SQL Brute Force leads to Bluesky Ransomware
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and …
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
🎖@malwr
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and …
https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
🎖@malwr
The DFIR Report
SQL Brute Force Leads to BlueSky Ransomware - The DFIR Report
In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware downloads…
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
🎖@malwr
https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/
🎖@malwr
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
🎖@malwr
https://research.checkpoint.com/2023/the-obvious-the-normal-and-the-advanced-a-comprehensive-analysis-of-outlook-attack-vectors/
🎖@malwr
Check Point Research
The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors - Check Point Research
Research by: Haifei Li, Check Point Research Introduction Outlook, the desktop app in the Microsoft Office suite, has become one of the world’s most popular apps for organizations worldwide for sending and receiving emails, scheduling conferences, and more.…
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
https://blog.talosintelligence.com/project-powerup-ukraine-grid/
🎖@malwr
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
https://blog.talosintelligence.com/project-powerup-ukraine-grid/
🎖@malwr
Cisco Talos Blog
Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare
Project PowerUp is the story of how Cisco Talos worked with a multi-national, multi-company coalition of volunteers and experts to help “keep the lights on” in Ukraine, by injecting a measure of stability in Ukraine’s power transmission grid.
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000%.
https://research.checkpoint.com/2023/crypto-deception-unveiled-check-point-research-reports-manipulation-of-pool-liquidity-skyrockets-token-price-by-22000/
🎖@malwr
https://research.checkpoint.com/2023/crypto-deception-unveiled-check-point-research-reports-manipulation-of-pool-liquidity-skyrockets-token-price-by-22000/
🎖@malwr
Check Point Research
Crypto Deception Unveiled: Check Point Research Reports Manipulation of Pool Liquidity Skyrockets Token Price by 22,000%. - Check…
By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. Deceptive actors are manipulating pool liquidity, sending token prices soaring…
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
https://www.recordedfuture.com/russian-influence-network-doppelgangers-ai-content-tactics
🎖@malwr
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
https://www.recordedfuture.com/russian-influence-network-doppelgangers-ai-content-tactics
🎖@malwr
Recordedfuture
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics
Insikt Group® tracks ongoing malign influence activity by Russia-linked Doppelgänger network, targeting Ukrainian, US, and German audiences via fake news sites and social media.
Attack Surface of the Ubiquiti Connect EV Station
https://www.thezdi.com/blog/2023/12/5/attack-surface-of-the-ubiquiti-connect-ev-station
🎖@malwr
https://www.thezdi.com/blog/2023/12/5/attack-surface-of-the-ubiquiti-connect-ev-station
🎖@malwr
Zero Day Initiative
Zero Day Initiative — Attack Surface of the Ubiquiti Connect EV Station
Previously, we looked at the attack surface of the ChargePoint Home Flex EV charger – one of the targets in the upcoming Pwn2Own Automotive contest. In this post, we look at the attack surface of another EV Charger. The Ubiquiti Connect EV Station is…
2023-12-05 - Loader --> Unidentified malware
https://www.malware-traffic-analysis.net/2023/12/05/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/05/index.html
🎖@malwr
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
🎖@malwr
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
🎖@malwr
Welivesecurity
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
🎖@malwr
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
🎖@malwr
Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection
🗣digicat
🎖@malwr
🗣digicat
🎖@malwr
GitHub
VectorKernel/InjectLibrary/InjectLibraryDrv at fc58acf4313f4fb73fd0af552a4bfa0832e1501e · daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research. Contribute to daem0nc0re/VectorKernel development by creating an account on GitHub.
👍1
ARM64 Reversing And Exploitation – Part 10 – Intro to Arm Memory Tagging Extension (MTE)
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
🎖@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
🎖@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
ARM64 Reversing And Exploitation – Part 10 – Intro to Arm Memory Tagging Extension (MTE) - 8kSec
Hey all! In this blog, we will give a brief introduction to a relatively new security feature called MTE (Memory Tagging Extension). Even though it was announced years ago, there was no implementation of this. But recently, the Google Pixel 8 devices have…
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
🎖@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
🎖@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
👍1
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
🎖@malwr
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
🎖@malwr
Cisco Talos Blog
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
🎖@malwr
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
🎖@malwr
lab52.io
Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat…
NCC Group’s 2022 & 2023 Research Report
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
🎖@malwr
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
🎖@malwr
NCC Group Research Blog
NCC Group’s 2022 & 2023 Research Report
Over the past two years, our global cybersecurity research has been characterized by unparalleled depth, diversity, and dedication to safeguarding the digital realm. The highlights of our work not …
👍2
2023-12-12 - Brazil malspam leds to Astaroth (Guildma) infection
https://www.malware-traffic-analysis.net/2023/12/11/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/11/index.html
🎖@malwr