CVE-2020-5902 was disclosed on June 1, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. By June 3, 2020 NCC Group observed active exploitation. This blog is a summary of what we know as the situation develops.
Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox), Michael Sandee and in close collaboration with NCC’s RIFT. About the Research and Intelligence Fusion Team (RIFT):RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IOCs and detection capabilities to strategic reports on tomorrow's threat landscape. Cyber security is an … Continue reading WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar’) appears to be a new malware being developed by the group behind Trickbot. Even though the development of the malware appears to be recent, the developers have already developed two components with rich functionality. The purpose of this blog post is to describe the functionality of the two components, the loader and the backdoor.
Earlier last month saw the publication an IETF draft NCC Group co-wrote with the UK's National Cyber Security Center titled 'Indicators of Compromise (IoCs) and Their Role in Attack Defence'
Last Update: Marc 19th, 2020 at 11:26 UTC Overview Threat actors attempting to capitalize on current events, pandemics and global anxiety is nothing new, as was previously seen with malicious campaigns related to the 2019 climate strikes and demonstrations as well as the 2018 FIFA World Cup tournament. By relying on basic social engineering – … Continue reading Threat Actors: exploiting the pandemic