A Detailed Look at Pwn2Own Automotive EV Charger Hardware
https://www.thezdi.com/blog/2023/11/28/a-detailed-look-at-pwn2own-automotive-ev-charger-hardware
🎖@malwr
https://www.thezdi.com/blog/2023/11/28/a-detailed-look-at-pwn2own-automotive-ev-charger-hardware
🎖@malwr
Zero Day Initiative
Zero Day Initiative — A Detailed Look at Pwn2Own Automotive EV Charger Hardware
In a previous blog, we took a look at the ChargePoint Home Flex EV charger – one of the targets in the upcoming Pwn2Own Automotive contest. In this post, dive in with even greater detail on all of the EV Chargers targeted in the upcoming Pwn2Own Automotive…
👍1
Crypto Country: North Korea’s Targeting of Cryptocurrency
In a new report, Recorded Future’s Insikt Group examines North Korea’s success in its cybercriminal operations targeting the cryptocurrency industry.
https://www.recordedfuture.com/crypto-country-north-koreas-targeting-cryptocurrency
🎖@malwr
In a new report, Recorded Future’s Insikt Group examines North Korea’s success in its cybercriminal operations targeting the cryptocurrency industry.
https://www.recordedfuture.com/crypto-country-north-koreas-targeting-cryptocurrency
🎖@malwr
Recordedfuture
Crypto Country: North Korea’s Targeting of Cryptocurrency | Recorded Future
In a new report, Recorded Future’s Insikt Group examines North Korea’s success in its cybercriminal operations targeting the cryptocurrency industry.
Mobile Malware Analysis Part 5 – Analyzing an Infected Device
https://8ksec.io/mobile-malware-analysis-part-5-analyzing-an-infected-device/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-5-analyzing-an-infected-device
🎖@malwr
https://8ksec.io/mobile-malware-analysis-part-5-analyzing-an-infected-device/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-5-analyzing-an-infected-device
🎖@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 5 – Analyzing an Infected Device - 8kSec
In the first part of iOS Malware Detection as a part of our Mobile Malware Analysis Series, we covered how to gather forensics artifacts, what to use to do analysis and what are some interesting files on the iOS. In this part, we will simulate a couple of…
🔥1
New SugarGh0st RAT targets Uzbekistan government and South Korea
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
https://blog.talosintelligence.com/new-sugargh0st-rat/
🎖@malwr
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
https://blog.talosintelligence.com/new-sugargh0st-rat/
🎖@malwr
Cisco Talos
New SugarGh0st RAT targets Uzbekistan government and South Korea
Cisco Talos recently discovered a malicious campaign that likely started as early as August 2023, delivering a new remote access trojan (RAT) we dubbed “SugarGh0st.”
2023-11-29 - email --> JinxLoader --> Formbook/XLoader
https://www.malware-traffic-analysis.net/2023/11/29/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/11/29/index.html
🎖@malwr
Associated Press, ESPN, CBS among top sites serving fake virus alerts
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts
🎖@malwr
Malwarebytes
Associated Press, ESPN, CBS among top sites serving fake virus alerts
A fake antivirus alert may suddenly hijack your screen while browsing. This latest malvertising campaign hit top publishers.
👍1
Opening Critical Infrastructure: The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html
🎖@malwr
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html
🎖@malwr
Trend Micro
Opening Critical Infrastructure: The Current State of Open RAN Security
The Open Radio Access Network (ORAN) architecture offers standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire…
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
🎖@malwr
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
https://www.trendmicro.com/en_us/research/23/k/cerber-ransomware-exploits-cve-2023-22518.html
🎖@malwr
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
SQL Brute Force leads to Bluesky Ransomware
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and …
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
🎖@malwr
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and …
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
🎖@malwr
The DFIR Report
SQL Brute Force Leads to BlueSky Ransomware
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk…
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
🎖@malwr
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
🎖@malwr
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
🎖@malwr
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
🎖@malwr
Check Point Research
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors - Check Point Research
Research by: Haifei Li, Check Point Research Introduction Outlook, the desktop app in the Microsoft Office suite, has become one of the world’s most popular apps for organizations worldwide for sending and receiving emails, scheduling conferences, and more.…
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
https://blog.talosintelligence.com/project-powerup-ukraine-grid/
🎖@malwr
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
https://blog.talosintelligence.com/project-powerup-ukraine-grid/
🎖@malwr
Cisco Talos Blog
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000%.
https://research.checkpoint.com/2023/crypto-deception-unveiled-check-point-research-reports-manipulation-of-pool-liquidity-skyrockets-token-price-by-22000/
🎖@malwr
https://research.checkpoint.com/2023/crypto-deception-unveiled-check-point-research-reports-manipulation-of-pool-liquidity-skyrockets-token-price-by-22000/
🎖@malwr
Check Point Research
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000%. - Check…
By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. Deceptive actors are manipulating pool liquidity, sending token prices soaring…
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
https://www.recordedfuture.com/russian-influence-network-doppelgangers-ai-content-tactics
🎖@malwr
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
https://www.recordedfuture.com/russian-influence-network-doppelgangers-ai-content-tactics
🎖@malwr
Recordedfuture
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
Attack Surface of the Ubiquiti Connect EV Station
https://www.thezdi.com/blog/2023/12/5/attack-surface-of-the-ubiquiti-connect-ev-station
🎖@malwr
https://www.thezdi.com/blog/2023/12/5/attack-surface-of-the-ubiquiti-connect-ev-station
🎖@malwr
Zero Day Initiative
Zero Day Initiative — Attack Surface of the Ubiquiti Connect EV Station
Previously, we looked at the attack surface of the ChargePoint Home Flex EV charger – one of the targets in the upcoming Pwn2Own Automotive contest. In this post, we look at the attack surface of another EV Charger. The Ubiquiti Connect EV Station is…
2023-12-05 - Loader --> Unidentified malware
https://www.malware-traffic-analysis.net/2023/12/05/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/05/index.html
🎖@malwr
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
🎖@malwr
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
🎖@malwr
Welivesecurity
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
🎖@malwr
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
🎖@malwr