Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
Warning: Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack - NSFOCUS, Inc., a globalโฆ
NSFOCUS Security Labs recently discovered a new APT attacker named AtlasCross, who uses two new Trojan programs and many rare attack techniques and tactics for attack activities.
Malware News pinned ยซGuys with premium telegram account, boost please: https://t.me/malwr?boostยป
How to Improve Cybersecurity Awareness and Training
Bill Malik, former Research Director at Gartner, discusses how to leverage the Capability Maturity Model to create an effective awareness program.
https://www.trendmicro.com/en_us/ciso/23/i/improve-cybersecurity-awareness-training.html
๐@malwr
Bill Malik, former Research Director at Gartner, discusses how to leverage the Capability Maturity Model to create an effective awareness program.
https://www.trendmicro.com/en_us/ciso/23/i/improve-cybersecurity-awareness-training.html
๐@malwr
Trend Micro
How to Improve Cybersecurity Awareness and Training
Bill Malik, former Research Director at Gartner, discusses how to leverage the Capability Maturity Model to create an effective cybersecurity awareness and training program.
Malicious ad served inside Bing's AI chatbot
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
๐@malwr
Malwarebytes
Malicious ad served inside Bingโs AI chatbot
In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAIโs GPT-4. Even though Google has been...
JonMon: a collection of open-source telemetry sensors designed to provide users with visibility into the operations and activity of their Windows systems. JonMon has a kernel-level driver component, which is designed to collect information related to system operations such as process creation etc.
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - jsecurity101/JonMon
Contribute to jsecurity101/JonMon development by creating an account on GitHub.
Hacking with Havoc C2 - Basic setup, installation, usage, and Windows Defender Bypass
Check out this video posted on Gemini Cyber Security Youtube channel, whereby the setup and installation step-by-step guide is demonstrated in the video. The video also showcases basic usage of the Havoc C2 tool, such as setting up a listener and generating payload for it.
As a bonus, it was also demonstrated how you can bypass the latest Windows Defender by utilising the shellcode format of the Havoc C2 payload (Demon agent) and executing the shellcode using AES encryption with a .DLL loader.
https://www.youtube.com/watch?v=DXJNWiZJGko
๐ฃcybermepls
๐@malwr
Check out this video posted on Gemini Cyber Security Youtube channel, whereby the setup and installation step-by-step guide is demonstrated in the video. The video also showcases basic usage of the Havoc C2 tool, such as setting up a listener and generating payload for it.
As a bonus, it was also demonstrated how you can bypass the latest Windows Defender by utilising the shellcode format of the Havoc C2 payload (Demon agent) and executing the shellcode using AES encryption with a .DLL loader.
https://www.youtube.com/watch?v=DXJNWiZJGko
๐ฃcybermepls
๐@malwr
YouTube
Havoc C2 Framework - Setup Demonstration with Windows Defender Bypass
Be better than yesterday -
This video provides a step-by-step guide on how to install the infamous Havoc C2 framework tool on a fresh Kali Virtual Machine with VMWare Workstation Player from scratch.
The video further provides a practical hands-on demonstrationโฆ
This video provides a step-by-step guide on how to install the infamous Havoc C2 framework tool on a fresh Kali Virtual Machine with VMWare Workstation Player from scratch.
The video further provides a practical hands-on demonstrationโฆ
APT34 Deploys Phishing Attack With New Malware
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html
๐@malwr
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html
๐@malwr
Trend Micro
APT34 Deploys Phishing Attack With New Malware
๐2
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://www.malware-traffic-analysis.net/2023/09/28/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/09/28/index.html
๐@malwr
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
๐@malwr
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
๐@malwr
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
โค1
RetrievIR - PowerShell script to assist DFIR teams with the collection of live-system evidence
๐ฃpanscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
๐คpanscanner
๐@malwr
๐ฃpanscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
๐คpanscanner
๐@malwr
GitHub
GitHub - joeavanzato/RetrievIR: PowerShell script designed to help Incident Responders collect forensic evidence from local andโฆ
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices. - joeavanzato/RetrievIR
A Call To Action: Building the Cyber Workforce the Nation Needs | ONCD | The White House
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
The White House
A Call To Action: Building the Cyber Workforce the Nation Needs
By Kemba Walden, Acting National Cyber Director October is Cybersecurity Awareness Month and Iโd like to reflect on our collective responsibility to defend our country, serve our communities, and protect our families. Digital technologies today touch nearlyโฆ
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
TECHCOMMUNITY.MICROSOFT.COM
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
Strictly enforce location policies using continuous access evaluation is now in public preview!โ
CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability - Chocapikk/CVE-2023-29357