• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Defense

Intel Insights – VMWare ESXi and ESXiArgs Ransomware

February 13, 2023 By Joel Belton

RSM Defense Intelligence has observed open-source reporting, as well as notifications from CISA(JCSA_AA23-039A),  which indicates that malicious actors are exploiting known vulnerabilities in VMware ESXi software to gain access to servers and deploy ESXiArgs ransomware. Vulnerabilities utilized by the malicious actors include CVE-2021-21974 (CVSS 8.8), CVE-2020-3992 (CVSS 9.8), ... READ MORE

Intel Insights – ChatGPT: Good Angel or Bad Robot?

January 27, 2023 By Joel Belton

Since the roll out of Open AI’s publicly accessible ChatGPT (Generative Pre-training Transformer) on November 30, 2022, ChatGPT has been subject to widespread attention both in the Clearnet and “DarkWeb”. ChatGPT is based on the GPT architecture and was first released in 2019. Since then, it has undergone several updates and major changes. The GPT model was trained on a ... READ MORE

Intel Insights – Emotet recommences email spam operations after five-month break

January 13, 2023 By Joel Belton

RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading ... READ MORE

What Recent Cyberattacks Teach Us

September 30, 2022 By Ryan Shockling

Cyberattacks have been in mainstream news again in recent weeks, as the hacker group Lapsus$ has launched several successful attacks against major companies. Recently, police in Oxfordshire arrested an unnamed seventeen-year-old known by the alias Tea Pot who has been credited as the one responsible for these notable attacks. For those familiar with common penetration testing ... READ MORE

The easiest way to not get eaten is to at least try to not look like food: Critical asset considerations – Part 2

July 21, 2022 By Todd Willoughby

We are back! We didn’t go anywhere we have just been busy like everyone else. Today, we carry on my favorite miniseries of the best way to not get eaten is to not look like food; proverbially of course. Part 2 of this is regarding critical asset protections. This includes, but again not limited to, domain controllers and critical asset backups, business continuity planning, ... READ MORE

Russia Ukraine Conflict Observables

March 9, 2022 By Joel Belton

With the rise of cyberwarfare against Ukraine and Russia, one could agree that there could be potential blowback from the sanctions that the United States has placed on the country of Russia. Some of the attacks that have been observed against Ukraine are attacks that include data wiping malware, such as HermeticWiper, Whispergate, and IsaacWiper. There have also been ... READ MORE

Digital piracy through ransomware: A change in tides

November 29, 2021 By Sean Renshaw

Due to the tidal wave of ransomware attacks since 2018, the seas are changing, and the attackers are now becoming the attacked. A disparate group of entities have started to fight back against these modern-day pirates in an epic battle which will likely change how ransomware attacks are handled going forward. Years ago, digital pirates targeted healthcare and relatively ... READ MORE

Russia’s new breadbasket is America’s Mid-West

September 30, 2021 By Todd Willoughby

The BlackMatter ransomware group, which claims to be the successor to the ostensibly, but possibly not so retired threat actor groups REvil/DarkSide, has successfully breached an Iowa-based grain and farm services provider. The provider, which operates grain elevators, trades crops and provides other support to Iowa and surrounding farmers, says it's has taken it’s systems ... READ MORE

TSA cybersecurity directives: What pipeline companies need to know

August 4, 2021 By Ken Smith

After the Colonial Pipeline ransomware attack shut down the entire pipeline system for over a week, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) issued a directive requiring all pipeline companies to take immediate actions to mitigate cyber risks. The first cybersecurity directive was issued on May 27 and the follow-up directive was ... READ MORE

The State of Ransomware

July 8, 2021 By AJ Hammond

Ransomware as a concept isn’t exactly bleeding edge. For years, cybercriminals have been using ransomware along with a variety of different attack vectors to compromise companies both big and small around the globe.   What is new, however, is the recent uptick in the quantity and frequency of ransomware-based attacks. According to Verizon's 2021 Data Breach Investigations ... READ MORE

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 5
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.