Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
π@malwr
Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.
https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html
π@malwr
Trend Micro
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
To help defenders learn more about Pawn Storm's activities and adjust their defenses, we offer a technical analysis of some of the threat actor's recent and updated techniques.
Nitrogen shelling malware from hacked sites
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/nitrogen-shelling-malware-from-hacked-sites
π@malwr
ThreatDown by Malwarebytes
Nitrogen shelling malware from hacked sites - ThreatDown by Malwarebytes
Threat actors are using all the tools at their disposal to deliver malware. Malicious ads are only one step in the chain, with compromised sites providing the free hosting and changing capabilitiesβ¦
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
π@malwr
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
π@malwr
Volexity
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of howβ¦
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
π@malwr
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
π@malwr
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialβ¦
π1
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
π@malwr
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
π@malwr
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
What is the Cyber Kill Chain? And How to Use It with Threat Intelligence?
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
π@malwr
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
π@malwr
Recordedfuture
What is the Cyber Kill Chain? Phases and Process Explained
The cyber kill chain process outlines phases from reconnaissance to data exfiltration, aiding in tackling ransomware and APTs. Click here to learn more.
Applying Threat Intelligence to the Diamond Model of Intrusion Analysis
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
π@malwr
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
π@malwr
Recordedfuture
What is the Diamond Model of Intrusion Analysis?
Explore the Diamond Model of Intrusion Analysis: a framework for dissecting cyber attacks into four facets: adversary, infrastructure, capability, and target. Click to learn more.
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
π@malwr
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
π@malwr
Recordedfuture
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US | Recorded Future
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
Private Eyes: Chinaβs Embrace of Open-Source Military Intelligence
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
π@malwr
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
π@malwr
Recordedfuture
Private Eyes: Chinaβs Embrace of Open-Source Military Intelligence | Recorded Future
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
π@malwr
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
π@malwr
Zero Day Initiative
Zero Day Initiative β CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobilityβ¦
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
π@malwr
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
π@malwr
Trend Micro
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
Facebook fatal accident scam still rages on
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
π@malwr
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
π@malwr
Malwarebytes
[Updated]Facebook fatal accident scam still rages on
We look at a scam campaign on Facebook that continues to do the rounds, and how you can recover your compromised account.
Scarabs colon-izing vulnerable servers
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
π@malwr
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
π@malwr
Welivesecurity
Scarabs colon-izing vulnerable servers
@ESETresearch takes a look at #Spacecolon, a #Delphi toolset designed to provide backdoor access and/or deploy #Scarab #ransomware to vulnerable servers. It has been used since at least 2020 and is still actively developed.
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
π@malwr
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
π@malwr
Check Point Research
Raspberry Robin Keeps Riding the Wave of Endless 1-Days - Check Point Research
Key Findings Introduction Raspberry Robin is a widely distributed worm first reported by Red Canary in 2021. Its capabilities and evasions in addition to its very active distribution made it one of the most intriguing malware out there. We at Check Pointβ¦
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
A network of at least 123 websites operated from within the Peopleβs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmβs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
π@malwr
A network of at least 123 websites operated from within the Peopleβs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmβs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
π@malwr
The Citizen Lab
PAPERWALL
A network of at least 123 websites operated from within the Peopleβs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much largerβ¦
Analyzing AI Application Threat Models
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
π@malwr
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
π@malwr
NCC Group Research Blog
Analyzing AI Application Threat Models
AbstractThreat Model AnalysisInferences (MATA Methodology)Threat VectorsSecurity ControlsConsiderations For AI Penetration TestsConclusions Abstract The following analysis explores the paradigm andβ¦
π1
MoqHao evolution: New variants start automatically right after installation
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
π@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
π@malwr
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
Malware News pinned Β«πππForward posts to the other groups you are inπππΒ»