Top resources for Cybersecurity Awareness Month
Plus, many of the worldβs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
π@malwr
Plus, many of the worldβs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
https://blog.talosintelligence.com/threat-source-newsletter-oct-12-2023/
π@malwr
Cisco Talos Blog
Top resources for Cybersecurity Awareness Month
Plus, many of the worldβs largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
π@malwr
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
π@malwr
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
π€·ββ1
2023-10-12 - DarkGate infection from Teams Chat
https://www.malware-traffic-analysis.net/2023/10/12/index.html
π@malwr
https://www.malware-traffic-analysis.net/2023/10/12/index.html
π@malwr
2023-10-13 - TA577 DarkGate infection
https://www.malware-traffic-analysis.net/2023/10/13/index.html
π@malwr
https://www.malware-traffic-analysis.net/2023/10/13/index.html
π@malwr
2023-10-11 - Lumma Stealer infection
https://www.malware-traffic-analysis.net/2023/10/11/index.html
π@malwr
https://www.malware-traffic-analysis.net/2023/10/11/index.html
π@malwr
Microsoft Azure Sentinel 101: Log Source, DataTable & End Point Monitoring
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
π£thattechkitten
π@malwr
Lots of great content and experience on how to do monitoring for log sources coming in to Sentinel.
https://medium.com/@truvis.thornton/microsoft-azure-sentinel-101-log-source-dataable-end-point-monitoring-be-alerted-when-a-1ff4fae77892
π£thattechkitten
π@malwr
Medium
Microsoft Azure Sentinel 101: Log Source, Dataable & End Point MonitoringβββBe alerted when aβ¦
One of the most important thing is monitoring log ingestion and making alerts for when sources go down.
CovenantDecryptor: designed to decrypt the communication data of Covenant traffic - Extract_privatekey script retrieves the p and q primes from a minidump file to construct an RSA private key. decrypt_covenant_traffic script decrypts..
π£digicat
π@malwr
π£digicat
π@malwr
GitHub
GitHub - naacbin/CovenantDecryptor
Contribute to naacbin/CovenantDecryptor development by creating an account on GitHub.
Microsoft Defender for Endpoint Internals 0x05 β Telemetry for sensitive actions
π£digicat
π@malwr
π£digicat
π@malwr
Medium
Microsoft Defender for Endpoint Internals 0x05βββTelemetry for sensitive actions
In the previous edition of this series I discussed the Timeline telemetry. Since that blog the amount of events has certainly grown. Iβveβ¦
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service β Follow The Money
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
π@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-follow-the-money/
π@malwr
McAfee Blog
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service - Follow The Money | McAfee Blog
Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research (ATR) analysis of Sodinokibi and its connections to
π1
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server β a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
π@malwr
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server β a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
π@malwr
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server β a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behaviorβ¦
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
π@malwr
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
π@malwr
Security CafΓ©
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research projectβ¦
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordβs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
π@malwr
This blog discusses how threat actors abuse Discordβs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
π@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordβs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
π@malwr
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
π@malwr
Cisco Talos
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software β CVE-2023-20198 and CVE-2023-20273 β when exposed to the internet or untrusted networks.