9th October – Threat Intelligence Report
https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/
🎖@malwr
https://research.checkpoint.com/2023/9th-october-threat-intelligence-report/
🎖@malwr
Check Point Research
9th October – Threat Intelligence Report - Check Point Research
For the latest discoveries in cyber research for the week of 9th October, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES The American Rock County Public Health Department, which serves more than 160K people across Wisconsin area…
Electric Power System Cybersecurity Vulnerabilities
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.
https://www.trendmicro.com/en_us/research/23/j/electric-power-system-cybersecurity-vulnerabilities.html
🎖@malwr
Digitalization has changed the business environment of the electric power industry, exposing it to various threats. This webinar will help you uncover previously unnoticed threats and develop countermeasures and solutions.
https://www.trendmicro.com/en_us/research/23/j/electric-power-system-cybersecurity-vulnerabilities.html
🎖@malwr
Trend Micro
Electric Power System Cybersecurity Vulnerabilities
Learn about cybersecurity vulnerabilities in electric power systems by watching this recent webinar.
2023-10-04 - DarkGate malware infection
https://www.malware-traffic-analysis.net/2023/10/04/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/04/index.html
🎖@malwr
Microsoft Response to Distributed Denial of Service (DDoS) Attacks against HTTP/2
Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
🎖@malwr
Summary Summary Beginning in September 2023, Microsoft was notified by industry partners about a newly identified Distributed Denial-of-Service (DDoS) attack technique being used in the wild targeting HTTP/2 protocol. This vulnerability (CVE-2023-44487) impacts any internet exposed HTTP/2 endpoints. As an industry leader, Microsoft promptly opened an investigation and subsequently began working with industry partners for a coordinated disclosure and mitigation plan.
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
🎖@malwr
The October 2023 Security Update Review
https://www.thezdi.com/blog/2023/10/10/the-october-2023-security-update-review
🎖@malwr
https://www.thezdi.com/blog/2023/10/10/the-october-2023-security-update-review
🎖@malwr
Zero Day Initiative
Zero Day Initiative — The October 2023 Security Update Review
Twenty years ago this month, Microsoft introduced the concept of “Patch Tuesday” – although the marketing folks wanted it called “Update Tuesday” (they didn’t like the word “patch”). Over the years, more companies joined the Patch Tuesday bandwagon. Here…
👏1
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/
🎖@malwr
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/
🎖@malwr
Cisco Talos Blog
10 zero-day vulnerabilities in industrial cell router could lead to code execution, buffer overflows
Attackers could exploit these vulnerabilities in the Yifan YF325 to carry out a variety of attacks, in some cases gaining the ability to execute arbitrary shell commands on the targeted device.
Stayin’ Alive – Targeted Attacks Against Telecoms and Government Ministries in Asia
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/
🎖@malwr
https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/
🎖@malwr
Check Point Research
Stayin’ Alive - Targeted Attacks Against Telecoms and Government Ministries in Asia - Check Point Research
Introduction In the last few months, Check Point Research has been tracking “Stayin’ Alive”, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations.…
How to Prevent Ransomware as a Service (RaaS) Attacks
Explore key insights on how ransomware as a service (RaaS) operators work and how to prevent ransomware attacks.
https://www.trendmicro.com/en_us/ciso/22/i/prevent-ransomware-as-a-service-raas-attacks.html
🎖@malwr
Explore key insights on how ransomware as a service (RaaS) operators work and how to prevent ransomware attacks.
https://www.trendmicro.com/en_us/ciso/22/i/prevent-ransomware-as-a-service-raas-attacks.html
🎖@malwr
Trend Micro
How to Prevent Ransomware as a Service (RaaS) Attacks
Explore key insights on how ransomware as a service (RaaS) operators work to help you enhance your cybersecurity defenses.
New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects
https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/
🎖@malwr
https://www.virusbulletin.com/blog/2023/10/new-paper-nexus-android-banking-botnet-compromising-cc-panels-and-dissecting-mobile-appinjects/
🎖@malwr
Virusbulletin
Virus Bulletin :: New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects
In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.
Detect Wi-Fi deauthentication attack using ESP8266 and receive notification on smartphone
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/?utm_source=rss&utm_medium=rss&utm_campaign=detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone
🎖@malwr
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/?utm_source=rss&utm_medium=rss&utm_campaign=detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone
🎖@malwr
Mobile Hacker
Detect Wi-Fi deauthentication attack using ESP8266 and receive notification on smartphone Mobile Hacker
A Wi-Fi deauthentication attack, also known as a "deauth attack" or "disassociation attack," is a type of denial-of-service that targets wireless networks. The primary goal of this attack is to disconnect or deauthenticate devices (such as smartphones, laptops…
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
🎖@malwr
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victim’s system, additional payloads were introduced to the environment.
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
🎖@malwr
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version of NetworkMiner to see how GzipLoader downloads...
https://www.netresec.com/?page=Blog&month=2023-10&post=Forensic-Timeline-of-an-IcedID-Infection
🎖@malwr
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version of NetworkMiner to see how GzipLoader downloads...
https://www.netresec.com/?page=Blog&month=2023-10&post=Forensic-Timeline-of-an-IcedID-Infection
🎖@malwr
Netresec
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version of…
Ransomware review: October 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023
🎖@malwr
Malwarebytes
Ransomware review: October 2023
In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly different approaches to ransomware negotiation.
Stalkerware activity drops as glaring spying problem is revealed
https://www.malwarebytes.com/blog/news/2023/10/stalkerware-activity-drops-but-glaring-problem-with-spying-revealed
🎖@malwr
https://www.malwarebytes.com/blog/news/2023/10/stalkerware-activity-drops-but-glaring-problem-with-spying-revealed
🎖@malwr
Malwarebytes
Stalkerware activity drops as glaring spying problem is revealed
North America has a spying problem. Its perpetrators are everyday people.
Top resources for Cybersecurity Awareness Month
Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
🎖@malwr
Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
🎖@malwr
Cisco Talos Blog
Top resources for Cybersecurity Awareness Month
Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
🎖@malwr
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
🎖@malwr
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
🤷♀1
2023-10-12 - DarkGate infection from Teams Chat
https://www.malware-traffic-analysis.net/2023/10/12/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/12/index.html
🎖@malwr
2023-10-13 - TA577 DarkGate infection
https://www.malware-traffic-analysis.net/2023/10/13/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/13/index.html
🎖@malwr
2023-10-11 - Lumma Stealer infection
https://www.malware-traffic-analysis.net/2023/10/11/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/11/index.html
🎖@malwr
Microsoft Azure Sentinel 101: Log Source, DataTable & End Point Monitoring
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
🗣thattechkitten
🎖@malwr
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
🗣thattechkitten
🎖@malwr
Medium
Microsoft Azure Sentinel 101: Log Source, Dataable & End Point Monitoring — Be alerted when a…
One of the most important thing is monitoring log ingestion and making alerts for when sources go down.