Research & Threat Intel

Cloud DFIR, Research & Threat Intel
December 21, 2021

The Continued Evolution of Abcbot

A new version of a malicious shell script targeting insecure cloud instances running under Cloud Service Providers such as...
Read More
Cloud DFIR, Research & Threat Intel
December 14, 2021

Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability

By Matt Muir Overview As previously reported, a recently-discovered critical vulnerability (CVE-2021-44228) in Apache’s...
Read More
Cloud DFIR, Research & Threat Intel
December 13, 2021

Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228

Introduction Log4J is an open-source logging platform running on Java and built-in to many web platforms. Public reports...
Read More
Cloud DFIR, Research & Threat Intel
November 9, 2021

Cloud Malware Proliferation?

Recently VX Underground released a toolset they report is from the Conti and BlackMatter ransomware gang: As TeamTNT themselves...
Read More
Free Resources, Research & Threat Intel
September 17, 2021

Azure OMI Vulnerability OMIGOD (CVE-2021-38647) Now Under Exploitation

Azure users running Linux virtual machines are at risk of compromise unless they upgrade now. A vulnerable piece of management...
Read More
Free Resources, Research & Threat Intel
September 14, 2021

TeamTNT Script Employed to Grab AWS Credentials

A TeamTNT script has been employed to target a Confluence vulnerability that grabs AWS credentials including those from ECS. ...
Read More
Cloud DFIR, Research & Threat Intel
September 9, 2021

Quick Recap: Azurescape

As you may have seen today, Palo Alto published a brilliant technical report: Finding Azurescape – Cross-Account Container...
Read More
Research & Threat Intel
July 14, 2021

Triage analysis of Serv-U FTP user backdoor deployed by CVE-2021-35211

Last night, Microsoft published a blog titled Microsoft discovers threat actor targeting SolarWinds Serv-U software with...
Read More
Free Resources, Research & Threat Intel
July 3, 2021

Resources for DFIR Professionals Responding to the REvil Ransomware Kaseya Supply Chain Attack

Yesterday Sophos and Huntress Labs identified that Kaseya, a remote management provider popular with MSPs, was compromised...
Read More
Cloud DFIR, Research & Threat Intel
June 29, 2021

Ransomware Incident Response and Forensics - Before the Ransom

One thing you may have not realised about ransomware is that it’s not immediate. While the data encryption process...
Read More

Cado Security is the provider of the first cloud forensics and incident response platform. By leveraging the scale and speed of the cloud, the Cado platform automates forensic-level data capture and processing across cloud, container, and serverless environments. Only Cado empowers security teams to respond at cloud speed.

Free Trial Demo

© Copyright 2023 Cado Security

Sitemap | Privacy Policy