2023-12-13 - Two AgentTesla infections (one FTP and one SMTP)
https://www.malware-traffic-analysis.net/2023/12/13/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/13/index.html
🎖@malwr
🔥1
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
🎖@malwr
In this blog entry, we discuss the technical details of CVE-2023-50164, a critical vulnerability that affects Apache Struts 2 and enables unauthorized path traversal.
https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
🎖@malwr
Trend Micro
Decoding CVE-2023-50164: Unveiling the Apache Struts File Upload Exploit
PikaBot distributed via malicious search ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/pikabot-distributed-via-malicious-ads
🎖@malwr
ThreatDown by Malwarebytes
PikaBot distributed via malicious search ads - ThreatDown by Malwarebytes
PikaBot, a stealthy malware normally distributed via malspam is now being spread via malicious ads.
2023-12-15 - TA577 Pikabot infection
https://www.malware-traffic-analysis.net/2023/12/15/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/15/index.html
🎖@malwr
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In …
https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
🎖@malwr
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In …
https://thedfirreport.com/2023/12/18/lets-opendir-some-presents-an-analysis-of-a-persistent-actors-activity/
🎖@malwr
The DFIR Report
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor’s Activity
This report is a little different than our typical content. We were able to analyze data from a perspective we typically don’t get to see… a threat actor’s host! In early November…
2023-12-18 - TA577 Pikabot infection with Cobalt Strike
https://www.malware-traffic-analysis.net/2023/12/18/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/18/index.html
🎖@malwr
Retro Gaming Vulnerability Research: Warcraft 2
https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-research-warcraft-2/
🎖@malwr
https://research.nccgroup.com/2023/12/19/retro-gaming-vulnerability-research-warcraft-2/
🎖@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
https://blog.talosintelligence.com/year-in-malware-2023-timeline/
🎖@malwr
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
https://blog.talosintelligence.com/year-in-malware-2023-timeline/
🎖@malwr
Cisco Talos Blog
Year in Malware 2023: Recapping the major cybersecurity stories of the past year
Relive Talos' top stories from the past year as we recap the top malware and other threats that came our way.
New MetaStealer malvertising campaigns
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
Malwarebytes
New MetaStealer malvertising campaigns
In recent malvertising campaigns, threat actors dropped the MetaStealer information stealer, more or less coinciding with a new version release.
Azure Serial Console Attack and Defense - Part 2
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
ESET Threat Report H2 2023
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
Welivesecurity
ESET Threat Report H2 2023
The H2 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to Novembery 2023.
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
🎖@malwr
McAfee Blog
Shielding Against Android Phishing in Indian Banking | McAfee Blog
Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has revolutionized
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. The campaign leverages a convincingly written email...
https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/
🎖@malwr
On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. The campaign leverages a convincingly written email...
https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/
🎖@malwr
Intezer
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
A sophisticated phishing campaign, with emails written in Hebrew, deploys a new wiper malware affecting Windows and Linux servers.
🤔1
Doctor Web’s November 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14777&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14777&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s November 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Annual Payment Fraud Intelligence Report: 2023
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
https://www.recordedfuture.com/annual-payment-fraud-intelligence-report-2023
🎖@malwr
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
https://www.recordedfuture.com/annual-payment-fraud-intelligence-report-2023
🎖@malwr
Recordedfuture
Annual Payment Fraud Intelligence Report: 2023 | Recorded Future
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
🎖@malwr
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
🎖@malwr
Cisco Talos Blog
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
Advanced Frida Usage Part 6 – Utilising writers
https://8ksec.io/advanced-frida-usage-part-6-utilising-writers/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-frida-usage-part-6-utilising-writers
🎖@malwr
https://8ksec.io/advanced-frida-usage-part-6-utilising-writers/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-frida-usage-part-6-utilising-writers
🎖@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 6 – Utilizing writers - 8kSec
Welcome to another blog post in our series on Advanced Frida Usage. Frida supports a number of different writers for different CPU architectures, such as X86Writer for x86 and Arm64Writer for AArch64. In this tutorial, we will cover the Arm64Writer on iOS…
👍2
The Rising Threat of Phishing Attacks with Crypto Drainers
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
🎖@malwr
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
🎖@malwr
Check Point Research
The Rising Threat of Phishing Attacks with Crypto Drainers - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated…
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
🎖@malwr
McAfee Blog
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices | McAfee Blog
Authored by Fernando Ruiz McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows
👍2