2024-03-14: AsyncRAT and XWorm infection
https://www.malware-traffic-analysis.net/2024/03/14/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2024/03/14/index.html
๐@malwr
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
https://blog.talosintelligence.com/ransomware-affiliate-model/
๐@malwr
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
https://blog.talosintelligence.com/ransomware-affiliate-model/
๐@malwr
Cisco Talos
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
๐1
Ransomwareโs appetite for US healthcare sees known attacks double in a year
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
๐@malwr
https://www.malwarebytes.com/blog/ransomware/2024/03/ransomwares-appetite-for-us-healthcare-sees-known-attacks-double-in-a-year
๐@malwr
ThreatDown by Malwarebytes
Ransomwareโs appetite for US healthcare sees known attacks double in a year - ThreatDown by Malwarebytes
The US healthcare industry suffers more ransomware attacks than most countries.
Hello everybody. I'm sorry for inconvenience. To keep our channel up, I have to pay for server and services. For that, we need financial support. If channel members could kindly donate in BTC, I will not post any ads in the channel.
Sincerely,
@SirMalware
๐@malwr
Sincerely,
@SirMalware
๐@malwr
๐7
Healthcare still a prime target for cybercrime gangs โ Week in security with Tony Anscombe
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
https://www.welivesecurity.com/en/videos/healthcare-target-cybercrime-week-security-tony-anscombe/
๐@malwr
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
https://www.welivesecurity.com/en/videos/healthcare-target-cybercrime-week-security-tony-anscombe/
๐@malwr
Welivesecurity
Healthcare still a prime target for cybercrime gangs โ Week in security with Tony Anscombe
Healthcare organizations remain firmly in attackers' crosshairs, accounting for more than 20 percent of all ransomware attacks that targeted critical infrastructure entities in the US in 2023
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html
๐@malwr
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html
๐@malwr
Trend Micro
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
Ethereumโs CREATE2: A Double-Edged Sword in Blockchain Security
https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-in-blockchain-security/
๐@malwr
https://research.checkpoint.com/2024/ethereums-create2-a-double-edged-sword-in-blockchain-security/
๐@malwr
Check Point Research
Ethereum's CREATE2: A Double-Edged Sword in Blockchain Security - Check Point Research
By Oded Vanunu, Dikla Barda, Roman Zaikin Ethereumโs CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involvesโฆ
โค1
Jenkins Args4j CVE-2024-23897: Files Exposed, Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html
๐@malwr
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
https://www.trendmicro.com/en_us/research/24/c/cve-2024-23897.html
๐@malwr
Trend Micro
Jenkins Args4j CVE-2024-23897 Files Exposed Code at Risk
Jenkins, a popular open-source automation server, was discovered to be affected by a file read vulnerability, CVE-2024-23897.
๐1
LockBit Attempts to Stay Afloat With a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
๐@malwr
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
๐@malwr
Trend Micro
LockBit Attempts to Stay Afloat with a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Adversarial Intelligence: Red Teaming Malicious Use Cases for AI
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate โthe art of the possibleโ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
๐@malwr
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate โthe art of the possibleโ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
๐@malwr
๐ฅ2
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
๐@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
๐ฅ1
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
๐@malwr
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
๐@malwr
Trend Micro
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
๐2
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
๐@malwr
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
๐@malwr
Cisco Talos
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
๐@malwr
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
๐@malwr
๐ฅ1
2024-03-19: DarkGate infection
https://www.malware-traffic-analysis.net/2024/03/19/index.html
๐@malwr
https://www.malware-traffic-analysis.net/2024/03/19/index.html
๐@malwr
โค1
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
๐@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
๐@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
๐1
What is the primary purpose of Command and Control (C&C) servers in relation to malware?
Final Results
4%
To encrypt user data
2%
To block access to websites
4%
To increase internet speed
91%
To remotely control infected devices
New details on TinyTurlaโs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
๐@malwr
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
๐@malwr
Cisco Talos
New details on TinyTurlaโs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
๐@malwr
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
๐@malwr
cert.pl
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
๐@malwr
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
๐@malwr
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations usingโฆ
๐3
New Go loader pushes Rhadamanthys stealer
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
๐@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
๐@malwr
ThreatDown by Malwarebytes
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.