Focus on DroxiDat/SystemBC - , the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nationβs critical infrastructure.
π£digicat
π@malwr
π£digicat
π@malwr
Securelist
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack
π£yankmywire
π@malwr
π£yankmywire
π@malwr
CBC
LifeLabs could pay at least $4.9M in proposed class-action settlement over cyberattack | CBC News
LifeLabs could pay at least $4.9 million and up to $9.8 million to settle a class-action lawsuit arising from a 2019 cyberattack that compromised patient data, primarily in Ontario and B.C.
Creating a lightweight malware Scanner
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
π£Benben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
π€_hudsn
π@malwr
Dear Cybersecurity experts,
I worked at a company where a lot of people would come by with their personal USB drives and use them to load documents onto computers inside the corporate network. These computers where outside of the internet and had no antivirus, meaning that if a virus would be loaded onto it using an USB it could damage the machine easily. Nobody ever checked the comtent of the usb drives before connecting them.
To prevent this, I came up with the simple solution of creating an application for the Raspberry Pi. The Raspberry Pi had a touchscreen, so when the user brought his usb drive, he would connect it to the raspberry pi, select it on the touchscreen and let it verify from the app. After it was confirmed from the application that the usb was clean, the user was allowed to connect it to the server. Even if a virus happened to infect the Raspberry Pi (very unlikely), it was easier to replace than a computer.
Since the Raspberry Pi 3 I used for the project didn't have that much resources to work with, the virus scanner I created was very simple and only used MD5 hashes to check for viruses. It compared each hashed file with a database and that's it. On one hand it's a very fast and lightweight approach, on the other hand it's not very secure.
So, since I'm not an Security expert myself, I wanted to ask you if you know any other systems I might use to check a file without using up too much resources. Sandboxing a file for example is probably not possible using just about 1GB Ram.
If you want to check it out, my project is open-source: Raspirus
I used the signatures in MD5 format from Virusshare for my database.
π£Benben377
You could possibly try some sort of YARA implementation.
YARA:
https://virustotal.github.io/yara/
more resources and rule sets:
https://github.com/InQuest/awesome-yara
π€_hudsn
π@malwr
GitHub
GitHub - Raspirus/raspirus: A user- and resources-friendly rules-based malware scanner
A user- and resources-friendly rules-based malware scanner - Raspirus/raspirus
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth
π£TheCrazyAcademic
π@malwr
π£TheCrazyAcademic
π@malwr
Medium
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects andβ¦
Radical Redirection Rodeo: Exploring The Redirection Bug Classes Of Server Side Open Redirects and Client Side Open Redirects More Indepth So I wanted to explore the two bug classes of server sideβ¦
Administrator of βBulletproofβ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
π£jnazario
π@malwr
π£jnazario
π@malwr
www.justice.gov
Administrator of βBulletproofβ Webhosting Domain Charged in Connection
An indictment was unsealed yesterday in Tampa, Florida, charging a Polish national with computer fraud conspiracy, wire fraud conspiracy, and international money laundering in connection with the provision of βbulletproofβ webhosting services that facilitatedβ¦
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
π£digicat
π@malwr
π£digicat
π@malwr
Cisco Talos Blog
New threat actor targets Bulgaria, China, Vietnam and other countries with customized Yashma ransomware
Cisco Talos discovered an unknown threat actor, seemingly of Vietnamese origin, conducting a ransomware operation that began at least as early as June 4, 2023 with customized Yashma ransomware.
π1
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
π£digicat
π@malwr
π£digicat
π@malwr
Eclecticiq
German Embassy Lure: Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs
EclecticIQ researchers identified two PDFs that are likely part of an ongoing campaign targeting Ministries of Foreign Affairs of NATO aligned countries.