Nicole Fishbein, Author at Intezer
10

OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow

Linux is a popular operating system for servers and cloud infrastructures, and as such it’s not a surprise that it attracts threat...

11

Detecting Phishing Emails with Email Headers, Attachments, and URLs

Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around...

8

SOC Level Up: Threat Hunting and Detection With Sigma

Sigma is a universal markup language for analyzing logs, which you can use to write threat hunting and detection rules for evolving...

8

How to Analyze Malicious PDF Files

Portable Document Format (PDF) files are cross-platform file format, supporting links, images, and fonts. The flexibility of the PDF format makes these...

9

Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations 

A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...

8

SOC Level Up: Introduction to Sigma Rules

Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...

11

Boost Your SOC Skills: How to Detect Good Apps Gone Bad

Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...

7

3 Ways to Save Incident Response Time

Save time during incident response with these tips and tools to help your team accelerate HD, memory, and live...

12

How to Analyze Malicious Microsoft Office Files

All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer...

7

New SysJoker Backdoor Targets Windows, Linux, and macOS

Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...

4

Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server

GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...

4

Exposed Prefect Workflows Could Lead to Disruptive Attacks

Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...

9

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...

10

Guide to Digital Forensics Incident Response in the Cloud

Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...

6

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...

9

Global Phishing Campaign Targets Energy Sector and its Suppliers

Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...

5

Why Relying on the Cloud Provider for Security is Not Enough

73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...

6

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...

6

A Rare Look Inside a Cryptojacking Campaign and its Profit

Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an...

11

A Storm is Brewing: IPStorm Now Has Linux Malware

Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...

5

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks

Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...

7

Watch Your Containers: Doki Infecting Docker Servers in the Cloud

Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...

© Intezer.com 2022 All rights reserved
Launching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC TeamLaunching Autonomous SecOps: Your Virtual, Algorithm-Driven Tier 1 SOC Team Learn more