TechTalk
As part of an incident response operation, the SECUINFRA Falcon team identified an interesting malware sample codenamed "CommieLoader" masquerading as an application form.
CommieLoader installed a Cobalt Strike Beacon, which was used by the attacker for command-and-control communication
In March 2026, a previously unknown zero-day exploit was discovered in Adobe Reader that is being actively exploited via a specially crafted PDF document. Building on the initial findings of security researcher Haifei Li, this article provides a detailed analysis of the technical structure and functionality of the malicious PDF. It reveals a highly obfuscated attack chain featuring sophisticated obfuscation techniques, fingerprinting mechanisms, and unusual command-and-control communication via RSS feeds.
Alertness and vigilance are crucial in cybersecurity. When repeating this truism, most of us think about social engineering attacks and educating the user how to recognize a phishing mail or a scam call. However, an attentive user can also provide valuable insights on a more technical aspect.
A recent incident response case was started, when the user noticed „strange black windows” on the desktop and took screenshots of them. This was accompanied by PayPal transfers from the user’s account, not authorized by the user.
The incident showcased in this article was detected by the SECUINFRA Cyber Detection & Response Center (CDRC) as part of an MDR alert. The Falcon Team contributed relevant findings about the malware for handling and mitigation. This case serves as a good example of a complex "Clickfix"-style attack chain with steganographic elements.
In today's rapidly evolving digital world, cyber threats are becoming increasingly sophisticated. An incident response plan is no longer an option, but a fundamental necessity. Many organizations rely on Managed Security Service Providers (MSSPs) to secure their operations, but it's important to recognize that outside expertise alone is not enough to eliminate all gaps in incident response.
Modern EDR or XDR solutions are capable of detecting suspicious behavior. The widely used Elastic solution has integrated this feature with Elastic Defend since 2019 and offers industry-leading transparency. Below we show how security experts work with it.
Due to its typical division into IT and OT, the manufacturing industry is a worthwhile target for blackmailers. An overview of specific challenges and recommendations on how production companies can protect sensitive data and failure-critical processes.
After a two-year implementation period, EU financial institutions are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025. Chapter II of DORA focuses on the risk management framework, which consists of several elements.
After a two-year implementation period, EU financial companies are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025.
The SECUINFRA Falcon team has investigated the “Nitrogen” ransomware variant. We discovered that significant parts of the implementation originate from the leaked source code of CONTI Ransomware.