Raspberry Robin Keeps Riding the Wave of Endless 1-Days
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
🎖@malwr
https://research.checkpoint.com/2024/raspberry-robin-keeps-riding-the-wave-of-endless-1-days/
🎖@malwr
Check Point Research
Raspberry Robin Keeps Riding the Wave of Endless 1-Days - Check Point Research
Key Findings Introduction Raspberry Robin is a widely distributed worm first reported by Red Canary in 2021. Its capabilities and evasions in addition to its very active distribution made it one of the most intriguing malware out there. We at Check Point…
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firm’s official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
🎖@malwr
A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger volumes of commercial press releases. We name this campaign PAPERWALL. We attribute the PAPERWALL campaign to Shenzhen Haimaiyunxiang Media Co., Ltd., aka Haimai, a PR firm in China based on digital infrastructure linkages between the firm’s official website and the network. These findings confirm the increasingly important role private firms play in the realm of digital influence operations and the propensity of the Chinese government to make use of them.
https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/
🎖@malwr
The Citizen Lab
PAPERWALL
A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much larger…
Analyzing AI Application Threat Models
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
🎖@malwr
https://research.nccgroup.com/2024/02/07/analyzing-ai-application-threat-models/
🎖@malwr
NCC Group Research Blog
Analyzing AI Application Threat Models
AbstractThreat Model AnalysisInferences (MATA Methodology)Threat VectorsSecurity ControlsConsiderations For AI Penetration TestsConclusions Abstract The following analysis explores the paradigm and…
👍1
MoqHao evolution: New variants start automatically right after installation
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/moqhao-evolution-new-variants-start-automatically-right-after-installation/
🎖@malwr
McAfee Blog
MoqHao evolution: New variants start automatically right after installation | McAfee Blog
Authored by Dexter Shin MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015.
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”
https://blog.talosintelligence.com/new-zardoor-backdoor/
🎖@malwr
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”
https://blog.talosintelligence.com/new-zardoor-backdoor/
🎖@malwr
Cisco Talos
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named “Zardoor.”
Maldocs of Word and Excel: Vigor of the Ages
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
🎖@malwr
https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/
🎖@malwr
Check Point Research
Maldocs of Word and Excel: Vigor of the Ages - Check Point Research
Research by: Raman Ladutska We chose a fantasy decoration style at certain points of the article to attract attention to the described problem. We hope that visualizing a fantasy adventure as a fight against the source of evil will transform the real world…
Puckungfu 2: Another NETGEAR WAN Command Injection
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection/
🎖@malwr
https://research.nccgroup.com/2024/02/09/puckungfu-2-another-netgear-wan-command-injection/
🎖@malwr
NetHunter Hacker XIII: Overall guide to MITM framework
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework
🎖@malwr
https://www.mobile-hacker.com/2024/02/13/nethunter-hacker-xiii-overall-guide-to-mitm-framework
🎖@malwr
Mobile Hacker
NetHunter Hacker XIII: Overall guide to MITM framework Mobile Hacker
I will cover the several methods that attackers may employ to intercept network communication to execute ARP poisoning, HTTP and HTTPS traffic interception, and DNS spoofing. In the video below is a demonstration of using SSLstrip and DNS change to intercept…
👍2
CharmingCypress: Innovating Persistence
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observ...
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/
🎖@malwr
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observ...
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/
🎖@malwr
Volexity
CharmingCypress: Innovating Persistence
Through its managed security services offerings, Volexity routinely identifies spear-phishing campaigns targeting its customers. One persistent threat actor, whose campaigns Volexity frequently observes, is the Iranian-origin threat actor CharmingCypress…
HijackLoader Expands Techniques to Improve Defense Evasion
HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling A recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasion CrowdStrike detects this new HijackLoader variant using machine learning and behavior-based detection capabilities CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion...
https://www.crowdstrike.com/blog/hijackloader-expands-techniques/
🎖@malwr
HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling A recent HijackLoader variant employs sophisticated techniques to enhance its complexity and defense evasion CrowdStrike detects this new HijackLoader variant using machine learning and behavior-based detection capabilities CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion...
https://www.crowdstrike.com/blog/hijackloader-expands-techniques/
🎖@malwr
CrowdStrike.com
HijackLoader Expands Techniques to Improve Defense Evasion
Read this blog to learn about the HijackLoader sample that employs sophisticated evasion techniques to enhance the complexity of the threat.
❤1
CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks
Azure cross-tenant synchronization (CTS) was made generally available on May 30, 2023, and introduced a new attack surface on Microsoft Entra ID (formerly Azure Active Directory) where attackers can move laterally to a partner tenant or create a backdoor on an existing tenant. CrowdStrike showcases two observed attack paths to outline how adversaries can abuse...
https://www.crowdstrike.com/blog/crowdstrike-defends-against-azure-cross-tenant-synchronization-attacks/
🎖@malwr
Azure cross-tenant synchronization (CTS) was made generally available on May 30, 2023, and introduced a new attack surface on Microsoft Entra ID (formerly Azure Active Directory) where attackers can move laterally to a partner tenant or create a backdoor on an existing tenant. CrowdStrike showcases two observed attack paths to outline how adversaries can abuse...
https://www.crowdstrike.com/blog/crowdstrike-defends-against-azure-cross-tenant-synchronization-attacks/
🎖@malwr
CrowdStrike.com
CrowdStrike Defends Against Azure Cross-Tenant Synchronization Attacks
Read this blog and learn how CrowdStrike Falcon Cloud Security defends against Azure cross-tenant synchronization attacks.
👍1
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
🎖@malwr
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
🎖@malwr
Trend Micro
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by…
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
🎖@malwr
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
🎖@malwr
Check Point Research
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture - Check Point Research
Introduction Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security…
2024-01-23 - UltraVNC infection
https://www.malware-traffic-analysis.net/2024/01/23/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2024/01/23/index.html
🎖@malwr
2024-01-17 - Malspam pushes WikiLoader
https://www.malware-traffic-analysis.net/2024/01/17/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2024/01/17/index.html
🎖@malwr
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
https://blog.talosintelligence.com/tinyturla-next-generation/
🎖@malwr
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
https://blog.talosintelligence.com/tinyturla-next-generation/
🎖@malwr
Cisco Talos
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.