LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

By Ravie Lakshmanan

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads. According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server. "Once initial

Related tags
August 2^nd 2022 at 08:07

The Hacker News
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software
July 16^th 2022 at 06:33

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

By Ravie Lakshmanan

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo

Related tags
- ❌
- VoIP
- System
- Web
- Shell
- VoIP
- Phone
- Palo
- Alto
- Networks
- PHP
July 16^th 2022 at 06:33