Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian.

https://blog.talosintelligence.com/attributing-yorotrooper/


🎖@malwr

Attacks on web applications spike in third quarter, new Talos IR data shows

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

https://blog.talosintelligence.com/talos-ir-trends-q3-2023/


🎖@malwr

Malware stories: Deworming the XWorm

XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.

https://cert.pl/en/posts/2023/10/deworming-the-xworm/


🎖@malwr

Small Screens, Big Risks: Falcon for Mobile Releases New Innovations to Accelerate Detection and Response for Mobile Threats

Mobile devices have become critical endpoints for accessing enterprise applications, systems and data. Adversaries know this all too well, as evidenced by the growing numbers of attacks that target mobile devices. Verizon’s 2022 Mobile Security Index found almost half (45%) of enterprises had recently suffered a mobile-related compromise involving devices in the last 12 months...

https://www.crowdstrike.com/blog/falcon-for-mobile-releases-innovations/


🎖@malwr

How Well Do You Know Your Attack Surface? Five Tips to Reduce the Risk of Exposure

In an increasingly connected digital landscape, the security of your organization’s data and publicly facing assets is more critical than ever. According to the CrowdStrike 2023 Threat Hunting Report, more than 20% of all interactive intrusions are associated with the exploitation of public-facing applications. As an organization’s attack surface expands and cyberthreats proliferate, it is...

https://www.crowdstrike.com/blog/five-tips-to-shield-from-exposures/


🎖@malwr

Phishing Investigations: The Fast, Automated Method

Try out Intezer’s capabilities for automating phishing investigations for free. Learn more about our Starter and Complete plans or sign up for free here. At Intezer, we’re committed to enhancing security operations efficiency and effectiveness. Earlier in 2023, we were thrilled to announce the launch of our new features for Automated Phishing Investigations. These capabilities...

https://intezer.com/blog/alert-triage/automated-phishing-investigation/


🎖@malwr

Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers

ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible

https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/


🎖@malwr

Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure

This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.

https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/


🎖@malwr

How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.

https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html


🎖@malwr

Charting New Terrain: The Shift to Resilience and Proximity in Cyber Risk

Draft deadlines are a necessary but sometimes unfortunate book editing reality.

https://www.recordedfuture.com/charting-new-terrain-shift-resilience-proximity-cyber-risk


🎖@malwr

ESET APT Activity Report Q2–Q3 2023

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023

https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/


🎖@malwr

Netsupport Intrusion Results in Domain Compromise

NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …

https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/


🎖@malwr