Rust for Security and Correctness in the embedded world
https://research.nccgroup.com/2024/01/09/rust-for-security-and-correctness-in-the-embedded-world/
π@malwr
https://research.nccgroup.com/2024/01/09/rust-for-security-and-correctness-in-the-embedded-world/
π@malwr
NCC Group Research Blog
Rust for Security and Correctness in the embedded world
Increasingly large companies are utilising Rust in their systems, either existing or new. Most uses focus on how it can help in managed environments, such as within a system with a rβ¦
The January 2024 Security Update Review
https://www.thezdi.com/blog/2024/1/9/the-january-2024-security-update-review
π@malwr
https://www.thezdi.com/blog/2024/1/9/the-january-2024-security-update-review
π@malwr
Zero Day Initiative
Zero Day Initiative β The January 2024 Security Update Review
Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If youβd rather watch the videoβ¦
2024-01-09 - Async RAT infection
https://www.malware-traffic-analysis.net/2024/01/09/index.html
π@malwr
https://www.malware-traffic-analysis.net/2024/01/09/index.html
π@malwr
2024-01-08 - GootLoader infection
https://www.malware-traffic-analysis.net/2024/01/08/index.html
π@malwr
https://www.malware-traffic-analysis.net/2024/01/08/index.html
π@malwr
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
https://www.trendmicro.com/en_us/research/23/i/examining-the-activities-of-the-turla-group.html
π@malwr
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
https://www.trendmicro.com/en_us/research/23/i/examining-the-activities-of-the-turla-group.html
π@malwr
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Atomic Stealer rings in the new year with updated version
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
π@malwr
Malwarebytes
Atomic Stealer rings in the new year with updated version
Mac users should be aware of an active distribution campaign via malicious ads delivering Atomic Stealer. The latest iteration of the malware is stealthy thanks to added encryption and obfuscation of its code.
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and kno...
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
π@malwr
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and kno...
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
π@malwr
Volexity
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and knowledge base article have been released by Ivanti thatβ¦
Attack of the copycats: How fake messaging apps and app mods could bite you
WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Donβt get taken for a ride.
https://www.welivesecurity.com/en/mobile-security/attack-copycats-fake-messaging-apps-app-mods/
π@malwr
WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Donβt get taken for a ride.
https://www.welivesecurity.com/en/mobile-security/attack-copycats-fake-messaging-apps-app-mods/
π@malwr
Welivesecurity
Attack of the copycats: How impostor apps and fake app mods could bite you
WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution.Here's how to avoid getting taken for a ride.
Flying Under the Radar: Abusing GitHub for Malicious Infrastructure
Discover how GitHub is increasingly exploited for cyberattacks in our latest report.
https://www.recordedfuture.com/flying-under-the-radar-abusing-github-malicious-infrastructure
π@malwr
Discover how GitHub is increasingly exploited for cyberattacks in our latest report.
https://www.recordedfuture.com/flying-under-the-radar-abusing-github-malicious-infrastructure
π@malwr
Recordedfuture
Flying Under the Radar: Abusing GitHub for Malicious Infrastructure | Recorded Future
Discover how GitHub is increasingly exploited for cyberattacks in our latest report.
Black Basta-Affiliated Water Curupiraβs Pikabot Spam Campaign
https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html
π@malwr
https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html
π@malwr
Trend Micro
Black Basta-Affiliated Water Curupiraβs Pikabot Spam Campaign
A threat actor we track under the Intrusion set Water Curupira (known to employ the Black Basta ransomware) has been actively using Pikabot. a loader malware with similarities to Qakbot, in spam campaigns throughout 2023.
Trend Micro Defends FIFA World Cup from Cyber Threats
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime.
https://www.trendmicro.com/en_us/research/24/a/trend-micro-defends-fifa-world-cup-from-cyber-threats.html
π@malwr
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime.
https://www.trendmicro.com/en_us/research/24/a/trend-micro-defends-fifa-world-cup-from-cyber-threats.html
π@malwr
Trend Micro
Trend Micro Defends FIFA World Cup from Cyber Threats
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime.
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
π@malwr
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
π@malwr
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Advanced root detection & bypass techniques
https://8ksec.io/advanced-root-detection-bypass-techniques/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-root-detection-bypass-techniques
π@malwr
https://8ksec.io/advanced-root-detection-bypass-techniques/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-root-detection-bypass-techniques
π@malwr
8kSec
Frida Part 5: Root Detection Bypass | 8kSec
Learn advanced root detection techniques on Android and practical methods to bypass them using Frida. Covers common detection libraries and evasion strategies.
ARM64 Reversing And Exploitation Part 7 β Bypassing ASLR and NX
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx
π@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx
π@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
ARM64 Reversing And Exploitation Part 7 β Bypassing ASLR and NX
Learn ARM64 Binary Exploitation and get around ASLR and NX constraints in our Part 7 of the ARM64 Reversing and Exploitation Series. Read more !
Mobile Malware Analysis Part 2 β MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-2-masterfred
π@malwr
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-2-masterfred
π@malwr
Hidden crypto miner in pirated software makes cybercriminals rich at the expense of their victims
https://news.drweb.com/show/?i=14792&lng=en&c=5
π@malwr
https://news.drweb.com/show/?i=14792&lng=en&c=5
π@malwr
Dr.Web
Hidden crypto miner in pirated software makes cybercriminals rich at the expense of their victims
Doctor Web is reporting on an increase in cases of cryptocurrency-mining trojans being found hidden in pirated software that is available in Telegram and on some Internet sites.
GitLab warns zero-click vulnerability could lead to account takeovers
https://www.malwarebytes.com/blog/news/2024/01/gitlab-warns-zero-click-vulnerability-could-lead-to-account-takeovers
π@malwr
https://www.malwarebytes.com/blog/news/2024/01/gitlab-warns-zero-click-vulnerability-could-lead-to-account-takeovers
π@malwr
ThreatDown by Malwarebytes
GitLab warns zero-click vulnerability could lead to account takeovers
GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.
Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
π@malwr
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
π@malwr
Zero Day Initiative
Zero Day Initiative β Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
If you just want to read the contest rules, click here . These rules have been updated as of March 1, 2024, to clarify the registration process and to further define the guest operating systems available in the Virtualization category. Even thoughβ¦
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks⦠Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
π@malwr
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks⦠Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
π@malwr
Welivesecurity
MoustachedBouncer: Espionage against foreign diplomats in Belarus
A group titled MoustachedBouncer committing espionage against foreign embassies in Belarus has been identified by ESET Research.
From Email to RAT: Deciphering a VBS Script-Driven Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
π@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
π@malwr
McAfee Blog
From Email to RAT: Deciphering a VB Script-Driven Campaign | McAfee Blog
Authored by Preksha Saxena and Yashvi Shah McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
π@malwr
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
π@malwr
Cisco Talos Blog
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
π₯1