The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
https://research.checkpoint.com/2023/the-platform-matters-a-comparative-study-on-linux-and-windows-ransomware-attacks/
🎖@malwr
Check Point Research
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
Research by: Marc Salinas Fernandez Key Points Introduction During the last few months, we conducted a study of some of the top ransomware families (12 in total) that either directly developed ransomware for Linux systems or were developed in languages with…
Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a Fake Token Factory
https://research.checkpoint.com/2023/check-point-research-unraveling-the-rug-pull-a-million-dollar-scam-with-a-fake-token-factory/
🎖@malwr
https://research.checkpoint.com/2023/check-point-research-unraveling-the-rug-pull-a-million-dollar-scam-with-a-fake-token-factory/
🎖@malwr
Check Point Research
Check Point Research Unraveling the Rug Pull: a Million-Dollar Scam with a Fake Token Factory - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Highlights Background In the dynamic realm of cryptocurrency, recent events have highlighted the ever-present threat of Rug Pulls—deceptive maneuvers that leave investors empty-handed. Our Threat Intel Blockchain…
Atomic Stealer distributed to Mac users via fake browser updates
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates
🎖@malwr
Malwarebytes
Atomic Stealer distributed to Mac users via fake browser updates
Compromised websites are being used to redirect to fake browser updates and deliver malware onto Mac users.
Introducing the Microsoft Defender Bounty Program
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD.
The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.
https://msrc.microsoft.com/blog/2023/11/introducing-the-microsoft-defender-bounty-program/
🎖@malwr
We are excited to announce the new Microsoft Defender Bounty Program with awards of up to $20,000 USD.
The Microsoft Defender brand encompasses a variety of products and services designed to enhance the security of the Microsoft customer experience. The Microsoft Defender Bounty Program invites researchers across the globe to identify vulnerabilities in Defender products and services and share them with our team.
https://msrc.microsoft.com/blog/2023/11/introducing-the-microsoft-defender-bounty-program/
🎖@malwr
🥰1
ARM64 Reversing And Exploitation Part 9 – Exploiting an Off by One Overflow Vulnerability
https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability
🎖@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability
🎖@malwr
8kSec
ARM64 Reversing Part 9: Off-by-One Overflow | 8kSec
Learn how to exploit an off-by-one byte overflow vulnerability on ARM64 in Part 9 of our reversing and exploitation series with hands-on examples.
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html
🎖@malwr
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
https://www.trendmicro.com/en_us/research/23/k/attack-signals-possible-return-of-genesis-market.html
🎖@malwr
Trend Micro
Attack Signals Possible Return of Genesis Market, Abuses Node.js, and EV Code Signing
The Trend Micro Managed XDR team encountered malicious operations that used techniques similar to the ones used by Genesis Market, a website for facilitating fraud that was taken down in April 2023.
Doctor Web’s October 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14775&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14775&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s October 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
ParaSiteSnatcher: How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
🎖@malwr
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html
🎖@malwr
Trend Micro
ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil
We detail the modular framework of malicious Chrome extensions that consist of various highly obfuscated components that leverage Google Chrome API to monitor, intercept, and exfiltrate victim data.
Actionable Threat Intel (VI) - A day in a Threat Hunter's life
https://blog.virustotal.com/2023/11/actionable-threat-intel-vi-day-in.html
🎖@malwr
https://blog.virustotal.com/2023/11/actionable-threat-intel-vi-day-in.html
🎖@malwr
Virustotal
Actionable Threat Intel (VI) - A day in a Threat Hunter's life
Kaspersky's CTI analysts recently released their Asian APT groups report, including details on behavior by different adversaries. Followin...
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker
https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/
🎖@malwr
https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/
🎖@malwr
Check Point Research
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker - Check Point Research
Key Findings Introduction Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats. Among those, some new variants of the SysJoker…
7 tips for spotting a fake mobile app
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future
https://www.welivesecurity.com/2023/06/06/7-tips-spotting-fake-mobile-app/
🎖@malwr
Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future
https://www.welivesecurity.com/2023/06/06/7-tips-spotting-fake-mobile-app/
🎖@malwr
WeLiveSecurity
7 tips for spotting a fake mobile app
Here are 7 common signs that a mobile app is sketchy and 7 tips for staying safe from mobile security threats in the future.
