Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
๐@malwr
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
๐@malwr
Welivesecurity
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
Microsoft Mitigates Three Vulnerabilities in Azure HDInsight
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
๐@malwr
Summary Summary Microsoft recently remediated one Denial of Service and two Escalation of Privilege vulnerabilities affecting third party components of Azure HDInsight. Access to the target cluster as an authenticated user was a prerequisite for exploitation in all three cases. A successful privilege escalation could result in the attacker assuming the Cluster Administrator role.
https://msrc.microsoft.com/blog/2023/12/microsoft-mitigates-three-vulnerabilities-in-azure-hdinsight/
๐@malwr
2023-12-07 - DarkGate activity
https://www.malware-traffic-analysis.net/2023/12/07/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/12/07/index.html
๐@malwr
Article about reverse-engineering Sinistar, targeting the 6809 assembler
๐ฃAutomaticDoor75
๐@malwr
๐ฃAutomaticDoor75
๐@malwr
Nantucketebooks
QUARTER UP! (FREE E-BOOK)
The fifth issue of Quarter Up!, a newsletter about pinball and retro arcade gaming. Articles in this issue: Coverage of Houston Arcade Expo 2023, games seen on the road, the reverse-engineering of Sinistar, league schedules, a recap of the yearโs pinballโฆ
Windows APC Injection Driver updated to use less ring 3 memory in order to avoid detection
๐ฃdigicat
๐@malwr
๐ฃdigicat
๐@malwr
GitHub
VectorKernel/InjectLibrary/InjectLibraryDrv at fc58acf4313f4fb73fd0af552a4bfa0832e1501e ยท daem0nc0re/VectorKernel
PoCs for Kernelmode rootkit techniques research. Contribute to daem0nc0re/VectorKernel development by creating an account on GitHub.
๐1
ARM64 Reversing And Exploitation โ Part 10 โ Intro to Arm Memory Tagging Extension (MTE)
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
๐@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-10-intro-to-arm-memory-tagging-extension-mte
๐@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
ARM64 Reversing And Exploitation โ Part 10 โ Intro to Arm Memory Tagging Extension (MTE) - 8kSec
Hey all! In this blog, we will give a brief introduction to a relatively new security feature called MTE (Memory Tagging Extension). Even though it was announced years ago, there was no implementation of this. But recently, the Google Pixel 8 devices haveโฆ
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
๐1
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
๐@malwr
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
๐@malwr
Cisco Talos Blog
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.
Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
๐@malwr
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time,...
https://lab52.io/blog/mustang-pandas-plugx-new-variant-targetting-taiwanese-government-and-diplomats/
๐@malwr
lab52.io
Mustang Pandaโs PlugX new variant targetting Taiwanese government and diplomats
The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threatโฆ
NCC Groupโs 2022 & 2023 Research Report
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
๐@malwr
https://research.nccgroup.com/2023/12/11/ncc-groups-2022-2023-research-report/
๐@malwr
NCC Group Research Blog
NCC Groupโs 2022 & 2023 Research Report
Over the past two years, our global cybersecurity research has been characterized by unparalleled depth, diversity, and dedication to safeguarding the digital realm. The highlights of our work not โฆ
๐2
2023-12-12 - Brazil malspam leds to Astaroth (Guildma) infection
https://www.malware-traffic-analysis.net/2023/12/11/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2023/12/11/index.html
๐@malwr
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
๐@malwr
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
๐@malwr
Welivesecurity
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds
Technical Advisory โ Multiple Vulnerabilities in Nagios XI
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
๐@malwr
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
๐@malwr
NCC Group Research Blog
Technical Advisory โ Multiple Vulnerabilities in Nagios XI
Introduction This is the second Technical Advisory post in a series wherein I audit the security of popular Remote Monitoring and Management (RMM) tools. (First: Multiple Vulnerabilities in Faronicโฆ
Malvertisers zoom in on cryptocurrencies and initial access
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
๐@malwr
Malwarebytes
Malvertisers zoom in on cryptocurrencies and initial access | Malwarebytes
Threat actors are increasingly placing malicious ads for Zoom within Google searches.
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
๐@malwr
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
๐@malwr
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
๐@malwr
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
๐@malwr
NCC Group Research Blog
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot and Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengineโฆ
Rhadamanthys v0.5.0 โ a deep dive into the stealerโs components
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
๐@malwr
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
๐@malwr
Aggressive Malign Influence Threatens to Shape US 2024 Elections
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
๐@malwr
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
๐@malwr
Recordedfuture
Aggressive Malign Influence Threatens to Shape US 2024 Elections | Recorded Future
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategicโฆ
โค1
Mobile Malware Analysis Part 6 โ Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
๐@malwr
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
๐@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 โ Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we