Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
๐@malwr
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/
๐@malwr
Cisco Talos Blog
Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers
Malicious drivers are difficult to detect and successfully leveraging one can give an attacker full access to a system.
๐ฅ1
Check Point Research alerts on a new NFT airdrop campaign
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
๐@malwr
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/
๐@malwr
Check Point Research
Check Point Research alerts on a new NFT airdrop campaign - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin A recent investigation conducted by Check Point Research has revealed a sophisticated NFT scam campaign operating on a large scale: This campaign is unique in its methodology, employing a source spoofing techniqueโฆ
Beware: Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
https://www.trendmicro.com/en_us/research/23/j/beware-lumma-stealer-distributed-via-discord-cdn-.html
๐@malwr
Trend Micro
Beware Lumma Stealer Distributed via Discord CDN
This blog discusses how threat actors abuse Discordโs content delivery network (CDN) to host and spread Lumma Stealer, and talks about added capabilities to the information stealing malware.
Coldriver threat group targets high-ranking officials to obtain credentials
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
๐@malwr
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
๐@malwr
Malwarebytes
Coldriver threat group targets high-ranking officials to obtain credentials | Malwarebytes
Russian state-sponsored actor Coldriver uses spear phishing attacks ti install the Spica backdoor on their victim's system
Uncovering Hidden Threats with VirusTotal Code Insight
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
๐@malwr
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
๐@malwr
Virustotal
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various exa...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
๐@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
๐@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
๐1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
๐@malwr
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
๐@malwr
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operationโฆ
Memory Scanning for the Masses
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
๐@malwr
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
๐@malwr
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
๐@malwr
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
๐@malwr
Welivesecurity
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers uncover NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood.
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
๐@malwr
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
๐@malwr
Recordedfuture
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
Malicious ads for restricted messaging applications target Chinese users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
๐@malwr
Malwarebytes
Malicious ads for restricted messaging applications target Chinese users
Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.
๐1
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On โฆ
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
๐@malwr
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On โฆ
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
๐@malwr
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initialโฆ
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
๐@malwr
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
๐@malwr
Welivesecurity
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET has worked with the Federal Police of Brazil on an effor to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities.
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
๐@malwr
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
๐@malwr
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
To help defenders learn more about Pawn Storm's activities and adjust their defenses, we offer a technical analysis of some of the threat actor's recent and updated techniques.
Nitrogen shelling malware from hacked sites
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
๐@malwr
ThreatDown by Malwarebytes
Nitrogen shelling malware from hacked sites - ThreatDown by Malwarebytes
Threat actors are using all the tools at their disposal to deliver malware. Malicious ads are only one step in the chain, with compromised sites providing the free hosting and changing capabilitiesโฆ
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
๐@malwr
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
๐@malwr
Volexity
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of howโฆ
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
๐@malwr
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
๐@malwr
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialโฆ
๐1
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
๐@malwr
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
๐@malwr
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
What is the Cyber Kill Chain? And How to Use It with Threat Intelligence?
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
๐@malwr
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
๐@malwr
Recordedfuture
What is the Cyber Kill Chain? Phases and Process Explained
The cyber kill chain process outlines phases from reconnaissance to data exfiltration, aiding in tackling ransomware and APTs. Click here to learn more.