Malware News
15.1K subscribers
1.63K photos
7 videos
130 files
7.97K links
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...

Partner channel: @cveNotify

For ads: https://telega.io/c/malwr
Download Telegram
10 Years of Linux Security - A Report Card
πŸ—£citypw

Keep in mind that grsecurity's business model relies on painting Linux, and in particular Linux security, in a negative light.

I'm not saying that makes any of this information invalid by itself, but it's worth considering the source.
πŸ‘€awkisopen

I see words in that PDF but barely understand anything it's saying. Context is key.

This was clearly written by an engineer who had no idea whether or not the audience would understand the presentation.
πŸ‘€ToasterToasts

Well, that could have benefited from some explanation of acronyms.

Most of the recommendations seemed to be process or attitude things. How about recommending some simplification, throwing away old code even if it still mostly works ? I'm mostly talking about user-space code. Could we get rid of the init structure and commit to systemd ? Get rid of some old encryption and hashing and VPN modules, force people onto the new stuff ? Have DNS specified in 1 place instead of 5 ?
πŸ‘€billdietrich1


πŸŽ–@malwr
A buggy behavior located into CreateFile allows to hide malware from users and AV scanners. Microsoft will not fix it:
https://github.com/dalvarezperez/CreateFile_based_rootkit
#CreateFile #malware #rootkit #antivirus

ℹ️ Sent from one of our members

πŸŽ–@malwr
[PDF ThaiCERT publishes "Threat Group Cards: A Threat Actor Encyclopedia" version 2.0 - Added 115 threat groups and many other updates - portal coming soon](https://www.dropbox.com/s/ds0ra0c8odwsv3m/Threat%20Group%20Cards.pdf?dl=0)
πŸ—£digicat


πŸŽ–@malwr
Microsoft launches free Memory Forensics and Rootkit Detection service for Linux systems
πŸ—£dreamygeek

Perhaps read the official blog post before you all get your pitch forks out over the free service thats intended to make hard to find, in memory malware incredibly expensive to keep using for attackers without risk of exposure.

"Project Freta was designed and built with survivor bias at its core."

God forbid microsoft and their academic researchers do a good thing here and get any credit.

Yeesh πŸ™„

https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
πŸ‘€jdwashere

Soooo... Volatility in the cloud?
πŸ‘€YXZs

mmm... a rootkit that detects rootkits
πŸ‘€skyl4nk


πŸŽ–@malwr
ThiefQuest Ransomware detects VM (possibly)
Set up a Mac VM on VMWare, tried running the ThiefQuest Ransomware. On the Activity Monitor, I Force Quit vmware-tools-daemon, hoping it won't detect it as a VM. But I guess I'm wrong. It's either the samples I've gotten are wrong, or the malware detects a VM.

https://preview.redd.it/qjsk2yyu0h951.png?width=1910&format=png&auto=webp&s=e5d5186bee11b35fdc5eaa1d7c06d577c4a3da32
πŸ—£LMJR500Army

It can still detect that it's in a VM even without the vmware-tools-daemon running. Common methods in this VMware kb article.

There are plenty of other anti-forensic methods for detecting a VM as well. Sometimes you need to be as tricky as the creators to get the malware to actually run when you are trying to examine it.
πŸ‘€TheDarthSnarf


πŸŽ–@malwr