Demystifying Cobalt Strike’s “make_token” Command
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
🎖@malwr
https://research.nccgroup.com/2023/11/10/demystifying-cobalt-strikes-make_token-command/
🎖@malwr
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
🎖@malwr
ESET researchers discovered Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News
https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
🎖@malwr
Welivesecurity
Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan
ESET researchers discover Kamran, previously unknown malware, which spies on Urdu-speaking readers of Hunza News in the Gilgit-Baltistan region
Don’t throw a hissy fit; defend against Medusa
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
🎖@malwr
https://research.nccgroup.com/2023/11/13/dont-throw-a-hissy-fit-defend-against-medusa/
🎖@malwr
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
🎖@malwr
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
https://www.recordedfuture.com/improving-automation-accessibility-drive-ad-fraud-losses
🎖@malwr
Recordedfuture
Improving Automation and Accessibility Drive $100 Billion in Projected Ad Fraud Losses | Recorded Future
Ad fraud, amplified by automation and accessible bot software, inflates ad metrics for personal gain, lowering entry barriers and escalating its threat.
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
🎖@malwr
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
https://blog.talosintelligence.com/threat-source-newsletter-nov-16-23/
🎖@malwr
Cisco Talos Blog
We all just need to agree that ad blockers are good
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
FBI Takedown: IPStorm Botnet Infrastructure Dismantled
UPDATE NOVEMBER 2023: IPStorm Infrastructure Dismantled by FBI The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network, along with a guilty plea for the individual responsible for the botnet infrastructure which was associated with the IPStorm malware. This achievement is a significant milestone in ongoing efforts to combat cyber threats. The...
https://intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has-linux-malware/
🎖@malwr
UPDATE NOVEMBER 2023: IPStorm Infrastructure Dismantled by FBI The FBI today revealed US law enforcement’s dismantlement of a botnet proxy network, along with a guilty plea for the individual responsible for the botnet infrastructure which was associated with the IPStorm malware. This achievement is a significant milestone in ongoing efforts to combat cyber threats. The...
https://intezer.com/blog/research/a-storm-is-brewing-ipstorm-now-has-linux-malware/
🎖@malwr
Intezer
FBI Takedown: IPStorm Botnet Infrastructure Dismantled
UPDATE: The FBI has successfully secured a guilty plea from the individual responsible for the IPStorm infrastructure. Intezer's research team assisted in this case, sharing our findings and analysis about the new IPStorm malware variants and capabilities.
Zimbra 0-day used to target international government organizations
a blue box that reads "Threat Analysis Group"
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
🎖@malwr
a blue box that reads "Threat Analysis Group"
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
🎖@malwr
Google
Zimbra 0-day used to target international government organizations
TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.
Ransomware review: November 2023
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/ransomware-review-november-2023
🎖@malwr
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
https://www.trendmicro.com/en_us/research/23/k/a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html
🎖@malwr
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
https://www.trendmicro.com/en_us/research/23/k/a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html
🎖@malwr
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
GPT vs Malware Analysis: Challenges and Mitigations
https://research.checkpoint.com/2023/gpt-vs-malware-analysis-challenges-and-mitigations/
🎖@malwr
https://research.checkpoint.com/2023/gpt-vs-malware-analysis-challenges-and-mitigations/
🎖@malwr
Check Point Research
GPT vs Malware Analysis: Challenges and Mitigations - Check Point Research
Key Takeaways Introduction GPT technology is the current tech cycle’s veritable miracle. The skeptics insist that it just has the appearance of intelligence, and try to cast it as ‘just the latest buzzword’, making snide comparisons to NFTs and blockchains.…
CapLoader 1.9.6 Released
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several improvements of the user interface, for...
https://www.netresec.com/?page=Blog&month=2023-11&post=CapLoader-1-9-6-Released
🎖@malwr
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several improvements of the user interface, for...
https://www.netresec.com/?page=Blog&month=2023-11&post=CapLoader-1-9-6-Released
🎖@malwr
Netresec
CapLoader 1.9.6 Released
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several…
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
🎖@malwr
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
ipsw Walkthrough Part 2 – The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
🎖@malwr
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
🎖@malwr
Cisco Talos Blog
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
👍1
Understanding the Phobos affiliate structure and activity
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants
https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/
🎖@malwr
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants
https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/
🎖@malwr
Cisco Talos Blog
Understanding the Phobos affiliate structure and activity
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust…
👍1
Malware Spotlight – Into the Trash: Analyzing LitterDrifter
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
🎖@malwr
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
🎖@malwr
Check Point Research
Malware Spotlight - Into the Trash: Analyzing LitterDrifter - Check Point Research
Introduction Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence…
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/
🎖@malwr
https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
https://research.nccgroup.com/2023/11/21/technical-advisory-adobe-coldfusion-wddx-deserialization-gadgets/
🎖@malwr
https://research.nccgroup.com/2023/11/21/technical-advisory-adobe-coldfusion-wddx-deserialization-gadgets/
🎖@malwr
NCC Group Research Blog
Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underl…
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
Check Point Research
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
Research by: Marc Salinas Fernandez Key Points Introduction During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with…