CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
๐@malwr
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
๐@malwr
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Advanced root detection & bypass techniques
https://8ksec.io/advanced-root-detection-bypass-techniques/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-root-detection-bypass-techniques
๐@malwr
https://8ksec.io/advanced-root-detection-bypass-techniques/?utm_source=rss&utm_medium=rss&utm_campaign=advanced-root-detection-bypass-techniques
๐@malwr
8kSec
Frida Part 5: Root Detection Bypass | 8kSec
Learn advanced root detection techniques on Android and practical methods to bypass them using Frida. Covers common detection libraries and evasion strategies.
ARM64 Reversing And Exploitation Part 7 โ Bypassing ASLR and NX
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx
๐@malwr
https://8ksec.io/arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx/?utm_source=rss&utm_medium=rss&utm_campaign=arm64-reversing-and-exploitation-part-7-bypassing-aslr-and-nx
๐@malwr
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
ARM64 Reversing And Exploitation Part 7 โ Bypassing ASLR and NX
Learn ARM64 Binary Exploitation and get around ASLR and NX constraints in our Part 7 of the ARM64 Reversing and Exploitation Series. Read more !
Mobile Malware Analysis Part 2 โ MasterFred
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-2-masterfred
๐@malwr
https://8ksec.io/mobile-malware-analysis-part-2-masterfred/?utm_source=rss&utm_medium=rss&utm_campaign=mobile-malware-analysis-part-2-masterfred
๐@malwr
Hidden crypto miner in pirated software makes cybercriminals rich at the expense of their victims
https://news.drweb.com/show/?i=14792&lng=en&c=5
๐@malwr
https://news.drweb.com/show/?i=14792&lng=en&c=5
๐@malwr
Dr.Web
Hidden crypto miner in pirated software makes cybercriminals rich at the expense of their victims
Doctor Web is reporting on an increase in cases of cryptocurrency-mining trojans being found hidden in pirated software that is available in Telegram and on some Internet sites.
GitLab warns zero-click vulnerability could lead to account takeovers
https://www.malwarebytes.com/blog/news/2024/01/gitlab-warns-zero-click-vulnerability-could-lead-to-account-takeovers
๐@malwr
https://www.malwarebytes.com/blog/news/2024/01/gitlab-warns-zero-click-vulnerability-could-lead-to-account-takeovers
๐@malwr
ThreatDown by Malwarebytes
GitLab warns zero-click vulnerability could lead to account takeovers
GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.
Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
๐@malwr
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
๐@malwr
Zero Day Initiative
Zero Day Initiative โ Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
If you just want to read the contest rules, click here . These rules have been updated as of March 1, 2024, to clarify the registration process and to further define the guest operating systems available in the Virtualization category. Even thoughโฆ
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacksโฆ Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
๐@malwr
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacksโฆ Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
๐@malwr
Welivesecurity
MoustachedBouncer: Espionage against foreign diplomats in Belarus
A group titled MoustachedBouncer committing espionage against foreign embassies in Belarus has been identified by ESET Research.
From Email to RAT: Deciphering a VBS Script-Driven Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
๐@malwr
McAfee Blog
From Email to RAT: Deciphering a VB Script-Driven Campaign | McAfee Blog
Authored by Preksha Saxena and Yashvi Shah McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
๐@malwr
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
๐@malwr
Cisco Talos Blog
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
๐ฅ1
Check Point Research alerts on a new NFT airdrop campaign
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
๐@malwr
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
๐@malwr
Check Point Research
Check Point Research alerts on a new NFT airdrop campaign - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale: This campaign is unique in its methodology, employing a source spoofing techniqueโฆ
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Coldriver threat group targets high-ranking officials to obtain credentials
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
๐@malwr
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
๐@malwr
Malwarebytes
Coldriver threat group targets high-ranking officials to obtain credentials | Malwarebytes
Russian state-sponsored actor Coldriver uses spear phishing attacks ti install the Spica backdoor on their victim's system
Uncovering Hidden Threats with VirusTotal Code Insight
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
๐@malwr
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
๐@malwr
Virustotal
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various exa...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
๐@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
๐@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
๐1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
๐@malwr
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
๐@malwr
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operationโฆ
Memory Scanning for the Masses
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
๐@malwr
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
๐@malwr
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
๐@malwr
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
๐@malwr
Welivesecurity
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers uncover NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood.
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
๐@malwr
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
๐@malwr
Recordedfuture
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
Malicious ads for restricted messaging applications target Chinese users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
๐@malwr
Malwarebytes
Malicious ads for restricted messaging applications target Chinese users
Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.
๐1
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On โฆ
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
๐@malwr
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On โฆ
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
๐@malwr
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initialโฆ