2023-11-02 - TA577 Pikabot activity
https://www.malware-traffic-analysis.net/2023/11/02/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/11/02/index.html
🎖@malwr
ipsw Walkthrough Part 1 – The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
D0nut encrypt me, I have a wife and no backups
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
🎖@malwr
https://research.nccgroup.com/2023/11/06/d0nut-encrypt-me-i-have-a-wife-and-no-backups/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Post-exploiting a compromised etcd – Full control over the cluster and its nodes
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
🎖@malwr
https://research.nccgroup.com/2023/11/07/post-exploiting-a-compromised-etcd-full-control-over-the-cluster-and-its-nodes/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Charting China’s Climb as a Leading Global Cyber Power
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
🎖@malwr
Chinese state-sponsored cyber operations have transformed, emerging as a more mature, stealthy, and coordinated threat than in previous years.
https://www.recordedfuture.com/charting-chinas-climb-leading-global-cyber-power
🎖@malwr
Joker DPR and the Information War
Insikt Group® reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
🎖@malwr
Insikt Group® reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
https://www.recordedfuture.com/joker-dpr-and-the-information-war
🎖@malwr
Recordedfuture
Joker DPR and the Information War | Recorded Future
Insikt Group reveals new research on Joker DPR, a pro-Russian hacktivist group influencing the Ukraine crisis. Learn about their tactics, impact, and possible ties to the Russian state.
👍1
Malvertiser copies PC news site to deliver infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
🎖@malwr
ThreatDown by Malwarebytes
Malvertiser copies PC news site to deliver infostealer - ThreatDown by Malwarebytes
Users looking to download a popular PC utility may be tricked in this campaign where a threat actor has registered a website that copies content from a PC and Windows news portal.
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
🎖@malwr
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
https://www.trendmicro.com/en_us/research/23/k/threat-actors-leverage-file-sharing-service-and-reverse-proxies.html
🎖@malwr
Trend Micro
Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting
We analyzed a phishing campaign involving malicious emails containing a link to a file-sharing solution, which further leads to a PDF document with a secondary link designed to steal login info and session cookies.
Abusing Microsoft Access “Linked Table” Feature to Perform NTLM Forced Authentication Attacks
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
🎖@malwr
https://research.checkpoint.com/2023/abusing-microsoft-access-linked-table-feature-to-perform-ntlm-forced-authentication-attacks/
🎖@malwr
Check Point Research
Abusing Microsoft Access "Linked Table" Feature to Perform NTLM Forced Authentication Attacks - Check Point Research
What is NTLM? What common attacks exist against it? NTLM is an extremely deprecated authentication protocol introduced by Microsoft in 1993. It is a challenge-response protocol: the server keeps a secret called an “NTLM hash” derived from the user’s password…
ARM64 Reversing And Exploitation Part 8 – Exploiting an Integer Overflow Vulnerability
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
🎖@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability
🎖@malwr
👍1
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
🎖@malwr
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
🎖@malwr
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
🎖@malwr
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
https://www.trendmicro.com/en_us/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
🎖@malwr
Trend Micro
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant
Almost a year after Void Rabisu shifted its targeting from opportunistic ransomware attacks with an emphasis on cyberespionage, the threat actor is still developing its main malware, the ROMCOM backdoor.
Demystifying Cobalt Strike’s “make_token” Command
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
🎖@malwr
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
🎖@malwr
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
🎖@malwr
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
🎖@malwr
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
Don’t throw a hissy fit; defend against Medusa
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
🎖@malwr
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
🎖@malwr
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
🎖@malwr
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
🎖@malwr
Recordedfuture
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses | Recorded Future
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
🎖@malwr
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
🎖@malwr
Cisco Talos Blog
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
FBI Takedown: IPStorm Botnet Infrastructure Dismantled
UPDATE NOVEMBER 2023: IPStorm Infrastructure Dismantled by FBI The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network, along with a guilty plea for the individual responsible for the botnet infrastructure which was associated with the IPStorm malware. This achievement is a significant milestone in ongoing efforts to combat cyber threats. The...
https://intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has-linux-malware/
🎖@malwr
UPDATE NOVEMBER 2023: IPStorm Infrastructure Dismantled by FBI The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network, along with a guilty plea for the individual responsible for the botnet infrastructure which was associated with the IPStorm malware. This achievement is a significant milestone in ongoing efforts to combat cyber threats. The...
https://intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has-linux-malware/
🎖@malwr
Intezer
FBI Takedown: IPStorm Botnet Infrastructure Dismantled
UPDATE: The FBI has successfully secured a guilty plea from the individual responsible for the IPStorm infrastructure. Intezer's research team assisted in this case, sharing our findings and analysis about the new IPStorm malware variants and capabilities.
Zimbra 0-day used to target international government organizations
a blue box that reads "Threat Analysis Group"
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
🎖@malwr
a blue box that reads "Threat Analysis Group"
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
🎖@malwr
Google
Zimbra 0-day used to target international government organizations
TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.