Grey Wolf Security

Grey Wolf Security Grey Wolf Security specializes in cyber security solutions. We deliver subject matter experts to you

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to ...
07/29/2022

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

Threat actors are finding their way around Microsoft’s default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found.

By Elizabeth Montalbano - threatpost

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to...
07/29/2022

A threat actor associated with the LockBit 3.0 ransomware operation is abusing the Windows Defender command line tool to load Cobalt Strike beacons on compromised systems and evade detection by security software.

Cobalt Strike is a legitimate pe*******on testing suite with extensive features popular among threat actors to perform stealthy network reconnaissance and lateral movement before stealing data and encrypting it.

By Bill Toulas - Bleeping Computer

Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems.

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a f...
07/29/2022

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.

As Australian software firm Atlassian revealed last week, unpatched versions of the Questions for Confluence app (installed on more than 8,000 servers) create an account with hardcoded credentials.

By Sergiu Gatlan - Bleeping Computer

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.

The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an...
07/28/2022

The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe.

The target, a customer of cybersecurity and cloud service company Akamai, has been under constant assault, facing dozens of DDoS rounds over the past 30 days.

By Bill Toulas - Bleeping Computer

The largest distributed denial-of-service (DDoS) attack that Europe has ever seen occurred earlier this month and hit an organization in Eastern Europe.

The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover t...
07/27/2022

The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free.

Launched in July 2016, No More Ransom is an online portal and a public-private partnership created by law enforcement (Europol and the Dutch National Police) and IT security companies (Kaspersky and McAffee).

By Sergiu Gatlan - Bleeping Computer

The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free.

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new ...
07/27/2022

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.

According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code ex*****on.

By Bill Toulas - Bleeping Computer

System administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with sec...
07/25/2022

The source code for an information-stealing malware coded in Rust has been released for free on hacking forums, with security analysts already reporting that the malware is actively used in attacks.

The malware, which the author claims to have developed in just six hours, is quite stealthy, with VirusTotal returning a detection rate of around 22%.

By Bill Toulas - Bleeping Computer

A malware author released the source code of their info-stealer for free on hacking forums earlier this month, and security analysts already report observing several samples being deployed in the wild.

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value...
07/25/2022

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.

In this campaign, the hackers use malware known as Konni, a remote access trojan (RAT) capable of establishing persistence and performing privilege escalation on the host.

By Bill Toulas - Bleeping Computer

Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries.

A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen...
07/25/2022

A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.

Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads.

By Bill Toulas - Bleeping Computer

A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures.

Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a ...
07/19/2022

Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks.

ESET researchers first spotted the new malware in April 2022 and named it CloudMensis because it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication.

By Sergiu Gatlan - Bleeping Computer

Unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information in a highly targeted series of attacks.

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said to...
07/19/2022

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.

In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware.

By Sergiu Gatlan - Bleeping Computer

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker sp...
07/18/2022

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads.

By Elizabeth Montalbano - threatpost

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

Address

201 N Union Street Suite 110, 19977
Alexandria, VA
22314

Opening Hours

Monday 9am - 5pm
Tuesday 9am - 5pm
Wednesday 9am - 5pm
Thursday 9am - 5pm
Friday 9am - 5pm

Telephone

+17039959903

Website

Alerts

Be the first to know and let us send you an email when Grey Wolf Security posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Grey Wolf Security:

Shortcuts

Share

Category