A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
https://www.trendmicro.com/en_us/research/23/k/a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html
🎖@malwr
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
https://www.trendmicro.com/en_us/research/23/k/a-closer-look-at-chatgpt-s-role-in-automated-malware-creation.html
🎖@malwr
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
GPT vs Malware Analysis: Challenges and Mitigations
https://research.checkpoint.com/2023/gpt-vs-malware-analysis-challenges-and-mitigations/
🎖@malwr
https://research.checkpoint.com/2023/gpt-vs-malware-analysis-challenges-and-mitigations/
🎖@malwr
Check Point Research
GPT vs Malware Analysis: Challenges and Mitigations - Check Point Research
Key Takeaways Introduction GPT technology is the current tech cycle’s veritable miracle. The skeptics insist that it just has the appearance of intelligence, and try to cast it as ‘just the latest buzzword’, making snide comparisons to NFTs and blockchains.…
CapLoader 1.9.6 Released
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several improvements of the user interface, for...
https://www.netresec.com/?page=Blog&month=2023-11&post=CapLoader-1-9-6-Released
🎖@malwr
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several improvements of the user interface, for...
https://www.netresec.com/?page=Blog&month=2023-11&post=CapLoader-1-9-6-Released
🎖@malwr
Netresec
CapLoader 1.9.6 Released
CapLoader now detects even more malicious protocols and includes several new features such as JA4 fingerprints, API support for sharing IOCs to ThreatFox and OSINT lookups of malware families on Malpedia. The new CapLoader 1.9.6 release also comes with several…
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
🎖@malwr
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
ipsw Walkthrough Part 2 – The Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/?utm_source=rss&utm_medium=rss&utm_campaign=ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research
🎖@malwr
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
🎖@malwr
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/
🎖@malwr
Cisco Talos Blog
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations.
👍1
Understanding the Phobos affiliate structure and activity
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants
https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/
🎖@malwr
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust are the most common variants
https://blog.talosintelligence.com/understanding-the-phobos-affiliate-structure/
🎖@malwr
Cisco Talos Blog
Understanding the Phobos affiliate structure and activity
Cisco Talos identified the most prolific Phobos variants, TTPs and affiliate structure, based on their activity and analysis of over 1,000 samples from VirusTotal dating back to 2019. We assess with moderate confidence Eking, Eight, Elbie, Devos and Faust…
👍1
Malware Spotlight – Into the Trash: Analyzing LitterDrifter
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
🎖@malwr
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
🎖@malwr
Check Point Research
Malware Spotlight - Into the Trash: Analyzing LitterDrifter - Check Point Research
Introduction Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence…
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/
🎖@malwr
https://research.nccgroup.com/2023/11/20/is-this-the-real-life-is-this-just-fantasy-caught-in-a-landslide-noescape-from-ncc-group/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
https://research.nccgroup.com/2023/11/21/technical-advisory-adobe-coldfusion-wddx-deserialization-gadgets/
🎖@malwr
https://research.nccgroup.com/2023/11/21/technical-advisory-adobe-coldfusion-wddx-deserialization-gadgets/
🎖@malwr
NCC Group Research Blog
Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underl…
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
Check Point Research
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
Research by: Marc Salinas Fernandez Key Points Introduction During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with…
Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a Fake Token Factory
https://research.checkpoint.com/2023/check-point-research-unraveling-the-rug-pull-a-million-dollar-scam-with-a-fake-token-factory/
🎖@malwr
https://research.checkpoint.com/2023/check-point-research-unraveling-the-rug-pull-a-million-dollar-scam-with-a-fake-token-factory/
🎖@malwr
Check Point Research
Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a Fake Token Factory - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Highlights Background In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain…
Atomic Stealer distributed to Mac users via fake browser updates
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
🎖@malwr
Malwarebytes
Atomic Stealer distributed to Mac users via fake browser updates
Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Introducing the Microsoft Defender Bounty Program
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD.
The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.
https://msrc.microsoft.com/blog/2023/11/introducing-the-microsoft-defender-bounty-program/
🎖@malwr
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD.
The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.
https://msrc.microsoft.com/blog/2023/11/introducing-the-microsoft-defender-bounty-program/
🎖@malwr
🥰1
ARM64 Reversing And Exploitation Part 9 – Exploiting an Off by One Overflow Vulnerability
https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability
🎖@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability
🎖@malwr
8kSec
ARM64 Reversing Part 9: Off-by-One Overflow | 8kSec
Learn how to exploit an off-by-one byte overflow vulnerability on ARM64 in Part 9 of our reversing and exploitation series with hands-on examples.
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html
🎖@malwr
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html
🎖@malwr
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Doctor Web’s October 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14775&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14775&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s October 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
🎖@malwr
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
🎖@malwr
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Actionable Threat Intel (VI) - A day in a Threat Hunter's life
https://blog.virustotal.com/2023/11/actionable-threat-intel-vi-day-in.html
🎖@malwr
https://blog.virustotal.com/2023/11/actionable-threat-intel-vi-day-in.html
🎖@malwr
Virustotal
Actionable Threat Intel (VI) - A day in a Threat Hunter's life
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...