How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
๐@malwr
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitatio...
https://www.volexity.com/blog/2024/02/01/how-memory-forensics-revealed-exploitation-of-ivanti-connect-secure-vpn-zero-day-vulnerabilities/
๐@malwr
Volexity
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
In a recent series of blog posts related to two zero-day vulnerabilities in Ivanti Connect Secure VPN, Volexity shared details of active in-the-wild exploitation; provided an update on how exploitation had gone worldwide; and reported observations of howโฆ
NetHunter Hacker XII: Master Social Engineering using SET
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
๐@malwr
https://www.mobile-hacker.com/2024/02/02/nethunter-hacker-xii-master-social-engineering-using-set/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xii-master-social-engineering-using-set
๐@malwr
Mobile Hacker
NetHunter Hacker XII: Master Social Engineering using SET Mobile Hacker
Social engineering is a technique used by attackers to trick people into disclosing private information or doing activities that affect the security of a system or network. The Social-Engineer Toolkit (SET) is one of the most popular tools used in socialโฆ
๐1
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
๐@malwr
ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group
https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/
๐@malwr
Welivesecurity
VajraSpy: A Patchwork of espionage apps
ESET researchers discovered several Android apps that posed as messaging tools but carried VajraSpy, a RAT used by the Patchwork APT group
What is the Cyber Kill Chain? And How to Use It with Threat Intelligence?
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
๐@malwr
A common misconception with cyber threat intelligence is that it's just about catching attacks before they happen. Learn why this assumption is wrong.
https://www.recordedfuture.com/blog/cyber-kill-chain
๐@malwr
Recordedfuture
What is the Cyber Kill Chain? Phases and Process Explained
The cyber kill chain process outlines phases from reconnaissance to data exfiltration, aiding in tackling ransomware and APTs. Click here to learn more.
Applying Threat Intelligence to the Diamond Model of Intrusion Analysis
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
๐@malwr
As an analyst, you may have come across various threat models in your career. In the cybersecurity and threat intelligence industries, there are several approaches used to analyze and track the characteristics of cyber intrusions by advanced threat actors. One popular approach is the Diamond Model of Intrusion Analysis.
https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis
๐@malwr
Recordedfuture
What is the Diamond Model of Intrusion Analysis?
Explore the Diamond Model of Intrusion Analysis: a framework for dissecting cyber attacks into four facets: adversary, infrastructure, capability, and target. Click to learn more.
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
๐@malwr
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
๐@malwr
Recordedfuture
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US | Recorded Future
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
Private Eyes: Chinaโs Embrace of Open-Source Military Intelligence
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
๐@malwr
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
๐@malwr
Recordedfuture
Private Eyes: Chinaโs Embrace of Open-Source Military Intelligence | Recorded Future
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
๐@malwr
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
๐@malwr
Zero Day Initiative
Zero Day Initiative โ CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobilityโฆ
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
๐@malwr
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
๐@malwr
Trend Micro
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
Facebook fatal accident scam still rages on
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
๐@malwr
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
๐@malwr
Malwarebytes
[Updated]Facebook fatal accident scam still rages on
We look at a scam campaign on Facebook that continues to do the rounds, and how you can recover your compromised account.
Scarabs colon-izing vulnerable servers
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
๐@malwr
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
๐@malwr
Welivesecurity
Scarabs colon-izing vulnerable servers
@ESETresearch takes a look at #Spacecolon, a #Delphi toolset designed to provide backdoor access and/or deploy #Scarab #ransomware to vulnerable servers. It has been used since at least 2020 and is still actively developed.
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
๐@malwr
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
๐@malwr
Check Point Research
Raspberry Robin Keeps Riding the Wave of Endless 1-Days - Check Point Research
Key Findings Introduction Raspberry Robin is a widely distributed worm first reported by Red Canary in 2021. Its capabilities and evasions in addition to its very active distribution made it one of the most intriguing malware out there. We at Check Pointโฆ
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmโs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
๐@malwr
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmโs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
๐@malwr
The Citizen Lab
PAPERWALL
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much largerโฆ
Analyzing AI Application Threat Models
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
๐@malwr
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
๐@malwr
NCC Group Research Blog
Analyzing AI Application Threat Models
AbstractThreat Model AnalysisInferences (MATA Methodology)Threat VectorsSecurity ControlsConsiderations For AI Penetration TestsConclusions Abstract The following analysis explores the paradigm andโฆ
๐1
MoqHao evolution: New variants start automatically right after installation
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
๐@malwr
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
Malware News pinned ยซ๐๐๐Forward posts to the other groups you are in๐๐๐ยป
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
https://blog.talosintelligence.com/new-zardoor-backdoor/
๐@malwr
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
https://blog.talosintelligence.com/new-zardoor-backdoor/
๐@malwr
Cisco Talos
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
Maldocs ยญof Word and Excel: Vigor of the Ages
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
๐@malwr
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
๐@malwr
Check Point Research
Maldocs ยญof Word and Excel: Vigor of the Ages - Check Point Research
Research by: Raman Ladutska We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real worldโฆ