North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
๐@malwr
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
๐@malwr
Recordedfuture
North Korea-Aligned TAG-71 Spoofs Financial Institutions in Asia and US | Recorded Future
TAG-71, linked to North Korea's APT38, targets global finance & venture firms, risking sensitive info exposure and business disruption.
Private Eyes: Chinaโs Embrace of Open-Source Military Intelligence
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
๐@malwr
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
https://www.recordedfuture.com/private-eyes-chinas-embrace-open-source-military-intelligence
๐@malwr
Recordedfuture
Private Eyes: Chinaโs Embrace of Open-Source Military Intelligence | Recorded Future
Using advanced technology, the People's Liberation Army (PLA) leverages open-source intelligence (OSINT) for military advantage.
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
๐@malwr
https://www.thezdi.com/blog/2024/2/5/cve-2023-46263-ivanti-avalanche-arbitrary-file-upload-vulnerability
๐@malwr
Zero Day Initiative
Zero Day Initiative โ CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobilityโฆ
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
๐@malwr
In this blog entry, we discuss CVE-2023-22527, a vulnerability in Atlassian Confluence that has a CVSS score of 10 and could allow threat actors to perform remote code execution.
https://www.trendmicro.com/en_us/research/24/b/unveiling-atlassian-confluence-vulnerability-cve-2023-22527--und.html
๐@malwr
Trend Micro
Unveiling Atlassian Confluence Vulnerability CVE-2023-22527: Understanding and Mitigating Remote Code Execution Risks
Facebook fatal accident scam still rages on
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
๐@malwr
https://www.malwarebytes.com/blog/news/2024/02/facebook-fatal-accident-scam-still-rages-on
๐@malwr
Malwarebytes
[Updated]Facebook fatal accident scam still rages on
We look at a scam campaign on Facebook that continues to do the rounds, and how you can recover your compromised account.
Scarabs colon-izing vulnerable servers
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
๐@malwr
Analysis of Spacecolon, a toolset used to deploy Scarab ransomware on vulnerable servers, and its operators, CosmicBeetle
https://www.welivesecurity.com/en/eset-research/scarabs-colon-izing-vulnerable-servers/
๐@malwr
Welivesecurity
Scarabs colon-izing vulnerable servers
@ESETresearch takes a look at #Spacecolon, a #Delphi toolset designed to provide backdoor access and/or deploy #Scarab #ransomware to vulnerable servers. It has been used since at least 2020 and is still actively developed.
Raspberry Robin Keeps Riding the Wave of Endless 1-Days
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
๐@malwr
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
๐@malwr
Check Point Research
Raspberry Robin Keeps Riding the Wave of Endless 1-Days - Check Point Research
Key Findings Introduction Raspberry Robin is a widely distributed worm first reported by Red Canary in 2021. Its capabilities and evasions in addition to its very active distribution made it one of the most intriguing malware out there. We at Check Pointโฆ
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmโs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
๐@malwr
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firmโs official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
๐@malwr
The Citizen Lab
PAPERWALL
A network of at least 123 websites operated from within the Peopleโs Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much largerโฆ
Analyzing AI Application Threat Models
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
๐@malwr
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
๐@malwr
NCC Group Research Blog
Analyzing AI Application Threat Models
AbstractThreat Model AnalysisInferences (MATA Methodology)Threat VectorsSecurity ControlsConsiderations For AI Penetration TestsConclusions Abstract The following analysis explores the paradigm andโฆ
๐1
MoqHao evolution: New variants start automatically right after installation
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
๐@malwr
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
Malware News pinned ยซ๐๐๐Forward posts to the other groups you are in๐๐๐ยป
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
https://blog.talosintelligence.com/new-zardoor-backdoor/
๐@malwr
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
https://blog.talosintelligence.com/new-zardoor-backdoor/
๐@malwr
Cisco Talos
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named โZardoor.โ
Maldocs ยญof Word and Excel: Vigor of the Ages
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
๐@malwr
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
๐@malwr
Check Point Research
Maldocs ยญof Word and Excel: Vigor of the Ages - Check Point Research
Research by: Raman Ladutska We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real worldโฆ
Puckungfu 2: Another NETGEAR WAN Command Injection
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection/
๐@malwr
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection/
๐@malwr
NetHunter Hacker XIII: Overall guide to MITM framework
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework
๐@malwr
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework
๐@malwr
Mobile Hacker
NetHunter Hacker XIII: Overall guide to MITM framework Mobile Hacker
I will cover the several methods that attackers may employ to intercept network communication to execute ARP poisoning, HTTP and HTTPS traffic interception, and DNS spoofing. In the video below is a demonstration of using SSLstrip and DNS change to interceptโฆ
๐2
CharmingCypress: Innovating Persistence
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observ...
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/
๐@malwr
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observ...
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/
๐@malwr
Volexity
CharmingCypress: Innovating Persistence
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypressโฆ
HijackLoader Expands Techniques to Improve Defense Evasion
HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling A recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasion CrowdStrike detects this new HijackLoader variant using machine learning and behavior-based detection capabilities CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion...
https://www.crowdstrike.com/blog/hijackloader-expands-techniques/
๐@malwr
HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling A recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasion CrowdStrike detects this new HijackLoader variant using machine learning and behavior-based detection capabilities CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion...
https://www.crowdstrike.com/blog/hijackloader-expands-techniques/
๐@malwr
CrowdStrike.com
HijackLoader Expands Techniques to Improve Defense Evasion
Read this blog to learn about the HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.
โค1
CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks
Azure cross-tenant synchronization (CTS) was made generally available on May 30, 2023, and introduced a new attack surface on Microsoft Entra ID (formerly Azure Active Directory) where attackers can move laterally to a partner tenant or create a backdoor on an existing tenant. CrowdStrike showcases two observed attack paths to outline how adversaries can abuse...
https://www.crowdstrike.com/blog/crowdstrike-defends-against-azure-cross-tenant-synchronization-attacks/
๐@malwr
Azure cross-tenant synchronization (CTS) was made generally available on May 30, 2023, and introduced a new attack surface on Microsoft Entra ID (formerly Azure Active Directory) where attackers can move laterally to a partner tenant or create a backdoor on an existing tenant. CrowdStrike showcases two observed attack paths to outline how adversaries can abuse...
https://www.crowdstrike.com/blog/crowdstrike-defends-against-azure-cross-tenant-synchronization-attacks/
๐@malwr
CrowdStrike.com
CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks
Read this blog and learn how CrowdStrike Falcon Cloud Security defends against Azure cross-tenant synchronization attacks.
๐1