Mass Exploitation Payload Analysis
Written by ARC Labs contributors, John Dwyer and Eric Gonzalez ARC Labs recently capture and analyzed the second and third stage payloads used during a Cleo MFT compromise. The compromise is a result of exploitation of CVE-2024-50623 which allows for unauthorized remote code execution. Additional reports suggest that exploitation of the vulnerability continues to be possible even after…
-
Rhadamanthys Stealer Analysis for Detection Opportunities
Written by ARC Labs contributor, Shannon Mong Threat Overview Binary Defense ARC Labs’ threat researchers recently dissected a Rhadamanthys Stealer infection chain to uncover detection opportunities that defenders can leverage to strengthen organizational security. In this analysis, we provide general detection guidance and actionable queries for detecting Rhadamanthys Stealer. Recent Campaign Insights Rhadamanthys Stealer surfaced on underground…
-
How to Define Your Security Objectives Before Choosing an MDR Provider
With nearly every MSSP and Security company claiming to do Managed Detection and Response (MDR) it’s more important than ever to choose the right MDR provider. Before you start evaluating potential partners, it’s crucial to step back and clearly define your organization’s security objectives. This not only helps in selecting the right provider but also…
-
Shining a Light in the Dark – How Binary Defense Uncovered an APT Lurking in Shadows of IT
Written by ARC Labs contributors, John Dwyer, Eric Gonzalez at Binary Defense and Tyler Hudak at TrustedSec In cybersecurity, the threats we don’t see—or don’t expect—often pose the greatest danger. Recently, this became all too clear when three unmanaged AIX servers, sitting exposed on the internet, opened the door for a China-Nexus Threat Actor to launch an…
-
Understanding Sleep Obfuscation
How Malware Uses Sleep Cycles to Avoid Detection The post Understanding Sleep Obfuscation appeared first on Binary Defense. Go to Source
-
Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks
This post was written by John Dwyer, Director of Security Research at Binary Defense, and made possible through the contributions of TrustedSec Senior Research Analyst Kevin Haubris and Eric Gonzalez of Binary Defense. ARC Labs recently recovered a tool leveraged in Qilin ransomware attacks aimed at impairing defenses by disabling popular endpoint detection and response…
-
The Imperative of Threat Hunting for a Mature Security Posture
Threat Hunting has transitioned from being a luxury to a fundamental necessity The post The Imperative of Threat Hunting for a Mature Security Posture appeared first on Binary Defense. Go to Source