THREAT REPORTS

ZeroLock: Sealing the Cracks Against Leaky Vessels

ZeroLock: Sealing the Cracks Against Leaky Vessels

"Leaky Vessels" (CVE-2024-21626) is targeting containerized environments and enabling attackers to escape containers and compromise host systems, presenting a critical risk to cloud-native applications. Watch as our Threat Intel Lead,...

GameOver(lay) gets destroyed by Vali Cyber’s ZeroLock

GameOver(lay) gets destroyed by Vali Cyber’s ZeroLock

CVE-2023-2640 and CVE-2023-32629 are two easy-to-exploit privilege escalation vulnerabilities in the OverlayFS module in Ubuntu that affect 40% of Ubuntu cloud workloads. Cleverly nicknamed gameOver(lay), Vali Cyber's ZeroLock can both...

Supply Chain Attacks

Supply Chain Attacks

Supply-chain attacks take advantage of insecure segments of the supply-chain of a target. An attacker will manipulate the elements used in the production process of the target, and thereby produce a vulnerability. In many modern examples...

Why Hash-Based Scanning: Is Not Enough

Why Hash-Based Scanning: Is Not Enough

Vali Cyber Threat Intelligence Report Fileless attacks are any cyber-attack which does not write any files to disk on the target system. This kind of attack has grown in popularity over recent years due to some of the distinct advantages...

ZeroLock® Red Team Analytics: Novel Ransomeware

ZeroLock® Red Team Analytics: Novel Ransomeware

ZeroLock defends against many kinds of attacks, including ransomware. The Vali Cyber Threat Intelligence team regularly red teams the agent to ensure it responds effectively to sophisticated, evolving threats. The Threat Intelligence team...

BlackMatter Analysis

BlackMatter Analysis

Summary BlackMatter is a ransomware campaign that has been terrorizing Linux users since late 2021. The variation is written in C++ and specifically targets VMWare ESXi servers. VMWare ESXi servers are a common target for ransomware...

Crytojacking and XMRig Summary

Crytojacking and XMRig Summary

Explanation of Cryptojacking One of the most prevalent threats facing Linux systems today is cryptojacking. This attack occurs when a threat actor infiltrates a target system and re-appropriates resources to mine cryptocurrency for...

Ransomeware Timing Analysis

Ransomeware Timing Analysis

Vali Cyber Threat Intelligence Report Ransomware is one of the most severe threats in cybersecurity today. After an intruder gains access to the target network or device, they then use malware called “ransomware” to systematically encrypt...