New MetaStealer malvertising campaigns
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2023/12/new-metastealer-malvertising-campaigns
🎖@malwr
Malwarebytes
New MetaStealer malvertising campaigns
In recent malvertising campaigns, threat actors dropped the MetaStealer information stealer, more or less coinciding with a new version release.
Azure Serial Console Attack and Defense - Part 2
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders’ preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various tracing activities, such as using Azure activity and Sysmon logs on Windows virtual machines to trace serial console activity, this blog outlines how to enable logging for Azure Linux virtual machines using Sysmon for Linux to capture and how to send these events to a log analytics workspace.
https://msrc.microsoft.com/blog/2023/12/azure-serial-console-attack-and-defense-part-2/
🎖@malwr
ESET Threat Report H2 2023
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
A view of the H2 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2023/
🎖@malwr
Welivesecurity
ESET Threat Report H2 2023
The H2 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to Novembery 2023.
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
🎖@malwr
McAfee Blog
Shielding Against Android Phishing in Indian Banking | McAfee Blog
Authored by Neil Tyagi and Fernando Ruiz In a digitally evolving world, the convenience of banking through mobile applications has revolutionized
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. The campaign leverages a convincingly written email...
https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/
🎖@malwr
On December 19th, the Israel National Cyber Directorate released an urgent alert warning regarding a phishing campaign actively targeting Israeli customers using F5’s network devices. We’ve labeled this campaign Operation HamsaUpdate. It features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. The campaign leverages a convincingly written email...
https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/
🎖@malwr
Intezer
Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk
A sophisticated phishing campaign, with emails written in Hebrew, deploys a new wiper malware affecting Windows and Linux servers.
🤔1
Doctor Web’s November 2023 review of virus activity on mobile devices
https://news.drweb.com/show/?i=14777&lng=en&c=5
🎖@malwr
https://news.drweb.com/show/?i=14777&lng=en&c=5
🎖@malwr
Dr.Web
Dr.Web — Doctor Web’s November 2023 review of virus activity on mobile devices
Find out on Doctor Web’s site about the latest virus threats and information security issues.
Annual Payment Fraud Intelligence Report: 2023
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
https://www.recordedfuture.com/annual-payment-fraud-intelligence-report-2023
🎖@malwr
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
https://www.recordedfuture.com/annual-payment-fraud-intelligence-report-2023
🎖@malwr
Recordedfuture
Annual Payment Fraud Intelligence Report: 2023 | Recorded Future
2023's payment fraud trends predict a persistent underground market and evolving sophisticated cyber-fraud threats in 2024.
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
🎖@malwr
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
🎖@malwr
Cisco Talos Blog
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
Talos revealed that rebooting an iOS or Android device may not remove the Predator spyware produced by Intellexa. Intellexa knows if their customers intend to perform surveillance operations on foreign soil.
Advanced Frida Usage Part 6 – Utilising writers
https://8ksec.io/advanced-frida-usage-part-6-utilising-writers/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-frida-usage-part-6-utilising-writers
🎖@malwr
https://8ksec.io/advanced-frida-usage-part-6-utilising-writers/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-frida-usage-part-6-utilising-writers
🎖@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 6 – Utilizing writers - 8kSec
Welcome to another blog post in our series on Advanced Frida Usage. Frida supports a number of different writers for different CPU architectures, such as X86Writer for x86 and Arm64Writer for AArch64. In this tutorial, we will cover the Arm64Writer on iOS…
👍2
The Rising Threat of Phishing Attacks with Crypto Drainers
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
🎖@malwr
https://research.checkpoint.com/2023/the-rising-threat-of-phishing-attacks-with-crypto-drainers/
🎖@malwr
Check Point Research
The Rising Threat of Phishing Attacks with Crypto Drainers - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Unmasking Deceptive Tactics: A recent investigation by Check Point Research exposes a troubling trend in the cryptocurrency landscape. The cryptocurrency community has been witnessing an alarming increase in sophisticated…
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
🎖@malwr
McAfee Blog
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices | McAfee Blog
Authored by Fernando Ruiz McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows
👍2
Ransomware’s Christmas Carol
Around mid-year, Lab52 published a report on ransomware that included both geopolitical and cyber intelligence content. The report includes the analysis of different sources of information and showcasing some of our cyberintelligence findings in this regard. However, the activity of this type of malware prompts Lab52 to closely track the various recorded cases. Therefore, taking...
https://lab52.io/blog/ransomware-2023/
🎖@malwr
Around mid-year, Lab52 published a report on ransomware that included both geopolitical and cyber intelligence content. The report includes the analysis of different sources of information and showcasing some of our cyberintelligence findings in this regard. However, the activity of this type of malware prompts Lab52 to closely track the various recorded cases. Therefore, taking...
https://lab52.io/blog/ransomware-2023/
🎖@malwr
lab52.io
Ransomware’s Christmas Carol
2023-12-29 - GootLoader infection
https://www.malware-traffic-analysis.net/2023/12/29/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2023/12/29/index.html
🎖@malwr
Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/
🎖@malwr
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/
🎖@malwr
Hunting for Cobalt Strike in PCAP
In this video I analyze a pcap file from Triage with network traffic from Cobalt Strike Beacon using CapLoader. The video cannot be played in your browser. The pcap file and Cobalt Strike malware config can be downloaded from Recorded Future's Triage sandbox. Cobalt Strike Beacon configs can also be...
https://www.netresec.com/?page=Blog&month=2024-01&post=Hunting-for-Cobalt-Strike-in-PCAP
🎖@malwr
In this video I analyze a pcap file from Triage with network traffic from Cobalt Strike Beacon using CapLoader. The video cannot be played in your browser. The pcap file and Cobalt Strike malware config can be downloaded from Recorded Future's Triage sandbox. Cobalt Strike Beacon configs can also be...
https://www.netresec.com/?page=Blog&month=2024-01&post=Hunting-for-Cobalt-Strike-in-PCAP
🎖@malwr
Netresec
Hunting for Cobalt Strike in PCAP
In this video I analyze a pcap file with network traffic from Cobalt Strike Beacon using CapLoader. The pcap file and Cobalt Strike malware config can be downloaded from Recorded Futures Triage sandbox. Cobalt Strike Beacon configs can also be extracted locally…
The Artemis security scanner
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.
https://cert.pl/en/posts/2024/01/artemis-security-scanner/
🎖@malwr
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.
https://cert.pl/en/posts/2024/01/artemis-security-scanner/
🎖@malwr
cert.pl
The Artemis security scanner
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions.…
Private Eyes: China’s Embrace of Open-Source Military Intelligence
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/blog/private-eyes-chinas-embrace-open-source-military-intelligence
🎖@malwr
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/blog/private-eyes-chinas-embrace-open-source-military-intelligence
🎖@malwr
North Korea’s Cyber Strategy
Insikt Group analysis reveals that North Korea uses a cyber strategy centered around aggressive data collection and financial theft to primarily target Asia.
https://www.recordedfuture.com/blog/north-koreas-cyber-strategy
🎖@malwr
Insikt Group analysis reveals that North Korea uses a cyber strategy centered around aggressive data collection and financial theft to primarily target Asia.
https://www.recordedfuture.com/blog/north-koreas-cyber-strategy
🎖@malwr