APT34 Deploys Phishing Attack With New Malware
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html
π@malwr
We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.
https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html
π@malwr
Trend Micro
APT34 Deploys Phishing Attack With New Malware
π2
2023-09-28 - IcedID (Bokbot) infection with Keyhole VNC and Cobalt Strike
https://www.malware-traffic-analysis.net/2023/09/28/index.html
π@malwr
https://www.malware-traffic-analysis.net/2023/09/28/index.html
π@malwr
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
π@malwr
While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor
https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/
π@malwr
Welivesecurity
Lazarus luring employees with trojanized coding challenges: The case of a Spanish aerospace company
ESET researchers uncover a Lazarus attack against an aerospace company in Spain, where the group deployed several tools, including a publicly undocumented backdoor we named LightlessCan.
β€1
RetrievIR - PowerShell script to assist DFIR teams with the collection of live-system evidence
π£panscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
π€panscanner
π@malwr
π£panscanner
Hey everyone - posting a new tool I've been working on to help blue team operators capture evidence from live systems - most operations are described in the readme, most common use-case is likely running RetrievIR.ps1 from an administrative prompt like 'retrievir.ps1 -tags sans_triage' - this will capture most artifacts described in the KAPE SANS Triage package.
Please let me know if there are any questions/feedback! It is still a WIP but very much functional - I created this because I love KAPE but the enterprise license sometimes holds me back from using it in certain situations. I am also working on the ingestion of tkape configuration files.
π€panscanner
π@malwr
GitHub
GitHub - joeavanzato/RetrievIR: PowerShell script designed to help Incident Responders collect forensic evidence from local andβ¦
PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices. - joeavanzato/RetrievIR
A Call To Action: Building the Cyber Workforce the Nation Needs | ONCD | The White House
π£digicat
π@malwr
π£digicat
π@malwr
The White House
A Call To Action: Building the Cyber Workforce the Nation Needs
By Kemba Walden, Acting National Cyber Director October is Cybersecurity Awareness Month and Iβd like to reflect on our collective responsibility to defend our country, serve our communities, and protect our families. Digital technologies today touch nearlyβ¦
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
π£digicat
π@malwr
π£digicat
π@malwr
TECHCOMMUNITY.MICROSOFT.COM
Public Preview: Strictly Enforce Location Policies with Continuous Access Evaluation
Strictly enforce location policies using continuous access evaluation is now in public preview!β
CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - Chocapikk/CVE-2023-29357: Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability - Chocapikk/CVE-2023-29357
Open-Source Remote Access Trojan Targets Armenian Airport and State Institutions - from Sept 22
π£digicat
π@malwr
π£digicat
π@malwr
CyberHUB-AM
Open-Source Remote Access Trojan Targets Armenian Airport and State Institutions - CyberHUB-AM
Threat-researchers at CyberHUB-AM, with the support from Internewsβ Martijn Grooten, are tracking [β¦]
Strengthening Your Defense Against IdP (Identity Provider)Attacks: Leveraging Google Workspace Admin Logs - pay to play in some cases
π£digicat
π@malwr
π£digicat
π@malwr
Medium
Strengthening Your Defense Against IdP (Identity Provider)Attacks: Leveraging Google Workspaceβ¦
In recent times, identity service provider (IdP) attacks have surged, impacting even major providers like Okta, Cloudflare, and Microsoftβ¦
Critical Vulnerabilities in Progress Software WS_FTP Server - exploitable with a single HTTPS POST request and a pre-existing ysoserial.net gadget - exploitation observed
π£digicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
π€digicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
π€digicat
https://censys.com/cve-2023-40044/
π€digicat
π@malwr
π£digicat
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 vendor advisory
π€digicat
https://x.com/MCKSysAr/status/1707855204647899194?s=20 < claimed exploit PoC
π€digicat
https://censys.com/cve-2023-40044/
π€digicat
π@malwr
Rapid7
Critical Vulnerabilities in WS_FTP Server | Rapid7 Blog
Sub7 source code released - an old code but it checks out
π£digicat
Fond memories π₯³
π€castleinthesky86
π@malwr
π£digicat
Fond memories π₯³
π€castleinthesky86
π@malwr
GitLab
illwill / Sub7 Β· GitLab
Source code for SubSeven 2.1.3
π2