Phishing Investigations: The Fast, Automated Method
Try out Intezer’s capabilities for automating phishing investigations for free. Learn more about our Starter and Complete plans or sign up for free here. At Intezer, we’re committed to enhancing security operations efficiency and effectiveness. Earlier in 2023, we were thrilled to announce the launch of our new features for Automated Phishing Investigations. These capabilities...
https://intezer.com/blog/alert-triage/automated-phishing-investigation/
🎖@malwr
Try out Intezer’s capabilities for automating phishing investigations for free. Learn more about our Starter and Complete plans or sign up for free here. At Intezer, we’re committed to enhancing security operations efficiency and effectiveness. Earlier in 2023, we were thrilled to announce the launch of our new features for Automated Phishing Investigations. These capabilities...
https://intezer.com/blog/alert-triage/automated-phishing-investigation/
🎖@malwr
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
🎖@malwr
ESET Research recommends updating Roundcube Webmail to the latest available version as soon as possible
https://www.welivesecurity.com/en/eset-research/winter-vivern-exploits-zero-day-vulnerability-roundcube-webmail-servers/
🎖@malwr
Welivesecurity
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.
Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/hong-kong-residents-targeted-in-malvertising-campaigns-for-whatsapp-telegram
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/hong-kong-residents-targeted-in-malvertising-campaigns-for-whatsapp-telegram
🎖@malwr
Malwarebytes
Hong Kong residents targeted in malvertising campaigns for WhatsApp, Telegram
Malvertising is a powerful malware or scam delivery mechanism that makes it easy to target specific geographies or even users. A...
Doctor Web’s September 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14767&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14767&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s September 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/
🎖@malwr
This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/
🎖@malwr
The Citizen Lab
Finding You
This report provides a comprehensive guide to geolocation-related threats sourced from 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based…
👍1
2023-10-25 - DarkGate infection from malspam
https://www.malware-traffic-analysis.net/2023/10/25/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/25/index.html
🎖@malwr
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html
🎖@malwr
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html
🎖@malwr
Trend Micro
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
👍1
Charting New Terrain: The Shift to Resilience and Proximity in Cyber Risk
Draft deadlines are a necessary but sometimes unfortunate book editing reality.
https://www.recordedfuture.com/charting-new-terrain-shift-resilience-proximity-cyber-risk
🎖@malwr
Draft deadlines are a necessary but sometimes unfortunate book editing reality.
https://www.recordedfuture.com/charting-new-terrain-shift-resilience-proximity-cyber-risk
🎖@malwr
ESET APT Activity Report Q2–Q3 2023
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
🎖@malwr
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
🎖@malwr
Welivesecurity
ESET APT Activity Report Q2–Q3 2023
This issue of the ESET APT Activity Report features an overview of the activities of selected APT groups as analyzed by ESET Research between April and September 2023.
Netsupport Intrusion Results in Domain Compromise
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
🎖@malwr
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
🎖@malwr
The DFIR Report
NetSupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrusion, but malicious use of this tool dates back to at least…
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
🎖@malwr
Malwarebytes
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating...
From Albania to the Middle East: The Scarred Manticore is Listening
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
🎖@malwr
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
🎖@malwr
Check Point Research
From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research
Key Findings Introduction Check Point Research, in collaboration with Sygnia’s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication…
NetHunter Hacker X: WPS attacks
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
🎖@malwr
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
🎖@malwr
Mobile Hacker
NetHunter Hacker X: WPS attacks Mobile Hacker
Ever wanted to hack your Wi-Fi network, but your internal adapter doesn’t support monitor mode and you don’t have external adapter? Without switching your Wi-Fi adapter in to monitor mode, WPS attacks allows you to perform various attacks on wireless access…
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
🎖@malwr
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
🎖@malwr
Cisco Talos Blog
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
🎖@malwr
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
🎖@malwr
NCC Group Research Blog
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
Vendor: Proxyman LLC Vendor URL: Versions affected: com.proxyman.NSProxy.HelperTool version 1.4.0 (distributed with Proxyman.app up to and including versions 4.11.0) Systems Affected: macOS Author:…
Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
🎖@malwr
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
How to Analyze Malicious PDF Files
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
🎖@malwr
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
🎖@malwr
Intezer
How to Analyze Malicious PDF Files
Here's how incident responders can use open-source and free tools to identify, detect, and analyze PDF files that deliver malware.
Popping Blisters for research: An overview of past payloads and exploring recent developments
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
🎖@malwr
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
🎖@malwr
NCC Group Research Blog
Popping Blisters for research: An overview of past payloads and exploring recent developments
Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a…
Mobile Malware Analysis Part 3 – Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
🎖@malwr
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
🎖@malwr
8kSec
Mobile Malware Part 3: Pegasus Analysis | 8kSec
In part 3 of mobile malware analysis, we will talk about Pegasus/ Chryasor variant. Uncover sneaky obfuscation techniques, malicious binaries and much more!
2023-10-31 - IcedID (Bokbot) infection
https://www.malware-traffic-analysis.net/2023/10/31/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/31/index.html
🎖@malwr