Detect Wi-Fi deauthentication attack using ESP8266 and receive notification on smartphone
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/?utm_source=rss&utm_medium=rss&utm_campaign=detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone
๐@malwr
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/?utm_source=rss&utm_medium=rss&utm_campaign=detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone
๐@malwr
Mobile Hacker
Detect Wi-Fi deauthentication attack using ESP8266 and receive notification on smartphone Mobile Hacker
A Wi-Fi deauthentication attack, also known as a "deauth attack" or "disassociation attack," is a type of denial-of-service that targets wireless networks. The primary goal of this attack is to disconnect or deauthenticate devices (such as smartphones, laptopsโฆ
DarkGate Opens Organizations for Attack via Skype, Teams
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victimโs system, additional payloads were introduced to the environment.
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
๐@malwr
We detail an ongoing campaign abusing messaging platforms Skype and Teams to distribute the DarkGate malware to targeted organizations. We also discovered that once DarkGate is installed on the victimโs system, additional payloads were introduced to the environment.
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
๐@malwr
Trend Micro
DarkGate Opens Organizations for Attack via Skype, Teams
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version of NetworkMiner to see how GzipLoader downloads...
https://www.netresec.com/?page=Blog&month=2023-10&post=Forensic-Timeline-of-an-IcedID-Infection
๐@malwr
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version of NetworkMiner to see how GzipLoader downloads...
https://www.netresec.com/?page=Blog&month=2023-10&post=Forensic-Timeline-of-an-IcedID-Infection
๐@malwr
Netresec
Forensic Timeline of an IcedID Infection
The BackConnect and VNC parsers that were added to NetworkMiner 2.8.1 provide a unique possibility to trace the steps of an attacker with help of captured network traffic from a hacked computer. In this blog post I use the free and open source version ofโฆ
Ransomware review: October 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/ransomware-review-october-2023
๐@malwr
Malwarebytes
Ransomware review: October 2023
In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly different approaches to ransomware negotiation.
Stalkerware activity drops as glaring spying problem is revealed
https://www.malwarebytes.com/blog/news/2023/10/stalkerware-activity-drops-but-glaring-problem-with-spying-revealed
๐@malwr
https://www.malwarebytes.com/blog/news/2023/10/stalkerware-activity-drops-but-glaring-problem-with-spying-revealed
๐@malwr
Malwarebytes
Stalkerware activity drops as glaring spying problem is revealed
North America has a spying problem. Its perpetrators are everyday people.
Top resources for Cybersecurity Awareness Month
Plus, many of the worldโs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
๐@malwr
Plus, many of the worldโs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
๐@malwr
Cisco Talos Blog
Top resources for Cybersecurity Awareness Month
Plus, many of the worldโs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
๐@malwr
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
๐@malwr
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
๐คทโโ1
2023-10-12 - DarkGate infection from Teams Chat
https://www.malware-traffic-analysis.net/2023/10/12/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/12/index.html
๐@malwr
2023-10-13 - TA577 DarkGate infection
https://www.malware-traffic-analysis.net/2023/10/13/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/13/index.html
๐@malwr
2023-10-11 - Lumma Stealer infection
https://www.malware-traffic-analysis.net/2023/10/11/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/11/index.html
๐@malwr
Microsoft Azure Sentinel 101: Log Source, DataTable & End Point Monitoring
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
๐ฃthattechkitten
๐@malwr
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
๐ฃthattechkitten
๐@malwr
Medium
Microsoft Azure Sentinel 101: Log Source, Dataable & End Point MonitoringโโโBe alerted when aโฆ
One of the most important thing is monitoring log ingestion and making alerts for when sources go down.
CovenantDecryptor: designed to decrypt the communication data of Covenant traffic - Extract_privatekey script retrieves the p and q primes from a minidump file to construct an RSA private key. decrypt_covenant_traffic script decrypts..
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
GitHub - naacbin/CovenantDecryptor
Contribute to naacbin/CovenantDecryptor development by creating an account on GitHub.
Microsoft Defender for Endpoint Internals 0x05 โ Telemetry for sensitive actions
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
Medium
Microsoft Defender for Endpoint Internals 0x05โโโTelemetry for sensitive actions
In the previous edition of this series I discussed the Timeline telemetry. Since that blog the amount of events has certainly grown. Iโveโฆ
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service โ Follow The Money
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
๐@malwr
McAfee Blog
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Follow The Money | McAfee Blog
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to
๐1
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
๐@malwr
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
๐@malwr
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server โ a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behaviorโฆ