Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π1
What is the primary purpose of Command and Control (C&C) servers in relation to malware?
Final Results
4%
To encrypt user data
2%
To block access to websites
4%
To increase internet speed
91%
To remotely control infected devices
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
https://blog.talosintelligence.com/tinyturla-full-kill-chain/
π@malwr
Cisco Talos
New details on TinyTurlaβs post-compromise activity reveal full kill chain
We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises.
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
https://cert.pl/en/posts/2024/03/CVE-2024-2463/
π@malwr
cert.pl
Vulnerabilities in CDeX software
CERT Poland has received a report about three vulnerabilities (from CVE-2024-2463 to CVE-2024-2465) found in CDeX software.
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/?utm_source=rss&utm_medium=rss&utm_campaign=bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers
π@malwr
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations usingβ¦
π3
New Go loader pushes Rhadamanthys stealer
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys
π@malwr
ThreatDown by Malwarebytes
New Go loader pushes Rhadamanthys stealer
A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
Rescoms rides waves of AceCryptor spam
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Insight into ESET telemetry statistics about AceCryptor in H2 2023 with a focus on Rescoms campaigns in European countries
https://www.welivesecurity.com/en/eset-research/rescoms-rides-waves-acecryptor-spam/
π@malwr
Welivesecurity
Rescoms rides waves of AceCryptor spam
ESET research shares insights into AceCryptor, one of the most popular and prevalent cryptors-as-a-service (CaaS) in the second half of 2023, with a focus on Rescoms campaigns in European countries
π₯1
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html
π@malwr
Trend Micro
Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
This blog entry discusses the Agenda ransomware group's use of its latest Rust variant to propagate to VMWare vCenter and ESXi servers.
π1
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
π@malwr
Mobile Hacker
BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
BlueDucky solves the problem of auto device discovery, locally stores found Bluetooth devices and utilized Rubber Ducky scripts that are injected from separated
Borrower beware: Common loan scams and how to avoid them
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
https://www.welivesecurity.com/en/scams/borrower-beware-common-loan-scams/
π@malwr
Welivesecurity
Borrower beware: How to avoid being scammed when looking for a loan
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Hereβs how to avoid being scammed when considering a loan.
Do you like to read security related tweets here? To read these tweets you should have twitter app.
Final Results
46%
I have twitter and I want to read these posts
54%
I don't have twitter and I can't read these posts
Violent Extremists Dox Executives, Enabling Physical Threats
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
Domestic violent extremists are increasingly doxing senior U.S. leaders β publishing their personally identifiable information without their consent and with malicious intent.
https://www.recordedfuture.com/violent-extremists-dox-executives-enabling-physical-threats
π@malwr
π1
Shielder - Hunting for Unauthenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
π@malwr
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
https://www.shielder.com/blog/2024/01/hunting-for-~~un~~authenticated-n-days-in-asus-routers/
π@malwr
Shielder
Shielder - Hunting for ~~Un~~authenticated n-days in Asus Routers
Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.
Agent Tesla [Part 1: Unpacking] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-1/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 1: Unpacking]
Introduction
π1
Agent Tesla [Part 2: Deobfuscation] | Ryan Weil
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Introduction
https://ryan-weil.github.io/posts/AGENT-TESLA-2/
π@malwr
Ryan Weil
Agent Tesla Analysis [Part 2: Deobfuscation]
Introduction
π1
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra Β· GitHub
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.2_build
π@malwr
GitHub
Release Ghidra 11.0.2 Β· NationalSecurityAgency/ghidra
What's New
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906
Change History
Installation Guide
SHA-256: 4f16ae3f288f8c01fd1872e8e55b25c79744e7b1e8a9383c5e576668ca7d1906
βCVE-2024-21388β- Microsoft Edgeβs Marketing API Exploited for Covert Extension Installation | by Guardio | Mar, 2024 | Medium
At Guardio, making browsing safer is what we do best, with one of our key products being a browser extension that boosts usersβ security on desktop browsers. Our expertise in this area led us toβ¦
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
π@malwr
At Guardio, making browsing safer is what we do best, with one of our key products being a browser extension that boosts usersβ security on desktop browsers. Our expertise in this area led us toβ¦
https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
π@malwr
Medium
βCVE-2024-21388β- Microsoft Edgeβs Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
π1
Yaxser/Backstab: A tool to kill antimalware protected processes
https://github.com/Yaxser/Backstab
π@malwr
https://github.com/Yaxser/Backstab
π@malwr
GitHub
GitHub - Yaxser/Backstab: A tool to kill antimalware protected processes
A tool to kill antimalware protected processes. Contribute to Yaxser/Backstab development by creating an account on GitHub.
π₯1
Uncovering Malicious Infrastructure with DNS Pivoting
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Demonstrating DNS pivoting and analysis techniques for uncovering Malicious infrastructure
https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/
π@malwr
Embee Research
Introduction To Malware Infrastructure Analysis With Passive DNS
Malware Infrastructure Tracking Using Passive DNS Intelligence.