The Life and Times of SysInternals | How One Developer Changed the Face of Malware Analysis
Mark Russinovich, founder of SysInternals, explores the history and development of one of the security industry's most essential toolkits.
Read More
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
Cyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.
Read More
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Read More
IceFire Ransomware Returns | Now Targeting Linux Enterprise Networks
New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.
Read More
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.
Read More
Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available
An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.
Read More
MalVirt | .NET Virtualization Thrives in Malvertising Attacks
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.
Read More
DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.
Read More
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Read More
LABScon Replay | Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.
Read More