A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
🎖@malwr
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
🎖@malwr
Welivesecurity
A pernicious potpourri of Python packages in PyPI
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds
Technical Advisory – Multiple Vulnerabilities in Nagios XI
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
🎖@malwr
https://research.nccgroup.com/2023/12/13/technical-advisory-multiple-vulnerabilities-in-nagios-xi/
🎖@malwr
NCC Group Research Blog
Technical Advisory – Multiple Vulnerabilities in Nagios XI
Introduction This is the second Technical Advisory post in a series wherein I audit the security of popular Remote Monitoring and Management (RMM) tools. (First: Multiple Vulnerabilities in Faronic…
Malvertisers zoom in on cryptocurrencies and initial access
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/malvertisers-zoom-in-on-cryptocurrencies-and-initial-access
🎖@malwr
Malwarebytes
Malvertisers zoom in on cryptocurrencies and initial access | Malwarebytes
Threat actors are increasingly placing malicious ads for Zoom within Google searches.
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html
🎖@malwr
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
🎖@malwr
https://research.nccgroup.com/2023/12/14/wip-reverse-reveal-recover-windows-defender-quarantine-forensics/
🎖@malwr
NCC Group Research Blog
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Max Groot and Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine…
Rhadamanthys v0.5.0 – a deep dive into the stealer’s components
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
🎖@malwr
https://research.checkpoint.com/2023/rhadamanthys-v0-5-0-a-deep-dive-into-the-stealers-components/
🎖@malwr
Aggressive Malign Influence Threatens to Shape US 2024 Elections
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
🎖@malwr
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic geopolitical goals.
https://www.recordedfuture.com/aggressive-malign-influence-threatens-us-2024-elections
🎖@malwr
Recordedfuture
Aggressive Malign Influence Threatens to Shape US 2024 Elections | Recorded Future
Russia, China, Iran, domestic violent extremists (DVEs), and hacktivist groups will very likely conduct influence operations at varying levels of magnitude and sophistication to shape or disrupt the United States (US) 2024 elections in pursuit of strategic…
❤1
Mobile Malware Analysis Part 6 – Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
🎖@malwr
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-6-xenomorph
🎖@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Mobile Malware Analysis Part 6 – Xenomorph - 8kSec
Welcome to the sixth installment of our Mobile Malware Series, dedicated to dissecting the latest threats and fortifying your cybersecurity defenses. In this edition, we
OilRig’s persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
🎖@malwr
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
🎖@malwr
Welivesecurity
OilRig’s persistent attacks using cloud service-powered downloaders
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications.
❤1👍1
2023-12-13 - Two AgentTesla infections (one FTP and one SMTP)
https://www.malware-traffic-analysis.net/2023/12/13/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/13/index.html
🎖@malwr
🔥1
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
🎖@malwr
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
🎖@malwr
Trend Micro
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
PikaBot distributed via malicious search ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
🎖@malwr
ThreatDown by Malwarebytes
PikaBot distributed via malicious search ads - ThreatDown by Malwarebytes
PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads.
2023-12-15 - TA577 Pikabot infection
https://www.malware-traffic-analysis.net/2023/12/15/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/15/index.html
🎖@malwr
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In …
https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
🎖@malwr
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In …
https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
🎖@malwr
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…
2023-12-18 - TA577 Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/12/18/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/18/index.html
🎖@malwr
Retro Gaming Vulnerability Research: Warcraft 2
https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-research-warcraft-2/
🎖@malwr
https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-research-warcraft-2/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
https://blog.talosintelligence.com/year-in-malware-2023-timeline/
🎖@malwr
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
https://blog.talosintelligence.com/year-in-malware-2023-timeline/
🎖@malwr
Cisco Talos Blog
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
New MetaStealer malvertising campaigns
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
Malwarebytes
New MetaStealer malvertising campaigns
In recent malvertising campaigns, threat actors dropped the MetaStealer information stealer, more or less coinciding with a new version release.
Azure Serial Console Attack and Defense - Part 2
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
ESET Threat Report H2 2023
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
Welivesecurity
ESET Threat Report H2 2023
The H2 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to Novembery 2023.