Doctor Web’s September 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14767&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14767&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s September 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/
🎖@malwr
This report provides a comprehensive guide to geolocation-related threats used by 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based location tracking in order to formulate policies and actions that protect civil society from current and future geolocation surveillance.
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure/
🎖@malwr
The Citizen Lab
Finding You
This report provides a comprehensive guide to geolocation-related threats sourced from 3G, 4G, and 5G network operators. Case studies, references, examples, and evidence are provided to give a complete and contextual understanding of mobile network-based…
👍1
2023-10-25 - DarkGate infection from malspam
https://www.malware-traffic-analysis.net/2023/10/25/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/25/index.html
🎖@malwr
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html
🎖@malwr
This report explores the Kopeechka service and gives a detailed technical analysis of the service’s features and capabilities and how it can help cybercriminals to achieve their goals.
https://www.trendmicro.com/en_us/research/23/j/how-kopeechka--an-automated-social-media-accounts-creation-servi.html
🎖@malwr
Trend Micro
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
👍1
Charting New Terrain: The Shift to Resilience and Proximity in Cyber Risk
Draft deadlines are a necessary but sometimes unfortunate book editing reality.
https://www.recordedfuture.com/charting-new-terrain-shift-resilience-proximity-cyber-risk
🎖@malwr
Draft deadlines are a necessary but sometimes unfortunate book editing reality.
https://www.recordedfuture.com/charting-new-terrain-shift-resilience-proximity-cyber-risk
🎖@malwr
ESET APT Activity Report Q2–Q3 2023
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
🎖@malwr
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 and Q3 2023
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-q3-2023/
🎖@malwr
Welivesecurity
ESET APT Activity Report Q2–Q3 2023
This issue of the ESET APT Activity Report features an overview of the activities of selected APT groups as analyzed by ESET Research between April and September 2023.
Netsupport Intrusion Results in Domain Compromise
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
🎖@malwr
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report …
https://thedfirreport.com/2023/10/30/netsupport-intrusion-results-in-domain-compromise/
🎖@malwr
The DFIR Report
NetSupport Intrusion Results in Domain Compromise - The DFIR Report
NetSupport Manager is one of the oldest third-party remote access tools still currently on the market with over 33 years of history. This is the first time we will report on a NetSupport RAT intrusion, but malicious use of this tool dates back to at least…
'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
🎖@malwr
Malwarebytes
Malvertising via Dynamic Search Ads delivers malware bonanza
Most, if not all malvertising incidents result from a threat actor either injecting code within an existing ad, or intentionally creating...
From Albania to the Middle East: The Scarred Manticore is Listening
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
🎖@malwr
https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/
🎖@malwr
Check Point Research
From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research
Key Findings Introduction Check Point Research, in collaboration with Sygnia’s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication…
NetHunter Hacker X: WPS attacks
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
🎖@malwr
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-x-wps-attacks
🎖@malwr
Mobile Hacker
NetHunter Hacker X: WPS attacks Mobile Hacker
Ever wanted to hack your Wi-Fi network, but your internal adapter doesn’t support monitor mode and you don’t have external adapter? Without switching your Wi-Fi adapter in to monitor mode, WPS attacks allows you to perform various attacks on wireless access…
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
🎖@malwr
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
🎖@malwr
Cisco Talos Blog
Arid Viper disguising mobile spyware as updates for non-malicious Android applications
Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
🎖@malwr
https://research.nccgroup.com/2023/10/31/technical-advisory-insufficient-proxyman-helpertool-xpc-validation/
🎖@malwr
NCC Group Research Blog
Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
Vendor: Proxyman LLC Vendor URL: Versions affected: com.proxyman.NSProxy.HelperTool version 1.4.0 (distributed with Proxyman.app up to and including versions 4.11.0) Systems Affected: macOS Author:…
Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
🎖@malwr
https://research.nccgroup.com/2023/10/31/unveiling-the-dark-side-a-deep-dive-into-active-ransomware-families/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
How to Analyze Malicious PDF Files
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
🎖@malwr
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
🎖@malwr
Intezer
How to Analyze Malicious PDF Files
Here's how incident responders can use open-source and free tools to identify, detect, and analyze PDF files that deliver malware.
Popping Blisters for research: An overview of past payloads and exploring recent developments
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
🎖@malwr
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
🎖@malwr
NCC Group Research Blog
Popping Blisters for research: An overview of past payloads and exploring recent developments
Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a…
Mobile Malware Analysis Part 3 – Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
🎖@malwr
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
🎖@malwr
8kSec
Mobile Malware Part 3: Pegasus Analysis | 8kSec
In part 3 of mobile malware analysis, we will talk about Pegasus/ Chryasor variant. Uncover sneaky obfuscation techniques, malicious binaries and much more!
2023-10-31 - IcedID (Bokbot) infection
https://www.malware-traffic-analysis.net/2023/10/31/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/10/31/index.html
🎖@malwr
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
🎖@malwr
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
🎖@malwr
Welivesecurity
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
ESET researchers describe how they found a kill switch that had been used to take down one of the most prolific botnets out there – Mozi
Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
🎖@malwr
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
🎖@malwr
Zero Day Initiative
Zero Day Initiative — Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments
Server Side Request Forgery (SSRF). This vulnerability class triggers a wide range of emotions and reactions, ranging from complete ignorance to panic. Though it is included in the OWASP Top 10 list of web application security risks, at times vendors tend…
Detect Phishing Emails by Inspecting Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side – phishing emails that are used by threat actors to gain access to victims’ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
🎖@malwr
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side – phishing emails that are used by threat actors to gain access to victims’ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
🎖@malwr
Intezer
How to Analyze Phishing Email Files
Discover the top methods used by threat actors to deliver threats using phishing emails, as well as how to analyze the emails and attachments.