Predator Spyware Operators Rebuild Multi-Tier Infrastructure to Target Mobile Devices
Following a string of major public disclosures, Insikt Group has identified new infrastructure associated with operators of the mercenary mobile spyware Predator.
https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices
๐@malwr
Following a string of major public disclosures, Insikt Group has identified new infrastructure associated with operators of the mercenary mobile spyware Predator.
https://www.recordedfuture.com/predator-spyware-operators-rebuild-multi-tier-infrastructure-target-mobile-devices
๐@malwr
Rise in Deceptive PDF: The Gateway to Malicious Payloads
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads/
๐@malwr
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads/
๐@malwr
McAfee Blog
Rise in Deceptive PDF: The Gateway to Malicious Payloads | McAfee Blog
Authored by Yashvi Shah and Preksha Saxena McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF
๐1
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
๐@malwr
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html
๐@malwr
Trend Micro
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
The Trend Micro threat hunting team came across an RA World attack involving multistage components designed to ensure maximum impact.
GhostSecโs joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking groupโs malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
๐@malwr
Cisco Talos observed a surge in GhostSec, a hacking groupโs malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/
๐@malwr
Cisco Talos Blog
GhostSecโs joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking groupโs malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.
โค1
Unveiling Earth Kapre aka RedCurlโs Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html
๐@malwr
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to the cyberespionage threat group.
https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html
๐@malwr
Trend Micro
Unveiling Earth Kapre aka RedCurlโs Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
This blog entry will examine Trend Micro MDR team's investigation that successfully uncovered the intrusion sets employed by Earth Kapre in a recent incident, as well as how the team leveraged threat intelligence to attribute the extracted evidence to theโฆ
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/?utm_source=rss&utm_medium=rss&utm_campaign=kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly
๐@malwr
https://www.mobile-hacker.com/2024/03/06/kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly/?utm_source=rss&utm_medium=rss&utm_campaign=kali-nethunter-now-supports-bad-bluetooth-hid-attacks-to-inject-keystrokes-wirelessly
๐@malwr
Mobile Hacker
Kali NetHunter now supports Bad Bluetooth HID attacks to inject keystrokes wirelessly
This technique allows to impersonate any Bluetooth device and inject keystrokes that allows an attacker to open unwanted website, install malware or lockout user from the smartphone. Further I will explain how Bad Bluetooth attacks work, how they can be carryโฆ
๐1
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability
https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability
๐@malwr
https://www.thezdi.com/blog/2024/3/6/cve-2023-36049-microsoft-net-crlf-injection-arbitrary-file-writedeletion-vulnerability
๐@malwr
Zero Day Initiative
Zero Day Initiative โ CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Yazhi Wang of the Trend Micro Research Team detail a recently patched privilege escalation vulnerability in .NET Framework and Visual Studio. This bug wasโฆ
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
๐@malwr
https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
๐@malwr
Check Point Research
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
Key Points Introduction On January 10, 2024, Ivanti published a security advisory regarding two vulnerabilities in Ivanti Connect Secure VPN. These vulnerabilities, which were exploited in the wild, are identified as CVE-2023-46805 and CVE-2023-21887. Theโฆ
Evasive Panda leverages Monlam Festival to target Tibetans
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
๐@malwr
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
๐@malwr
Welivesecurity
Evasive Panda leverages Monlam Festival to target Tibetans
ESET research uncovers a cyberespionage campaign that has been victimizing Tibetans through targeted watering hole (also known as a strategic web compromise) and supply-chain compromise attacks
๐1
Evasive Panda leverages Monlam Festival to target Tibetans
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
๐@malwr
ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans
https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/
๐@malwr
Welivesecurity
Evasive Panda leverages Monlam Festival to target Tibetans
ESET research uncovers a cyberespionage campaign that has been victimizing Tibetans through targeted watering hole (also known as a strategic web compromise) and supply-chain compromise attacks
๐ฅ1
Analyze installed Android applications for security risks in Termux
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/?utm_source=rss&utm_medium=rss&utm_campaign=analyze-installed-android-applications-for-security-risks-in-termux
๐@malwr
https://www.mobile-hacker.com/2024/03/11/analyze-installed-android-applications-for-security-risks-in-termux/?utm_source=rss&utm_medium=rss&utm_campaign=analyze-installed-android-applications-for-security-risks-in-termux
๐@malwr
Mobile Hacker
Analyze installed Android applications for security risks in Termux
I will show you how to install and run it on non-rooted Android device using Termux app. This brings convenience of analyzing Android apps directly on device
โค1
Know your enemies: An approach for CTI teams
https://blog.virustotal.com/2024/03/know-your-enemies-approach-for-cti-teams.html
๐@malwr
https://blog.virustotal.com/2024/03/know-your-enemies-approach-for-cti-teams.html
๐@malwr
Virustotal
Know your enemies: An approach for CTI teams
VirusTotalโs Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping...
FakeBat delivered via several active malvertising campaigns
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/fakebat-delivered-via-several-active-malvertising-campaigns
๐@malwr
ThreatDown by Malwarebytes
FakeBat delivered via several active malvertising campaigns
A number of software brands are being impersonated with malicious ads and fake sites to distribute malware.
.NET Malware 101: Analyzing the .NET Executable File Structure
Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, youโre likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a...
https://intezer.com/blog/incident-response/intro-to-malware-net-executable-file/
๐@malwr
Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, youโre likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a...
https://intezer.com/blog/incident-response/intro-to-malware-net-executable-file/
๐@malwr
Intezer
.NET Malware 101: Analyzing the .NET Executable File Structure
This deep dive aims to guide you through .NET reverse engineering, equipping you with the essential knowledge to analyze .NET malware.
โค1
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
๐@malwr
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html
๐@malwr
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
๐1
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
๐@malwr
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
https://blog.talosintelligence.com/threat-actors-leveraging-document-publishing-sites/
๐@malwr
Cisco Talos
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
The Development of a Telco Attack Testing Tool
https://research.nccgroup.com/2024/03/13/the-development-of-a-telco-attack-testing-tool/
๐@malwr
https://research.nccgroup.com/2024/03/13/the-development-of-a-telco-attack-testing-tool/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
LTair: The LTE Air Interface Tool
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
๐@malwr
https://research.nccgroup.com/2024/03/14/ltair-the-lte-air-interface-tool/
๐@malwr
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
The Anatomy of an ALPHA SPIDER Ransomware Attack
ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding...
https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
๐@malwr
ALPHA SPIDER is the adversary behind the development and operation of the Alphv ransomware as a service (RaaS). Over the last year, ALPHA SPIDER affiliates have been leveraging a variety of novel techniques as part of their ransomware operations. CrowdStrike Services has observed techniques such as the usage of NTFS Alternate Data Streams for hiding...
https://www.crowdstrike.com/blog/anatomy-of-alpha-spider-ransomware/
๐@malwr
CrowdStrike.com
The Anatomy of an ALPHA SPIDER Ransomware Attack
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
๐2