CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
🎖@malwr
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html
🎖@malwr
Trend Micro
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by…
Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html
🎖@malwr
Trend Micro
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
🎖@malwr
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
🎖@malwr
Check Point Research
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture - Check Point Research
Introduction Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security…
2024-01-23 - UltraVNC infection
https://www.malware-traffic-analysis.net/2024/01/23/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2024/01/23/index.html
🎖@malwr
2024-01-17 - Malspam pushes WikiLoader
https://www.malware-traffic-analysis.net/2024/01/17/index.html
🎖@malwr
https://www.malware-traffic-analysis.net/2024/01/17/index.html
🎖@malwr
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
https://blog.talosintelligence.com/tinyturla-next-generation/
🎖@malwr
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
https://blog.talosintelligence.com/tinyturla-next-generation/
🎖@malwr
Cisco Talos
TinyTurla Next Generation - Turla APT spies on Polish NGOs
This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
🎖@malwr
ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs
https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/
🎖@malwr
Welivesecurity
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps
ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
Massive utility scam campaign spreads via online ads
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/massive-utility-scam-campaign-spreads-via-online-ads
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/massive-utility-scam-campaign-spreads-via-online-ads
🎖@malwr
Malwarebytes
Massive utility scam campaign spreads via online ads
Malwarebytes researchers have discovered a prolific campaign of fraudulent energy ads shown to users via Google searches.
Remote Monitoring & Management software used in phishing attacks
https://www.malwarebytes.com/blog/cybercrime/2024/02/remote-monitoring-management-software-used-in-phishing-attacks
🎖@malwr
https://www.malwarebytes.com/blog/cybercrime/2024/02/remote-monitoring-management-software-used-in-phishing-attacks
🎖@malwr
Malwarebytes
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
Threat actors are abusing commercial remote software like AnyDesk to phish users and defraud them.
Navigating 2024's Geopolitical Fault Lines
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
https://www.recordedfuture.com/navigating-2024s-geopolitical-fault-lines
🎖@malwr
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
https://www.recordedfuture.com/navigating-2024s-geopolitical-fault-lines
🎖@malwr
Recordedfuture
Navigating 2024's Geopolitical Fault Lines
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
👍1
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
🎖@malwr
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
🎖@malwr
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia's SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.Continue reading
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/
🎖@malwr
In early September 2023, APT29, a group affiliated with Russia's SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.Continue reading
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/
🎖@malwr
Security Café
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives.…
🗿3
What is Old is New Again: Lessons in Anti-Ransom Policy
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
https://www.recordedfuture.com/blog/lessons-from-history-anti-ransom-strategies
🎖@malwr
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
https://www.recordedfuture.com/blog/lessons-from-history-anti-ransom-strategies
🎖@malwr
Recordedfuture
What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
One year later, Rhadamanthys is still dropped via malvertising
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising
🎖@malwr
ThreatDown by Malwarebytes
One year later, Rhadamanthys is still dropped via malvertising - ThreatDown by Malwarebytes
Infostealers like Rhadamanthys continue to be a favorite among malware distributors who leverage search engine ads to lure victims.
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/
🎖@malwr
McAfee Blog
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files | McAfee Blog
Authored by: Vignesh Dhatchanamoorthy In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep
Russia Seeks to Exploit Western "War Fatigue" to Win in Ukraine
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
https://www.recordedfuture.com/russia-seeks-exploit-western-war-fatigue-win-ukraine
🎖@malwr
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
https://www.recordedfuture.com/russia-seeks-exploit-western-war-fatigue-win-ukraine
🎖@malwr
Recordedfuture
Russia Seeks to Exploit Western "War Fatigue" to Win in Ukraine
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
https://www.welivesecurity.com/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/
🎖@malwr
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
https://www.welivesecurity.com/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/
🎖@malwr
Welivesecurity
Blue Team: 6 open source tools to defend your position
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor