Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity

Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization

https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity


🎖@malwr

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/


🎖@malwr

Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores

In the second part of this series, we will examine how attackers can trigger vulnerabilities by sending control messages masquerading as user traffic to cross over from user plane to control plane.

https://www.trendmicro.com/en_us/research/23/j/asn1-vulnerabilities-in-5g-cores.html


🎖@malwr

One login to rule them all: Should you sign in with Google or Facebook on other websites?

Why use and keep track of a zillion discrete accounts when you can log into so many apps and websites using your Facebook or Google credentials, right? Not so fast. What’s the trade-off?

https://www.welivesecurity.com/en/cybersecurity/one-login-rule-them-all-should-sign-in-google-facebook-other-websites/


🎖@malwr

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

https://blog.talosintelligence.com/attributing-yorotrooper/


🎖@malwr

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

https://blog.talosintelligence.com/talos-ir-trends-q3-2023/


🎖@malwr

Malware stories: Deworming the XWorm

XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.

https://cert.pl/en/posts/2023/10/deworming-the-xworm/


🎖@malwr

Small Screens, Big Risks: Falcon for Mobile Releases New Innovations to Accelerate Detection and Response for Mobile Threats

Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months...

https://www.crowdstrike.com/blog/falcon-for-mobile-releases-innovations/


🎖@malwr

How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure

In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization’s attack surface expands and cyberthreats proliferate, it is...

https://www.crowdstrike.com/blog/five-tips-to-shield-from-exposures/


🎖@malwr

Phishing Investigations: The Fast, Automated Method

Try out Intezer’s capabilities for automating phishing investigations for free. Learn more about our Starter and Complete plans or sign up for free here. At Intezer, we’re committed to enhancing security operations efficiency and effectiveness. Earlier in 2023, we were thrilled to announce the launch of our new features for Automated Phishing Investigations. These capabilities...

https://intezer.com/blog/alert-triage/automated-phishing-investigation/


🎖@malwr

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible

https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/


🎖@malwr

Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure

This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.

https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/


🎖@malwr

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.

https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html


🎖@malwr