AI Insights for Scripts, Macros, and More: Revolutionizing Threat Analysis with AI

Intezer’s AI Insights is now available for scripts, macros, phishing emails, command line processes, and more. AI Insights are automatically generated by Intezer for alerts triaged from your connected sources. At Intezer, we’re always pushing the boundaries of what’s possible in cybersecurity. In the spring, we were thrilled to announce the launch of our first...

https://intezer.com/blog/alert-triage/ai-insights-revolutionizing-threat-analysis/


🎖@malwr

Government-backed actors exploiting WinRAR vulnerability

Google's Threat Analysis Group analyzes recent state-sponsored campaigns exploiting the WinRAR vulnerability, CVE-2023-38831.

https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/


🎖@malwr

Russia Creates No-Win Situation for Western Companies

Western companies in Russia risk asset seizure due to escalating tensions and economic measures amidst the conflict with Ukraine

https://www.recordedfuture.com/russia-creates-no-win-situation-western-companies


🎖@malwr

Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity

Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization

https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity


🎖@malwr

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/


🎖@malwr

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.

https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cores.html


🎖@malwr

One login to rule them all: Should you sign in with Google or Facebook on other websites?

Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?

https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/


🎖@malwr

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

https://blog.talosintelligence.com/attributing-yorotrooper/


🎖@malwr

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

https://blog.talosintelligence.com/talos-ir-trends-q3-2023/


🎖@malwr

Malware stories: Deworming the XWorm

XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.

https://cert.pl/en/posts/2023/10/deworming-the-xworm/


🎖@malwr

Small Screens, Big Risks: Falcon for Mobile Releases New Innovations to Accelerate Detection and Response for Mobile Threats

Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months...

https://www.crowdstrike.com/blog/falcon-for-mobile-releases-innovations/


🎖@malwr

How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure

In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization’s attack surface expands and cyberthreats proliferate, it is...

https://www.crowdstrike.com/blog/five-tips-to-shield-from-exposures/


🎖@malwr