2011, Architecture and Malware - Cyber Security Informer

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

Researchers from ESET uncovered the activity of a new APT group, tracked as XDSpy, that has been active since at least 2011. XDSpy is the name used by ESET researchers to track a nation-state actor that has been active since at least 2011. ” reads the abstract from the talk. ” concludes the report.

Malware

Malware Government Advertising Phishing

Sandboxing: Advanced Malware Analysis in 2021

eSecurity Planet

APRIL 23, 2021

To fill this gap and aid in the analysis, detection, and testing of malware, sandboxing is widely used to give organizations the setting, isolation, and security tools needed to preserve the integrity of the host network. In 2021, sandboxes are now a fundamental part of an organization’s cybersecurity architecture. Sandbox Features.

Malware

Malware Antivirus Software Cybersecurity

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. We believe DePriMon is the first example of malware using this technique ever publicly described.”

Malware

Malware Telecommunications Advertising Encryption

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Government

Government Malware Advertising Architecture

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

Since 2011 it was employed in attacks aimed at Human Rights Defenders (HRDs) in many countries, including Bahrain, Ethiopia, UAE, and more. It extracts the binary for the relevant architecture in /tmp/udev2 and executes it. Below the infection chain for the FinSpy for Linux, descrived by the researchers. ” continues the analysis.

Spyware

Spyware Surveillance Mobile Advertising

NUVOLA: the new Cloud Security tool

Security Affairs

SEPTEMBER 28, 2022

Still, with common configuration issues and other vulnerabilities becoming commonplace in AWS architecture, it’s important to understand how bad actors could exploit our environments by understanding the most common AWS privilege escalations used. Cloud Security Context. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Engineering

Engineering Technology Architecture Accountability

Top 9 Network Access Control (NAC) Solutions

eSecurity Planet

MARCH 14, 2021

Impluse SafeConnect offers automatic device discovery and can support anywhere from 250 to 25,000 endpoints and up with its scalable appliance architecture. It offers a rule-based architecture to automate access based on use cases. Aruba ClearPass may also be known as Avenda eTIPS after HPE acquired Avenda and its NAC solution in 2011.

Education

Education Authentication Healthcare Engineering

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated. Europe, the Middle East and India. Israel, Iraq, and Saudi Arabia.

Malware

Malware DNS Media Architecture

Top MDR Services for 2021

eSecurity Planet

MAY 5, 2021

Key differentiators: Cloud-native architecture for use with cloud systems. This team uses all of CrowdStrike’s modules to offer comprehensive protection against malware and malware-free attacks. There is also currently a 0% unemployment rate in a security field that’s maintained that rate since 2011.

Threat Detection

Threat Detection Technology Artificial Intelligence Cybersecurity

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

Security Affairs

AUGUST 31, 2022

Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope , TEMP.Jumper , and Leviathan ) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018.

Energy and Utilities

Energy and Utilities Manufacturing Government Media

FinSpy: unseen findings

SecureList

SEPTEMBER 28, 2021

Kaspersky has been tracking deployments of this spyware since 2011. The Pre-Validator ensures that the victim machine is not used for malware analysis. The nature of these shellcodes indicates that they are used to fingerprint the system and verify that it is not used for malware analysis. The Trojan Loader. MacOS Infection.

Encryption

Encryption Malware Spyware Architecture

The Hacker Mind Podcast: Fuzzing Message Brokers

ForAllSecure

DECEMBER 17, 2021

This is how malware, for example, is analyzed; if the virtual machine gets infected and crashes, the physical machine isn’t impacted. The other thing I'll tell you is, I joined Codenomicon in 2011. Vamosi: Virtual Machines are what just that; they’re software representations of hardware machines. So, with a lot of fun.

Software

Software Computers and Electronics Internet Internet

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Fox IT

JUNE 23, 2020

Evil Corp were previously associated to the Dridex malware and BitPaymer ransomware, the latter came to prominence in the first half of 2017. Evil Corp has been operating the Dridex malware since July 2014 and provided access to several groups and individual threat actors. Attribution and Actor Background. Actor Tracking.

Ransomware

Ransomware Encryption Malware Architecture

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

XDR (eXtended Detection and Response) Integrations At Black Hat USA 2023, Cisco Secure was the official Mobile Device Management, DNS (Domain Name Service) and Malware Analysis Provider. When file was convicted as malicious, we would investigate the context: Is it from a classroom, where the topic is related to the behavior of the malware?

Wireless

Wireless DNS Mobile Technology

Cyber Security Informer

XDSpy APT remained undetected since at least 2011

Sandboxing: Advanced Malware Analysis in 2021

Trending Sources

DePriMon downloader uses a never seen installation technique

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Unknown FinSpy Mac and Linux versions found in Egypt

NUVOLA: the new Cloud Security tool

Top 9 Network Access Control (NAC) Solutions

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Top MDR Services for 2021

China-linked APT40 used ScanBox Framework in a long-running espionage campaign

FinSpy: unseen findings

The Hacker Mind Podcast: Fuzzing Message Brokers

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

Black Hat USA 2023 NOC: Network Assurance

Top Database Security Solutions for 2021

Stay Connected