Beware: Lumma Stealer Distributed via Discord CDN

This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.

https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html


🎖@malwr

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.

https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/


🎖@malwr

How to Analyze Malicious Microsoft Office Files

Microsoft Office files (and other file types commonly used for delivering malware, including binary files, documents, scripts, and archives) are supported in Intezer for both on-demand sandboxing and automated alert triage. Phishing attacks are one of the three primary ways attackers get access to organizations according to Verizon’s 2023 Data Breach Investigations Report… and many...

https://intezer.com/blog/malware-analysis/analyze-malicious-microsoft-office-files/


🎖@malwr

Email Security Best Practices for Phishing Prevention

Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.

https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html


🎖@malwr

Snapshot fuzzing direct composition with WTF

Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.

https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/


🎖@malwr

AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI

Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...

https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/


🎖@malwr

Government-backed actors exploiting WinRAR vulnerability

Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.

https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/


🎖@malwr

Russia Creates No-Win Situation for Western Companies

Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine

https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies


🎖@malwr

Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity

Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization

https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity


🎖@malwr

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/


🎖@malwr

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.

https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cores.html


🎖@malwr

One login to rule them all: Should you sign in with Google or Facebook on other websites?

Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?

https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/


🎖@malwr

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

https://blog.talosintelligence.com/attributing-yorotrooper/


🎖@malwr

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

https://blog.talosintelligence.com/talos-ir-trends-q3-2023/


🎖@malwr