Multiple security vendors have released articles sharing information about an ongoing campaign that trojanizes the #3CX DesktopApp in a supply chain attack:
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
π£virusbtn
Continue...π
π@malwr
https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
https://www.trendmicro.com/en_us/research/23/c/information-on-attacks-involving-3cx-desktop-app.html
https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/
π£virusbtn
Continue...π
π@malwr
π₯1
https://unit42.paloaltonetworks.com/3cxdesktopapp-supply-chain-attack/
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
https://blog.talosintelligence.com/3cx-softphone-supply-chain-compromise/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack
https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check-point-customers-remain-protected/
https://www.zscaler.com/security-research/coverage-advisory-3cx-supply-chain-attack-march-2023
https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
π£virusbtn
π@malwr
https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/
https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats
https://www.malwarebytes.com/blog/news/2023/03/3cx-desktop-app-used-in-a-supply-chain-attack
https://blog.talosintelligence.com/3cx-softphone-supply-chain-compromise/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3cx-supply-chain-attack
https://blog.checkpoint.com/2023/03/29/3cxdesktop-app-trojanizes-in-a-supply-chain-attack-check-point-customers-remain-protected/
https://www.zscaler.com/security-research/coverage-advisory-3cx-supply-chain-attack-march-2023
https://www.fortinet.com/blog/threat-research/3cx-desktop-app-compromised
π£virusbtn
π@malwr
Unit 42
Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)
This threat brief details a supply chain attack involving a software-based phone application 3CXDesktopApp that installs two malicious libraries.
π₯1
SonicWall researchers analyse a recent AsyncRAT malware variant, finding additional commands support from the C2, a clipper module, a cryptostealer module, a keylogger module, and the ability to prevent the system from going to sleep. https://securitynews.sonicwall.com/xmlpost/asyncrat-variant-includes-cryptostealer-capabilites/
π£virusbtn
π@malwr
π£virusbtn
π@malwr
Twitter has open-sourced their recommendation algorithm.
https://github.com/twitter/the-algorithm
π£vxunderground
π@malwr
https://github.com/twitter/the-algorithm
π£vxunderground
π@malwr
GitHub
GitHub - twitter/the-algorithm: Source code for the X Recommendation Algorithm
Source code for the X Recommendation Algorithm. Contribute to twitter/the-algorithm development by creating an account on GitHub.
How to avoid the aCropalypse
π£Gallus
βBuy an iPhoneβ
π€nikanjX
i thought they were all fixed already? shouldn't the answer be just "update yo shit"?
π€run_out_of_cake
I am a little confused. Does this only affect PNG? Don't most pixel phones shoot in jpg? Is that also affected?
π€digitalend
π@malwr
π£Gallus
βBuy an iPhoneβ
π€nikanjX
i thought they were all fixed already? shouldn't the answer be just "update yo shit"?
π€run_out_of_cake
I am a little confused. Does this only affect PNG? Don't most pixel phones shoot in jpg? Is that also affected?
π€digitalend
π@malwr
The Trail of Bits Blog
How to avoid the aCropalypse
The aCropalypse is upon us! Last week, news about CVE-2023-21036, nicknamed the βaCropalypse,β spread across Twitter and other media, and I quickly realized that the underlying flaw could be detected by our tool, PolyTracker. Iβll explain how PolyTrackerβ¦
β€1
Announcing Fibratus 1.10.0 - a modern Windows kernel tracing and threat detection engine
π£rabbitstack
π@malwr
π£rabbitstack
π@malwr
GitHub
Release v1.10.0 Β· rabbitstack/fibratus
Release Notes
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
New features
filter language grammar for sequence rules and decommission of sequence policy types Read more
bound fields and sequence aliases Read more
file path manipulation filter ...
π οΈ .NET malware decompiling challenges: Obfuscations of strings/constants can be tedious. Automate w/ IDA Pro's Python π interface for MSIL binary patching, even for simple cases: https://threatcat.ch/blog/undo-dotnet-constant-obfuscation-in-ida-pro/
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
#CyberSecurity #MalwareAnalysis #IDAPro #DotNET
π£threatcat_ch
π@malwr
YARA is for detection, analysis, IR, TI & more. Its an automation vehicle, a conduit to help you test, store your insights & *applied* to data. Its accessible & fun & can make your hard work & analyses more durable and lasting at scale.
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
http://yararul.es/
#100daysofYARA
π£stvemillertime
π@malwr
GitHub
GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
Rules Shared by the Community from 100 Days of YARA 2023 - GitHub - 100DaysofYARA/2023: Rules Shared by the Community from 100 Days of YARA 2023
π¦Reverse Engineering a Native Desktop Application (Tauri App)
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
- And solving the CTF Challenge
https://infosecwriteups.com/reverse-engineering-a-native-desktop-application-tauri-app-5a2d92772da5
#infosec #reverseengineering #tauri #rustlang #rust
π£AstraKernel
π@malwr
A lot of things to learn in this series by greenluigi1 on car Infotainment system hacking
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
#hacking
π£0xor0ne
π@malwr
π₯1
Sandbox for automated Linux malware analysis. https://github.com/danieluhricek/LiSa
π£Tinolle
π@malwr
π£Tinolle
π@malwr
GitHub
GitHub - danielpoliakov/lisa: Sandbox for automated Linux malware analysis.
Sandbox for automated Linux malware analysis. Contribute to danielpoliakov/lisa development by creating an account on GitHub.
β€1
IDAPython: Disassembly items, bytes and strings by @0xeb #idapro
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
https://www.youtube.com/watch?v=TeXbwEWsI_Y
π£_qaz_qaz
π@malwr
YouTube
IDAPython: Disassembly items, bytes and strings
In this episode we cover the concept of disassembly items (code, data, unk), and flags then work with bytes and strings.
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
We also, indirectly, answer the question: "How to tell if one instruction jumps into the middle of another instruction?"
Analysis of Linux malware OrBit by @Stormshield
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr
https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/
Original analysis blogpost by @IntezerLabs
https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat/
#cybersecurity
π£0xor0ne
π@malwr