LockBit Attempts to Stay Afloat With a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
π@malwr
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
https://www.trendmicro.com/en_us/research/24/b/lockbit-attempts-to-stay-afloat-with-a-new-version.html
π@malwr
Trend Micro
LockBit Attempts to Stay Afloat with a New Version
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort resulting in the undermining of its operations.
Adversarial Intelligence: Red Teaming Malicious Use Cases for AI
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate βthe art of the possibleβ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
π@malwr
Recorded Future tested four malicious use cases for artificial intelligence (AI) to illustrate βthe art of the possibleβ for threat actor use.
https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai
π@malwr
π₯2
Analyzing AsyncRAT's Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
π@malwr
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
π@malwr
Trend Micro
Analyzing AsyncRAT's Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases
This blog entry delves into MxDR's unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications.
π₯1
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
π@malwr
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html
π@malwr
Trend Micro
TeamCity Vulnerability Exploits Lead to Jasmin Ransomware, Other Malware Types
CVE-2024-27198 and CVE-2024-27199 are vulnerabilities within the TeamCity On-Premises platform that can allow attackers to gain administrative control over affected systems.
π2
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
π@malwr
Research conducted by Cisco Talos last year has uncovered multiple vulnerabilities that were rated as low-severity despite their ability to allow for full arbitrary code execution. This article examines the exploitation process step-by-step.
https://blog.talosintelligence.com/exploiting-low-severity-vulnerability-using-a-frame-pointer-overwrite/
π@malwr
Cisco Talos
Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word
Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.
Attributing I-SOON: Private Contractor Linked to Multiple Chinese State-sponsored Groups
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
π@malwr
Insikt Group uncovers ties between I-SOON and multiple Chinese state-sponsored cyber groups like RedAlpha and RedHotel.
https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups
π@malwr
π₯1
2024-03-19: DarkGate infection
https://www.malware-traffic-analysis.net/2024/03/19/index.html
π@malwr
https://www.malware-traffic-analysis.net/2024/03/19/index.html
π@malwr
β€1
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π1
What is the primary purpose of Command and Control (C&C) servers in relation to malware?
Final Results
4%
To encrypt user data
2%
To block access to websites
4%
To increase internet speed
91%
To remotely control infected devices
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
Cisco Talos
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
cert.pl
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations usingβ¦
π3
New Go loader pushes Rhadamanthys stealer
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
ThreatDown by Malwarebytes
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π₯1
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
Trend Micro
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
π1
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
Mobile Hacker
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
BlueDucky solves the problem of auto device discovery, locally stores found Bluetooth devices and utilized Rubber Ducky scripts that are injected from separated
Borrower beware: Common loan scams and how to avoid them
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Welivesecurity
Borrower beware: How to avoid being scammed when looking for a loan
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
Do you like to read security related tweets here? To read these tweets you should have twitter app.
Final Results
46%
I have twitter and I want to read these posts
54%
I don't have twitter and I can't read these posts
Violent Extremists Dox Executives, Enabling Physical Threats
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
π1