Detect Phishing Emails by Inspecting Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around the globe, by both big and small companies across all industries. But emails also have a dark side โ phishing emails that are used by threat actors to gain access to victimsโ systems. ...
https://intezer.com/blog/incident-response/automate-analysis-phishing-email-files/
๐@malwr
Intezer
How to Analyze Phishing Email Files
Discover the top methods used by threat actors to deliver threats using phishing emails, as well as how to analyze the emails and attachments.
Unmasking AsyncRAT New Infection Chain
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/unmasking-asyncrat-new-infection-chain/
๐@malwr
McAfee Blog
Unmasking AsyncRAT New Infection Chain | McAfee Blog
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy AsyncRAT, short for "Asynchronous Remote Access Trojan," is a sophisticated piece of malware
2023-11-02 - TA577 Pikabot activity
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/11/02/index.html
๐@malwr
ipsw Walkthrough Part 1 โ The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
๐@malwr
D0nut encrypt me, I have a wife and no backups
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Post-exploiting a compromised etcd โ Full control over the cluster and its nodes
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Charting Chinaโs Climb as a Leading Global Cyber Power
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
๐@malwr
Joker DPR and the Information War
Insikt Groupยฎ reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
๐@malwr
Insikt Groupยฎ reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
๐@malwr
Recordedfuture
Joker DPR and the Information War | Recorded Future
Insikt Group reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
๐1
Malvertiser copies PC news site to deliver infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
๐@malwr
ThreatDown by Malwarebytes
Malvertiser copies PC news site to deliver infostealer - ThreatDown by Malwarebytes
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
๐@malwr
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
๐@malwr
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Abusing Microsoft Access โLinked Tableโ Feature to Perform NTLM Forced Authentication Attacks
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
๐@malwr
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
๐@malwr
Check Point Research
Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an โNTLM hashโ derived from the userโs passwordโฆ
ARM64 Reversing And Exploitation Part 8 โ Exploiting an Integer Overflow Vulnerability
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
๐@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
๐@malwr
๐1
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
๐@malwr
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
๐@malwr
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
๐@malwr
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
๐@malwr
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Demystifying Cobalt Strikeโs โmake_tokenโ Command
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
๐@malwr
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
๐@malwr
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
๐@malwr
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
๐@malwr
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
Donโt throw a hissy fit; defend against Medusa
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
๐@malwr
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
๐@malwr
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
๐@malwr
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
๐@malwr
Recordedfuture
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses | Recorded Future
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
We all just need to agree that ad blockers are good
YouTubeโs new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
๐@malwr
YouTubeโs new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
๐@malwr
Cisco Talos Blog
We all just need to agree that ad blockers are good
YouTubeโs new rules may not be around for long anyway, because they might run afoul of European Union regulations