Uncovering Hidden Threats with VirusTotal Code Insight
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
π@malwr
https://blog.virustotal.com/2024/01/uncovering-hidden-threats-with.html
π@malwr
Virustotal
Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various exa...
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
π@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
π@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
π1
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
π@malwr
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/?utm_source=rss&utm_medium=rss&utm_campaign=exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing
π@malwr
Mobile Hacker
Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing Mobile Hacker
[update 2024-02-19] This vulnerability can be even used to remotely wipe data of targeted Android smartphone. Using this vulnerability it is possible to guess user lock screen PIN. After five incorrect PINs device is locked out for 30 seconds. This operationβ¦
Memory Scanning for the Masses
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
π@malwr
https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/
π@malwr
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
π@malwr
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
π@malwr
Welivesecurity
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
ESET researchers uncover NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood.
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
π@malwr
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
https://www.recordedfuture.com/leaks-and-revelations-irgc-networks-cyber-companies
π@malwr
Recordedfuture
Leaks and Revelations: A Web of IRGC Networks and Cyber Companies
Iranian intelligence and military, along with contractors, target democratic processes in Western countries, including the 2020 US election.
Malicious ads for restricted messaging applications target Chinese users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
π@malwr
Malwarebytes
Malicious ads for restricted messaging applications target Chinese users
Chinese speaking users looking for Telegram, or LINE are being targeted with malicious ads. Instead of downloading the legitimate application, they install malware.
π1
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On β¦
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
π@malwr
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On β¦
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/
π@malwr
The DFIR Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - The DFIR Report
Key Takeaways In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol (RDP) host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initialβ¦
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
π@malwr
ESET provided technical analysis, statistical information, known C&C servers and was able to get a glimpse of the victimology
https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/
π@malwr
Welivesecurity
ESET takes part in global operation to disrupt the Grandoreiro banking trojan
ESET has worked with the Federal Police of Brazil on an effor to disrupt the Grandoreiro botnet, providing technical analysis, statistical information and known C&C servers to the authorities.
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
π@malwr
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
π@malwr
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
To help defenders learn more about Pawn Storm's activities and adjust their defenses, we offer a technical analysis of some of the threat actor's recent and updated techniques.
Nitrogen shelling malware from hacked sites
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
π@malwr
ThreatDown by Malwarebytes
Nitrogen shelling malware from hacked sites - ThreatDown by Malwarebytes
Threat actors are using all the tools at their disposal to deliver malware. Malicious ads are only one step in the chain, with compromised sites providing the free hosting and changing capabilitiesβ¦
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
π@malwr
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
π@malwr
Volexity
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of howβ¦
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
π@malwr
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
π@malwr
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialβ¦
π1
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
π@malwr
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
π@malwr
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
What is the Cyber Kill Chain? And How to Use It with Threat Intelligence?
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
π@malwr
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
π@malwr
Recordedfuture
What is the Cyber Kill Chain? Phases and Process Explained
The cyber kill chain process outlines phases from reconnaissance to data exfiltration, aiding in tackling ransomware and APTs. Click here to learn more.
Applying Threat Intelligence to the Diamond Model of Intrusion Analysis
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
π@malwr
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
π@malwr
Recordedfuture
What is the Diamond Model of Intrusion Analysis?
Explore the Diamond Model of Intrusion Analysis: a framework for dissecting cyber attacks into four facets: adversary, infrastructure, capability, and target. Click to learn more.
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
π@malwr
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
π@malwr
Recordedfuture
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US | Recorded Future
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
Private Eyes: Chinaβs Embrace of Open-Source Military Intelligence
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
π@malwr
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
π@malwr
Recordedfuture
Private Eyes: Chinaβs Embrace of Open-Source Military Intelligence | Recorded Future
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.