Email Security Best Practices for Phishing Prevention
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
🎖@malwr
Trend Micro Research reported a 29% growth in phishing attacks blocked and detected in 2022. Explore the latest phishing trends and email security best practices to enhance your email security and reduce cyber risk.
https://www.trendmicro.com/en_us/ciso/22/k/email-security-best-practices.html
🎖@malwr
Trend Micro
Email Security Best Practices for Phishing Prevention
Explore the latest phishing trends, how to prevent attacks, and email security best practices to enhance your email security and reduce cyber risk.
The path from VT Intelligence queries to VT Livehunt rules: A CTI analyst approach
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
🎖@malwr
https://blog.virustotal.com/2023/10/the-path-from-vt-intelligence-queries.html
🎖@malwr
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
🎖@malwr
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
https://blog.talosintelligence.com/snapshot-fuzzing-direct-composition-with-wtf/
🎖@malwr
Cisco Talos
Snapshot fuzzing direct composition with WTF
Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
The forgotten malvertising campaign
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
🎖@malwr
Malwarebytes
The forgotten malvertising campaign
In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are...
2023-10-17 - TA577 Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/10/17/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/17/index.html
🎖@malwr
2023-10-16 - TA577 IcedID infection
https://www.malware-traffic-analysis.net/2023/10/16/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/16/index.html
🎖@malwr
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
🎖@malwr
Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...
https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/
🎖@malwr
Intezer
AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI
Revolutionize threat analysis with AI Insights. Get comprehensive verdicts and summaries for text-based scripts.
Government-backed actors exploiting WinRAR vulnerability
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
🎖@malwr
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
🎖@malwr
Google
Government-backed actors exploiting WinRAR vulnerability
Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.
CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
https://www.thezdi.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
🎖@malwr
https://www.thezdi.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
🎖@malwr
Zero Day Initiative
Zero Day Initiative — CVE-2023-38600: Story of an innocent Apple Safari copyWithin gone (way) outside
In May 2023, we received a vulnerability report from an anonymous researcher regarding a vulnerability in Apple Safari. It turned out to be an interesting classic integer underflow vulnerability. Apple assigned CVE-2023-38600 to this issue and fixed it in…
Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/
🎖@malwr
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/
🎖@malwr
Russia Creates No-Win Situation for Western Companies
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies
🎖@malwr
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies
🎖@malwr
Recordedfuture
Russia Creates No-Win Situation for Western Companies | Recorded Future
Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine
Clever malvertising attack uses Punycode to look like KeePass's official website
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
🎖@malwr
Malwarebytes
Clever malvertising attack uses Punycode to look like KeePass’s official website
Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious...
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity
🎖@malwr
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity
🎖@malwr
Recordedfuture
Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future
Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
🎖@malwr
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
🎖@malwr
The Citizen Lab
“Please do not make it public”
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts…
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cores.html
🎖@malwr
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cores.html
🎖@malwr
Trend Micro
Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores
In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.
One login to rule them all: Should you sign in with Google or Facebook on other websites?
Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?
https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/
🎖@malwr
Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?
https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/
🎖@malwr
Welivesecurity
One login to rule them all: Should you sign in with Google or Facebook on other websites?
Why use a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?
Here are the pros and cons of the consumer variety of an authentication method called…
Here are the pros and cons of the consumer variety of an authentication method called…
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.
https://blog.talosintelligence.com/attributing-yorotrooper/
🎖@malwr
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.
https://blog.talosintelligence.com/attributing-yorotrooper/
🎖@malwr
Cisco Talos
Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan
Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.
Attacks on web applications spike in third quarter, new Talos IR data shows
We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.
https://blog.talosintelligence.com/talos-ir-trends-q3-2023/
🎖@malwr
We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.
https://blog.talosintelligence.com/talos-ir-trends-q3-2023/
🎖@malwr
Cisco Talos Blog
Attacks on web applications spike in third quarter, new Talos IR data shows
We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.
Malware stories: Deworming the XWorm
XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.
https://cert.pl/en/posts/2023/10/deworming-the-xworm/
🎖@malwr
XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.
https://cert.pl/en/posts/2023/10/deworming-the-xworm/
🎖@malwr
cert.pl
Malware stories: Deworming the XWorm
XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.
How to increase radio range of Flipper Zero yourself beyond 100 meters
https://www.mobile-hacker.com/2023/10/24/how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters
🎖@malwr
https://www.mobile-hacker.com/2023/10/24/how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters
🎖@malwr
Mobile Hacker
How to increase radio range of Flipper Zero yourself beyond 100 meters Mobile Hacker
Equipped with an integrated module, Flipper Zero is capable of both receiving and transmitting radio frequencies spanning from 300 MHz to 928 MHz. This module enables to capture, store, and replicate remote controls, commonly employed for tasks such as interfacing…
Small Screens, Big Risks: Falcon for Mobile Releases New Innovations to Accelerate Detection and Response for Mobile Threats
Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months...
https://www.crowdstrike.com/blog/falcon-for-mobile-releases-innovations/
🎖@malwr
Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months...
https://www.crowdstrike.com/blog/falcon-for-mobile-releases-innovations/
🎖@malwr
crowdstrike.com
Falcon for Mobile to Accelerate Detection and Response for Mobile Threats
Falcon for Mobile released innovations aimed at streamlining mobile device enrollment, advancing detection capabilities, and accelerating incident response.