• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Deobfuscating a Dropper for a ZLoader Trojan Variant

April 1, 2021 By Ryan Estes

Computer code

On March 18th, 2021, the DNSWatch Tailored Analysis Team received an email from an internal WatchGuard employee who deemed the email as suspicious. The initial email included an attachment with the title Attachment_57904. A DNSWatch Analyst performed an initial assessment of the file in search of any malicious indicators or behaviors only to discover that the file was a heavily … [Read more...]

Analysis of a Dridex Banking Trojan Phish

March 31, 2021 By Abdul Samee

Phishing email

At the beginning of March, as many Americans were eagerly awaiting another round of stimulus payments, news began to circulate about cybercriminals taking advantage of the American Rescue Plan offering financial assistance (payments and other aids) as part of COVID-19 relief. We got a hold of some of these phishing emails and upon scrutiny, we found the email imitates the IRS, … [Read more...]

Ubiquitous for all the Wrong Reasons

March 31, 2021 By Josh Stuifbergen

Ubiquiti may have a lot to answer to after recent allegations of their possible downplaying of January’s breach. The allegation involves an attacker gaining access to Ubiquiti’s Amazon Web Services (AWS) account via an employee’s account with root (read/write admin or higher permissions) level access to all of Ubiquiti’s AWS accounts. The whistleblower alleged that the … [Read more...]

Attempted PHP Backdoor Foiled

March 29, 2021 By Marc Laliberte

PHP Code

The PHP Group, the collection of developers responsible for maintaining the reference source code and implementation for the popular web scripting language PHP, made the decision to retire their self-maintained code repository server and move to GitHub after an unknown threat actor inserted a backdoor into the core PHP code library through a git pull request. The change, … [Read more...]

DevilXploit and Website Defacement

March 29, 2021 By Josh Stuifbergen

Sporting and competition are a mainstay of the human spirit. And in that spirit, we find new ways to compete. A classic example of this is website defacement, where a malicious hacker compromises a website and uses the page itself to show off their conquest. A WatchGuard customer recently submitted a domain that they flagged for phishing. We visited the page … [Read more...]

Next Page »

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Alleged Acer REvil Ransomware Infection Breaks Record with $50+ Million Demand
  • Phishing email Analysis of a Dridex Banking Trojan Phish
  • 140 Defense Tips from a Pentester Defense Tips from a Pentester
  • Ubiquitous for all the Wrong Reasons

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Combating Disinformation with Nina Jankowicz Rewind
  • Q4 2020 Internet Security Report
  • Deobfuscating a Dropper for a ZLoader Trojan Variant
  • Analysis of a Dridex Banking Trojan Phish
  • Ubiquitous for all the Wrong Reasons
View All

Search

Archives

Copyright © 2021 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use