Telekopye: Chamber of Neanderthals’ secrets
Insight into groups operating Telekopye bots that scam people in online marketplaces
https://www.welivesecurity.com/en/eset-research/telekopye-chamber-neanderthals-secrets/
🎖@malwr
Insight into groups operating Telekopye bots that scam people in online marketplaces
https://www.welivesecurity.com/en/eset-research/telekopye-chamber-neanderthals-secrets/
🎖@malwr
Welivesecurity
Telekopye: Chamber of Neanderthals’ secrets
ESET research shares insights about groups operating Telekopye, Telegram bots that scam people in online marketplaces, their internal onboarding process, different tricks of trade that Neanderthals use, and more.
Mobile Malware Analysis Part 4 – Intro to iOS Malware Detection
https://8ksec.io/mobile-malware-analysis-part-4-intro-to-ios-malware-detection/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-4-intro-to-ios-malware-detection
🎖@malwr
https://8ksec.io/mobile-malware-analysis-part-4-intro-to-ios-malware-detection/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-4-intro-to-ios-malware-detection
🎖@malwr
8kSec
Mobile Malware Part 4: iOS Malware Detection | 8kSec
Learn iOS malware detection fundamentals in Part 4. Explore forensic artifact collection methods including filesystem dumps, iTunes backups, and sysdiagnose.
WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel
Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages....
https://intezer.com/blog/research/wildcard-evolution-of-sysjoker-cyber-threat/
🎖@malwr
Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages....
https://intezer.com/blog/research/wildcard-evolution-of-sysjoker-cyber-threat/
🎖@malwr
Intezer
WildCard: The APT Behind SysJoker Targets Critical Sectors in Israel
Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants…
Beneath the Surface: How Hackers Turn NetSupport Against Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/beneath-the-surface-how-hackers-turn-netsupport-against-users/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/beneath-the-surface-how-hackers-turn-netsupport-against-users/
🎖@malwr
McAfee Blog
Beneath the Surface: How Hackers Turn NetSupport Against Users | McAfee Blog
NetSupport malware variants have been a persistent threat, demonstrating adaptability and evolving infection techniques. In this technical analysis, we
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xi-bluetooth-arsenal
🎖@malwr
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xi-bluetooth-arsenal
🎖@malwr
Mobile Hacker
NetHunter Hacker XI: Bluetooth arsenal Mobile Hacker
Bluetooth technology has become an integral part of our daily lives, from connecting our smartphones to our cars and headphones to sharing files between devices. However, as with any wireless technology, Bluetooth is vulnerable to hacking attempts. In this…
What is threat hunting?
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching for the unknown.
https://blog.talosintelligence.com/what-is-threat-hunting/
🎖@malwr
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching for the unknown.
https://blog.talosintelligence.com/what-is-threat-hunting/
🎖@malwr
Cisco Talos Blog
What is threat hunting?
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching…
The Difference Between Securing Custom-Developed vs. Commercial Off-the-Shelf Software
Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to implementing strong application security is understanding the type of application you need to protect. The...
https://www.crowdstrike.com/blog/securing-custom-developed-vs-commercial-off-the-shelf-software/
🎖@malwr
Modern applications are designed to process, use and store vast amounts of sensitive data. As adversaries seek to infiltrate these applications, IT and security teams must ensure the software they use has the strongest possible security. The first step to implementing strong application security is understanding the type of application you need to protect. The...
https://www.crowdstrike.com/blog/securing-custom-developed-vs-commercial-off-the-shelf-software/
🎖@malwr
crowdstrike.com
Securing Custom-Developed vs. Commercial Off-the-Shelf Software
In this blog, we explain the differences between custom-developed applications and COTS applications and how each type of application is secured.
IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations
CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a detailed examination of the malicious tooling used in these attacks, along with additional reporting and industry reports, CrowdStrike Intelligence attributes this...
https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/
🎖@malwr
CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a detailed examination of the malicious tooling used in these attacks, along with additional reporting and industry reports, CrowdStrike Intelligence attributes this...
https://www.crowdstrike.com/blog/imperial-kitten-deploys-novel-malware-families/
🎖@malwr