How to Analyze Malicious PDF Files
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
๐@malwr
PDF files are supported in Intezer for both on-demand sandboxing and automated alert triage, as well as all other file types commonly used for delivering malware, like binary files or Microsoft Office formats. Portable Document Format (PDF) files are a cross-platform file format that supports links, images, and fonts. The flexibility of the PDF format makes...
https://intezer.com/blog/incident-response/analyze-malicious-pdf-files/
๐@malwr
Intezer
How to Analyze Malicious PDF Files
Here's how incident responders can use open-source and free tools to identify, detect, and analyze PDF files that deliver malware.
Popping Blisters for research: An overview of past payloads and exploring recent developments
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
๐@malwr
https://research.nccgroup.com/2023/11/01/popping-blisters-for-research-an-overview-of-past-payloads-and-exploring-recent-developments/
๐@malwr
NCC Group Research Blog
Popping Blisters for research: An overview of past payloads and exploring recent developments
Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and aโฆ
Mobile Malware Analysis Part 3 โ Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
๐@malwr
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-3-pegasus
๐@malwr
8kSec
Mobile Malware Part 3: Pegasus Analysis | 8kSec
In part 3 of mobile malware analysis, we will talk about Pegasus/ Chryasor variant. Uncover sneaky obfuscation techniques, malicious binaries and much more!
2023-10-31 - IcedID (Bokbot) infection
https://www.malware-traffic-analysis.net/2023/10/31/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/10/31/index.html
๐@malwr
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
๐@malwr
How ESET Research found a kill switch that had been used to take down one of the most prolific botnets out there
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
๐@malwr
Welivesecurity
Who killed Mozi? Finally putting the IoT zombie botnet in its grave
ESET researchers describe how they found a kill switch that had been used to take down one of the most prolific botnets out there โ Mozi
Unpatched Powerful SSRF in Exchange OWA โ Getting Response Through Attachments
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
๐@malwr
https://www.thezdi.com/blog/2023/11/1/unpatched-powerful-ssrf-in-exchange-owa-getting-response-through-attachments
๐@malwr
Zero Day Initiative
Zero Day Initiative โ Unpatched Powerful SSRF in Exchange OWA โ Getting Response Through Attachments
Server Side Request Forgery (SSRF). This vulnerability class triggers a wide range of emotions and reactions, ranging from complete ignorance to panic. Though it is included in the OWASP Top 10 list of web application security risks, at times vendors tendโฆ
Detect Phishing Emails by Inspecting Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Intezer
How to Analyze Phishing Email Files
Discover the top methods used by threat actors to deliver threats using phishing emails, as well as how to analyze the emails and attachments.
Unmasking AsyncRAT New Infection Chain
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
McAfee Blog
Unmasking AsyncRAT New Infection Chain | McAfee Blog
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy AsyncRAT, short for "Asynchronous Remote Access Trojan," is a sophisticated piece of malware
2023-11-02 - TA577 Pikabot activity
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
ipsw Walkthrough Part 1 โ The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
D0nut encrypt me, I have a wife and no backups
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Post-exploiting a compromised etcd โ Full control over the cluster and its nodes
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Charting Chinaโs Climb as a Leading Global Cyber Power
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr
Joker DPR and the Information War
Insikt Groupยฎ reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
๐@malwr
Insikt Groupยฎ reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
๐@malwr
Recordedfuture
Joker DPR and the Information War | Recorded Future
Insikt Group reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
๐1
Malvertiser copies PC news site to deliver infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
๐@malwr
ThreatDown by Malwarebytes
Malvertiser copies PC news site to deliver infostealer - ThreatDown by Malwarebytes
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
๐@malwr
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
๐@malwr
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Abusing Microsoft Access โLinked Tableโ Feature to Perform NTLM Forced Authentication Attacks
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
๐@malwr
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
๐@malwr
Check Point Research
Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an โNTLM hashโ derived from the userโs passwordโฆ
ARM64 Reversing And Exploitation Part 8 โ Exploiting an Integer Overflow Vulnerability
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
๐@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
๐@malwr
๐1
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
๐@malwr
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
๐@malwr
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.