TechTalk
Here you will find articles on the latest findings and in-depth analyses in the field of IT security, presenting both current trends and the in-depth expertise of our cyber defense experts. Immerse yourself in the world of cyber security, enrich your knowledge and stay at the forefront of technological progress.
As part of an incident response operation, the SECUINFRA Falcon team identified an interesting malware sample codenamed "CommieLoader" masquerading as an application form.
CommieLoader installed a Cobalt Strike Beacon, which was used by the attacker for command-and-control communication
In March 2026, a previously unknown zero-day exploit was discovered in Adobe Reader that is being actively exploited via a specially crafted PDF document. Building on the initial findings of security researcher Haifei Li, this article provides a detailed analysis of the technical structure and functionality of the malicious PDF. It reveals a highly obfuscated attack chain featuring sophisticated obfuscation techniques, fingerprinting mechanisms, and unusual command-and-control communication via RSS feeds.
Alertness and vigilance are crucial in cybersecurity. When repeating this truism, most of us think about social engineering attacks and educating the user how to recognize a phishing mail or a scam call. However, an attentive user can also provide valuable insights on a more technical aspect.
A recent incident response case was started, when the user noticed „strange black windows” on the desktop and took screenshots of them. This was accompanied by PayPal transfers from the user’s account, not authorized by the user.
The incident showcased in this article was detected by the SECUINFRA Cyber Detection & Response Center (CDRC) as part of an MDR alert. The Falcon Team contributed relevant findings about the malware for handling and mitigation. This case serves as a good example of a complex "Clickfix"-style attack chain with steganographic elements.
In today's rapidly evolving digital world, cyber threats are becoming increasingly sophisticated. An incident response plan is no longer an option, but a fundamental necessity. Many organizations rely on Managed Security Service Providers (MSSPs) to secure their operations, but it's important to recognize that outside expertise alone is not enough to eliminate all gaps in incident response.
Modern EDR or XDR solutions are capable of detecting suspicious behavior. The widely used Elastic solution has integrated this feature with Elastic Defend since 2019 and offers industry-leading transparency. Below we show how security experts work with it.
Due to its typical division into IT and OT, the manufacturing industry is a worthwhile target for blackmailers. An overview of specific challenges and recommendations on how production companies can protect sensitive data and failure-critical processes.
After a two-year implementation period, EU financial institutions are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025. Chapter II of DORA focuses on the risk management framework, which consists of several elements.
After a two-year implementation period, EU financial companies are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of January 17, 2025.
The SECUINFRA Falcon team has investigated the “Nitrogen” ransomware variant. We discovered that significant parts of the implementation originate from the leaked source code of CONTI Ransomware.
After a two-year implementation period, EU financial companies are obliged to implement the DORA (Digital Operational and Resilience Act) by the deadline of 17.01.2025.
DORA focuses on the identification and risk management of information assets that support critical or important business functions.
The threat situation for companies is also becoming more complex this year. In addition to state-sponsored attacks - primarily from Russia, China and increasingly also North Korea - we are seeing more and more commercially motivated attacks that are carried out highly professionally using the CaaS model (Cybercrime as a Service). It is noticeable that the speed with which stolen data is offered for sale or exploited is constantly increasing. It is not uncommon for compromised accounts to be taken over after just a few minutes.
Phishing campaigns, which are becoming increasingly reliable thanks to the use of AI, pose a further potential threat.
Last but not least, criminals are increasingly using cross-platform malware that targets Linux and Mac OS in addition to Windows. How can companies meet these new challenges?