ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Labs

IceFire Ransomware Returns Now Targeting Linux Enterprise Networks 8
Crimeware

IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks
Alex Delamotte /

New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.

Read More
WIP26 Espionage Threat Actors Abuse Cloud Infrastructure In Targeted Telco 4
Adversary

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
Aleksandar Milenkoski /

A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.

Read More
Cl0p Ransomware Targets Linux Systems With Flawed Encryption Decryptor Available 9
Crimeware

Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
Antonis Terefos /

An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.

Read More
MalVirt .NET Virtualization Thrives In New Malvertising Attacks 3
Crimeware

MalVirt | .NET Virtualization Thrives in Malvertising Attacks
Aleksandar Milenkoski /

.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.

Read More
DragonSpark Attacks Evade Detection With SparkRAT And Golang Source Code Interpretation 1
Adversary

DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
Aleksandar Milenkoski /

A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.

Read More
NoName05716 The Pro Russian Hacktivist Group Targeting NATO 2
Adversary

NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Tom Hegel /

In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.

Read More
Blasting Event Driven Cornucopia WMI Based User Space Attacks Blind SIEMs And EDRs 3
LABScon

LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
LABScon /

WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.

Read More
InkySquid The Missing Arsenal 1
LABScon

LABScon Replay | InkySquid: The Missing Arsenal
LABScon /

Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.

Read More
Breaking Firmware Trust From The Other Side Exploiting Early Boot Phases Pre EFI 1
LABScon

LABScon Replay | Breaking Firmware Trust From The Other Side: Exploiting Early Boot Phases (Pre-Efi)
LABScon /

The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.

Read More
Custom Branded Ransomware The Vice Society Group And The Threat Of Outsourced Development 3
Crimeware

Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development
Antonio Cocomazzi /

New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.

Read More
1 5 6 7 8 9 23