Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
🎖@malwr
https://www.thezdi.com/blog/2024/1/16/pwn2own-vancouver-2024-bring-cloud-nativecontainer-security-to-pwn2own
🎖@malwr
Zero Day Initiative
Zero Day Initiative — Pwn2Own Vancouver 2024: Bringing Cloud-Native/Container Security to Pwn2Own
If you just want to read the contest rules, click here . These rules have been updated as of March 1, 2024, to clarify the registration process and to further define the guest operating systems available in the Virtualization category. Even though…
MoustachedBouncer: Espionage against foreign diplomats in Belarus
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
🎖@malwr
Long-term espionage against diplomats, leveraging email-based C&C protocols, C++ modular backdoors, and adversary-in-the-middle (AitM) attacks… Sounds like the infamous Turla? Think again!
https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/
🎖@malwr
Welivesecurity
MoustachedBouncer: Espionage against foreign diplomats in Belarus
A group titled MoustachedBouncer committing espionage against foreign embassies in Belarus has been identified by ESET Research.
From Email to RAT: Deciphering a VBS Script-Driven Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vbs-script-driven-campaign/
🎖@malwr
McAfee Blog
From Email to RAT: Deciphering a VB Script-Driven Campaign | McAfee Blog
Authored by Preksha Saxena and Yashvi Shah McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
🎖@malwr
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
🎖@malwr
Cisco Talos Blog
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
🔥1
Check Point Research alerts on a new NFT airdrop campaign
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
🎖@malwr
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
🎖@malwr
Check Point Research
Check Point Research alerts on a new NFT airdrop campaign - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale: This campaign is unique in its methodology, employing a source spoofing technique…
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
🎖@malwr
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
🎖@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discord’s content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Coldriver threat group targets high-ranking officials to obtain credentials
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
🎖@malwr
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
🎖@malwr
Malwarebytes
Coldriver threat group targets high-ranking officials to obtain credentials | Malwarebytes
Russian state-sponsored actor Coldriver uses spear phishing attacks ti install the Spica backdoor on their victim's system
Uncovering Hidden Threats with VirusTotal Code Insight
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
🎖@malwr
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
🎖@malwr
Virustotal
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various exa...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
👍1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
🎖@malwr
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
🎖@malwr
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operation…
Memory Scanning for the Masses
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
🎖@malwr
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
🎖@malwr
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
🎖@malwr
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
🎖@malwr
Welivesecurity
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers uncover NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood.
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
🎖@malwr
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
🎖@malwr
Recordedfuture
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
Malicious ads for restricted messaging applications target Chinese users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
🎖@malwr
Malwarebytes
Malicious ads for restricted messaging applications target Chinese users
Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.
👍1
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On …
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
🎖@malwr
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On …
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
🎖@malwr
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial…
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
🎖@malwr
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
🎖@malwr
Welivesecurity
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET has worked with the Federal Police of Brazil on an effor to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities.
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
🎖@malwr
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
🎖@malwr
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
To help defenders learn more about Pawn Storm's activities and adjust their defenses, we offer a technical analysis of some of the threat actor's recent and updated techniques.
Nitrogen shelling malware from hacked sites
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
🎖@malwr
ThreatDown by Malwarebytes
Nitrogen shelling malware from hacked sites - ThreatDown by Malwarebytes
Threat actors are using all the tools at their disposal to deliver malware. Malicious ads are only one step in the chain, with compromised sites providing the free hosting and changing capabilities…
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
🎖@malwr
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
🎖@malwr
Volexity
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of how…