Threat Hunting with passive DNS: Discovering the Attacker Infrastructure

Understanding how attackers establish and maintain their attack infrastructure is important for building robust defenses. Attackers employ various tactics to keep their operations resilient and undetected. In this blog post,

Share
The Hidden Door: How CVE-2024-23897 Enabled Ransomware Attack on Indian Banks

On August 1, 2024, Retail payments began to be disrupted in Indian banks and suddenly, massive news broke, stating Brontoo Technology Solutions – a collaborator with C-Edge Technologies, which is

Share
BianLian Ransomware Group: 2024 Activity Analysis

Since its emergence in 2022, the BianLian ransomware group has rapidly evolved, showcasing sophisticated techniques and adapting to the shifting landscape of cyber threats. It’s among the top three most

Share
Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation

  Juniper Threat Labs has been monitoring exploitation attempts targeting an Ivanti Pulse Secure authentication bypass with remote code execution vulnerabilities. We have observed instances of Mirai botnet delivery in

Share
Shielding Networks From Androxgh0st

  AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and

Share
Real-Time Defense: Analyzing Emerging Cyber Threats

In this blog, we will dive into the attack trends observed across our customers’ networks. First, we will highlight how the security threat intelligence in the Juniper Advanced Threat Prevention

Share
CVE-2023-20887: VMware Aria Operations for Networks Unauthenticated Remote Code Execution

VMware Aria Operations for Networks is a network monitoring and management tool used to build and manage an optimized, secure network infrastructure. A command injection vulnerability has been recently reported

Share
Abused CDNs: From Speedy Content to Stealthy Malware

The global internet relies on Content Delivery Networks (CDNs) to deliver a seamless web experience for users. Because of the shared nature of a CDN’s resources, network operators must be

Share
DreamBus Botnet Resurfaces, Targets RocketMQ vulnerability

In May 2023, a vulnerability affecting RocketMQ servers (CVE-2023-33246), which allows remote code execution, was publicly disclosed. In a recent blog post, Juniper Threat Labs provided a detailed explanation of

Share
CVE-2023-27350: PaperCut NG and MF Remote Code Execution Vulnerability

PaperCut is an enterprise print management software. PaperCut NG is used for managing and controlling printing. PaperCut MF is a more advanced solution that, in addition to managing printing, can

Share