Malware News pinned Β«Guys with premium telegram account, boost please: https://t.me/malwr?boostΒ»
From ScreenConnect to Hive Ransomware in 61 hours
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such β¦
https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/
π@malwr
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, such β¦
https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/
π@malwr
The DFIR Report
From ScreenConnect to Hive Ransomware in 61 hours
In 2022, The DFIR Report observed an increase in the adversarial usage of Remote Management and Monitoring (RMM) tools. When compared to post-exploitation channels that heavily rely on terminals, sβ¦
A collection of several hundred online tools for OSINT
I recently found a good OSINT tool collection in GitHub, since I'm a newbie I'm not sure if this repository is already famous but still here to share for people like me. Here are some of the examples:
https://preview.redd.it/dlppp3fpdbqb1.png?width=664&format=png&auto=webp&s=67fab44537f2ce036510f44ef6792d56f73dc7fd
https://preview.redd.it/mg6qc7qxdbqb1.png?width=661&format=png&auto=webp&s=4e0799326b8aa2723aae0ee87dac605c7a351591
https://preview.redd.it/80njhnh3ebqb1.png?width=663&format=png&auto=webp&s=536290aec9a6ffc03358f2d9774bd0f4271efd1f
Source: https://github.com/cipher387/osint\_stuff\_tool\_collection
π£Eastern_Value_8285
π@malwr
I recently found a good OSINT tool collection in GitHub, since I'm a newbie I'm not sure if this repository is already famous but still here to share for people like me. Here are some of the examples:
https://preview.redd.it/dlppp3fpdbqb1.png?width=664&format=png&auto=webp&s=67fab44537f2ce036510f44ef6792d56f73dc7fd
https://preview.redd.it/mg6qc7qxdbqb1.png?width=661&format=png&auto=webp&s=4e0799326b8aa2723aae0ee87dac605c7a351591
https://preview.redd.it/80njhnh3ebqb1.png?width=663&format=png&auto=webp&s=536290aec9a6ffc03358f2d9774bd0f4271efd1f
Source: https://github.com/cipher387/osint\_stuff\_tool\_collection
π£Eastern_Value_8285
π@malwr
European Cybersecurity Month Kick-off | Upcoming events | Events | Think Tank | European Parliament - On 26 September, the European Parliament will host the interinstitutional kick-off event of the European Cybersecurity Month 2023
π£digicat
π@malwr
π£digicat
π@malwr
www.europarl.europa.eu
European Cybersecurity Month Kick-off | Past events | Events | Think Tank | European Parliament
hashlookup-forensic-analyser version 1.3 - including Bloom filter improvements and bugs fixed
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
Release hashlookup-forensic-analyser version 1.3 - including Bloom filter improvements and bugs fixed Β· hashlookup/hashlookup-forensicβ¦
hashlookup-forensic-analyser version 1.3 - including Bloom filter improvements and bugs fixed. You can now specify the hash algorithm used for the Bloom filter sets.
Thanks to Jens Hubler for the c...
Thanks to Jens Hubler for the c...
Misuse of Windows Projected File System (ProjFS) proof-of-concept - A file provided by ProjFS changing its content depends on who's asking. File "contains" a full path to the asking process image... EDR file telemetry hoovers broken in 3..2..
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
PSBits/ProjFS at master Β· gtworek/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual. - gtworek/PSBits
New SEC Cybersecurity Rules: What You Need to Know
The US Securities and Exchange Commission (SEC) recently adopted rules regarding mandatory cybersecurity disclosure. Explore what this announcement means for you and your organization.
https://www.trendmicro.com/en_us/research/23/h/sec-cybersecurity-rules-2023.html
π@malwr
The US Securities and Exchange Commission (SEC) recently adopted rules regarding mandatory cybersecurity disclosure. Explore what this announcement means for you and your organization.
https://www.trendmicro.com/en_us/research/23/h/sec-cybersecurity-rules-2023.html
π@malwr
Trend Micro
New SEC Cybersecurity Rules: What You Need to Know
[P2O Vancouver 2023 SharePoint Pre-Auth RCE chain (CVE-2023β29357 & CVE-2023β24955)](https://starlabs.sg/blog/2023/09-sharepoint-pre-auth-rce-chain/)
π£scopedsecurity
π@malwr
π£scopedsecurity
π@malwr
STAR Labs
[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023β29357 & CVE-2023β24955)
Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumedβ¦
Malware News pinned Β«Guys with premium telegram account, boost please: https://t.me/malwr?boostΒ»
Samples come as clean by AV but have hundreds of malicious & suspicious indicators
Hi, I just reinstalled but still I have suspicious files that come undetected by AV but have 100s of malicious / suspicious indicators
Anyone care to look at the hybrid-analysis.com results for example in the correct path and location
a few others saved here:
https://gist.github.com/SkyN9ne/f8d21a2438e33733f1bb3e61e7222096
Look at for example the "Incredibuild"
π£Skyline9Time
I'll add that isn't it weird that for example the Nvidia nvdispco64.exe says hash not seen before? so are many other files I'd expect the hashes to be in the DB
π€Skyline9Time
π@malwr
Hi, I just reinstalled but still I have suspicious files that come undetected by AV but have 100s of malicious / suspicious indicators
Anyone care to look at the hybrid-analysis.com results for example in the correct path and location
nvdispco64.exeanalysis: https://hybrid-analysis.com/sample/a02854e9615b6c7fee43508693dc4e795ae4938d42048aa1c19e98fa6e7b5d67/650e4c54983ef2e7cc04c7e3#mitre-matrix-modal
a few others saved here:
https://gist.github.com/SkyN9ne/f8d21a2438e33733f1bb3e61e7222096
Look at for example the "Incredibuild"
install.exementioned last on my Gist.... It was in my VS Code Insiders folder. The CPUInfo.exe and MailSpawn.exe were in the same directory. I just recently reinstalled, haven't downloaded anything but actual Visual Studio related development tools etc... no cracks, never ran a game on my PC in my life and again these come AV clean but are they not suspicious in your opinion?
π£Skyline9Time
I'll add that isn't it weird that for example the Nvidia nvdispco64.exe says hash not seen before? so are many other files I'd expect the hashes to be in the DB
π€Skyline9Time
π@malwr
β€1
Impact of Behavioral and Cognitive Variables on Phishing Identification Behavior
π£digicat
π@malwr
π£digicat
π@malwr
Proquest
Information Security: Impact of Behavioral and Cognitive Variables on Phishing Identification Behavior - ProQuest
Explore millions of resources from scholarly journals, books, newspapers, videos and more, on the ProQuest Platform.
25th September β Threat Intelligence Report
https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/
π@malwr
https://research.checkpoint.com/2023/25th-september-threat-intelligence-report/
π@malwr
Check Point Research
25th September β Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 25th September, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES Monti ransomware gang has claimed responsibility for a cyber-attack on New Zealandβs third-largest universityβ¦