Remote Monitoring & Management software used in phishing attacks
https://www.malwarebytes.com/blog/cybercrime/2024/02/remote-monitoring-management-software-used-in-phishing-attacks
🎖@malwr
https://www.malwarebytes.com/blog/cybercrime/2024/02/remote-monitoring-management-software-used-in-phishing-attacks
🎖@malwr
Malwarebytes
Remote Monitoring & Management software used in phishing attacks | Malwarebytes
Threat actors are abusing commercial remote software like AnyDesk to phish users and defraud them.
Navigating 2024's Geopolitical Fault Lines
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
https://www.recordedfuture.com/navigating-2024s-geopolitical-fault-lines
🎖@malwr
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
https://www.recordedfuture.com/navigating-2024s-geopolitical-fault-lines
🎖@malwr
Recordedfuture
Navigating 2024's Geopolitical Fault Lines
Explore key 2024 geopolitical risks: Middle East volatility, Russia-Ukraine tensions, and China-Taiwan relations, with insights on global conflict flashpoints.
👍1
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
🎖@malwr
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail
🎖@malwr
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia's SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.Continue reading
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/
🎖@malwr
In early September 2023, APT29, a group affiliated with Russia's SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.Continue reading
https://securitycafe.ro/2024/02/19/winrar-rce-vulnerability-spotlight-apt29s-zero-day-tactics/
🎖@malwr
Security Café
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives.…
🗿3
What is Old is New Again: Lessons in Anti-Ransom Policy
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
https://www.recordedfuture.com/blog/lessons-from-history-anti-ransom-strategies
🎖@malwr
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
https://www.recordedfuture.com/blog/lessons-from-history-anti-ransom-strategies
🎖@malwr
Recordedfuture
What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future
Dive into the parallels between traditional kidnapping and ransomware to explore effective anti-ransom policies and historical lessons for today's digital threats.
One year later, Rhadamanthys is still dropped via malvertising
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising
🎖@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/02/one-year-later-rhadamanthys-is-still-dropped-via-malvertising
🎖@malwr
ThreatDown by Malwarebytes
One year later, Rhadamanthys is still dropped via malvertising - ThreatDown by Malwarebytes
Infostealers like Rhadamanthys continue to be a favorite among malware distributors who leverage search engine ads to lure victims.
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/guloader-unmasked-decrypting-the-threat-of-malicious-svg-files/
🎖@malwr
McAfee Blog
GUloader Unmasked: Decrypting the Threat of Malicious SVG Files | McAfee Blog
Authored by: Vignesh Dhatchanamoorthy In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep
Russia Seeks to Exploit Western "War Fatigue" to Win in Ukraine
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
https://www.recordedfuture.com/russia-seeks-exploit-western-war-fatigue-win-ukraine
🎖@malwr
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
https://www.recordedfuture.com/russia-seeks-exploit-western-war-fatigue-win-ukraine
🎖@malwr
Recordedfuture
Russia Seeks to Exploit Western "War Fatigue" to Win in Ukraine
Russia aims to influence 2024 Western elections, exploiting "war fatigue" over Ukraine aid to sway opinions and outcomes. Learn how Moscow leverages data and strategies to shape global politics.
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
https://www.welivesecurity.com/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/
🎖@malwr
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
https://www.welivesecurity.com/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/
🎖@malwr
Welivesecurity
Blue Team: 6 open source tools to defend your position
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
NetHunter Hacker XV: Use Nmap for network scanning
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xv-use-nmap-for-network-scanning
🎖@malwr
https://www.mobile-hacker.com/2024/03/01/nethunter-hacker-xv-use-nmap-for-network-scanning/?utm_source=rss&utm_medium=rss&utm_campaign=nethunter-hacker-xv-use-nmap-for-network-scanning
🎖@malwr
Mobile Hacker
NetHunter Hacker XV: Use Nmap for network scanning
Besides explaining NetHunter’s nmap user interface and its usage, we will take one extra step further to actually demonstrate its functionality on our router to search for open ports and known vulnerabilities.
Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
Following a string of major public disclosures, Insikt Group has identified new infrastructure associated with operators of the mercenary mobile spyware Predator.
https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices
🎖@malwr
Following a string of major public disclosures, Insikt Group has identified new infrastructure associated with operators of the mercenary mobile spyware Predator.
https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices
🎖@malwr
Rise in Deceptive PDF: The Gateway to Malicious Payloads
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads/
🎖@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads/
🎖@malwr
McAfee Blog
Rise in Deceptive PDF: The Gateway to Malicious Payloads | McAfee Blog
Authored by Yashvi Shah and Preksha Saxena McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF
👍1
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
🎖@malwr
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
🎖@malwr
Trend Micro
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
🎖@malwr
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
🎖@malwr
Cisco Talos Blog
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
❤1
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html
🎖@malwr
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html
🎖@malwr
Trend Micro
Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the…
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/?utm_source=rss&utm_medium=rss&utm_campaign=kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly
🎖@malwr
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/?utm_source=rss&utm_medium=rss&utm_campaign=kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly
🎖@malwr
Mobile Hacker
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
This technique allows to impersonate any Bluetooth device and inject keystrokes that allows an attacker to open unwanted website, install malware or lockout user from the smartphone. Further I will explain how Bad Bluetooth attacks work, how they can be carry…
👍1
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability
https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability
🎖@malwr
https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability
🎖@malwr
Zero Day Initiative
Zero Day Initiative — CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Yazhi Wang of the Trend Micro Research Team detail a recently patched privilege escalation vulnerability in .NET Framework and Visual Studio. This bug was…