Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
🎖@malwr
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
🎖@malwr
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior…
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
🎖@malwr
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.Continue reading
https://securitycafe.ro/2023/10/16/trench-tales-the-college-account-takeover-that-never-happened/
🎖@malwr
Security Café
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project…
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
🎖@malwr
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
🎖@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
🎖@malwr
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
🎖@malwr
Cisco Talos
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software — CVE-2023-20198 and CVE-2023-20273 — when exposed to the internet or untrusted networks.
How to Analyze Malicious Microsoft Office Files
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizon’s 2023 Data Breach Investigations Report… and many...
https://intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/
🎖@malwr
Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizon’s 2023 Data Breach Investigations Report… and many...
https://intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/
🎖@malwr
Intezer
How to Analyze Malicious Microsoft Office Files
Got malicious Microsoft Office files? Check out this deep dive into the different Office file formats and how they are abused by attackers.
Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
🎖@malwr
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
🎖@malwr
Trend Micro
Email Security Best Practices for Phishing Prevention
Explore the latest phishing trends, how to prevent attacks, and email security best practices to enhance your email security and reduce cyber risk.
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
🎖@malwr
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
🎖@malwr
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
🎖@malwr
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
🎖@malwr
Cisco Talos
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
The forgotten malvertising campaign
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
🎖@malwr
Malwarebytes
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are...
2023-10-17 - TA577 Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/10/17/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/17/index.html
🎖@malwr
2023-10-16 - TA577 IcedID infection
https://www.malware-traffic-analysis.net/2023/10/16/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/16/index.html
🎖@malwr
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
🎖@malwr
Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
🎖@malwr
Intezer
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Revolutionize threat analysis with AI Insights. Get comprehensive verdicts and summaries for text-based scripts.
Government-backed actors exploiting WinRAR vulnerability
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
🎖@malwr
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
🎖@malwr
Google
Government-backed actors exploiting WinRAR vulnerability
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
https://www.thezdi.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
🎖@malwr
https://www.thezdi.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
🎖@malwr
Zero Day Initiative
Zero Day Initiative — CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
In May 2023, we received a vulnerability report from an anonymous researcher regarding a vulnerability in Apple Safari. It turned out to be an interesting classic integer underflow vulnerability. Apple assigned CVE-2023-38600 to this issue and fixed it in…
Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/
🎖@malwr
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/
🎖@malwr
Russia Creates No-Win Situation for Western Companies
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies
🎖@malwr
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies
🎖@malwr
Recordedfuture
Russia Creates No-Win Situation for Western Companies | Recorded Future
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
Clever malvertising attack uses Punycode to look like KeePass's official website
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
🎖@malwr
Malwarebytes
Clever malvertising attack uses Punycode to look like KeePass’s official website
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious...
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity
🎖@malwr
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity
🎖@malwr
Recordedfuture
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
🎖@malwr
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
🎖@malwr
The Citizen Lab
“Please do not make it public”
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts…