How LNK Files Are Abused by Threat Actors
LNK files are based on the Shell Link Binary file format, also known as Windows shortcuts. But what seems a relatively simple...
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
Linux is a popular operating system for servers and cloud infrastructures, and as such it’s not a surprise that it attracts threat...
Detecting Phishing Emails with Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around...
SOC Level Up: Threat Hunting and Detection With Sigma
Sigma is a universal markup language for analyzing logs, which you can use to write threat hunting and detection rules for evolving...
How to Analyze Malicious PDF Files
Portable Document Format (PDF) files are cross-platform file format, supporting links, images, and fonts. The flexibility of the PDF format makes these...
Elephant Framework Delivered in Phishing Attacks Against Ukrainian Organizations
A recently developed malware framework called Elephant is being delivered in targeted spear phishing campaigns using spoofed Ukrainian governmental email addresses. The...
SOC Level Up: Introduction to Sigma Rules
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...
Boost Your SOC Skills: How to Detect Good Apps Gone Bad
Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...
3 Ways to Save Incident Response Time
Save time during incident response with these tips and tools to help your team accelerate HD, memory, and live...
How to Analyze Malicious Microsoft Office Files
All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer...
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Exposed Prefect Workflows Could Lead to Disruptive Attacks
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Guide to Digital Forensics Incident Response in the Cloud
Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...
New Attacks on Kubernetes via Misconfigured Argo Workflows
Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
Global Phishing Campaign Targets Energy Sector and its Suppliers
Our research team has found a sophisticated campaign, active for at least one year, targeting large international companies in the energy, oil...
Why Relying on the Cloud Provider for Security is Not Enough
73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...
Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys
New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
A Rare Look Inside a Cryptojacking Campaign and its Profit
Intro Linux threats are becoming more frequent. A common type of Linux threat is cryptojacking, which is the unauthorized use of an...
A Storm is Brewing: IPStorm Now Has Linux Malware
Introduction The development of cross-platform malware is not new, however, we continue to observe a number of malware that were previously documented only...