Blog - Cyber Security Informer

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

Security Affairs

SEPTEMBER 16, 2022

ISO and IMG archives have become attractive to threat actors because, from Windows 10 onwards, double-clicking these files automatically mounts them as a virtual disk drive and makes their content easily accessible.” “Detecting malicious IMG and ISO archives served via phishing attachments is routine for Mandiant Managed Defense.

Phishing

Phishing Malware Internet Internet

Security Affairs newsletter Round 263

Security Affairs

MAY 10, 2020

Million MobiFriends User details leaked online North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT SilverTerrier gang uses COVID-19 lures in BEC attacks against Healthcare, Government Organizations Sodinokibi gang hacked law firm of the celebrities and threatens to release the docs.

Hacking

Hacking Data breaches Advertising Accountability

CWE-22: Path Traversal Vulnerabilities

Security Boulevard

SEPTEMBER 9, 2021

As an example, let’s take a look at an e-commerce website that renders product images as follows: <img src=”exampleCo.com/showImage?filename=product.png”> How path traversal works. filename=product.png”> Notice that the showImage parameter accepts a file name of an image, then retrieves that image. src/images/product.png).

Software

Software Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Client-side Magecart attacks still around, but more covert

Malwarebytes

JUNE 20, 2022

This blog post was authored by Jérôme Segura. One of the hostnames from our previous blog on the anti-vm skimmer, con[.]digital-speed[.]net, For an example of a client-side attack via JavaScript draining crypto assets, check out this blog from Eliya Stein over at Confiant. Connection with previous skimmer activity. livestatic[.]com/theme/main.js

VPN

VPN Marketing Phishing Hacking

Lazarus targets defense industry with ThreatNeedle

SecureList

FEBRUARY 25, 2021

In our previous blog about Lazarus group, we mentioned the Bookcode cluster attributed to Lazarus group; and recently the Korea Internet and Security Agency (KISA) also published a report about the operation. com/smarteditor/img/upload[.]asp. kr/img/upload[.]asp. com:443/img/prettyPhoto/jquery.max[.]php. Domains and IPs.

Malware

Malware Phishing Passwords Encryption

Winner of the AT&T Diversity and Inclusion Champion Award 2021

CyberSecurity Insiders

OCTOBER 25, 2021

blog-content-area img {. width: 200px!important; important; height: auto!important; important; }. WomeninCyber. Todd Waskelis is the winner this year for his outstanding mentoring and building a highly diverse team!

Technology

Technology Cybersecurity Risk Threat Detection

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

<br/><img src="" + wwww + "/my9rep/777.php?imgto=wait"></img></center>"; imgto=wait"></img></center>"; var waitfk = ""; var waitlok = "<div><center> <br/> Prowadzone sa prace modernizacyjne w celu jak najszybszego przywrocenia dzialania systemu.<br/>Przyblizony e to potrwa?

Banking

Banking Malware Internet Internet

Remcos RAT delivered via Visual Basic

Malwarebytes

JULY 19, 2021

This blog post was authored by Erika Noerenberg. img) file, though malicious documents are also sometimes used. Introduction. Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan (RAT) via financially-themed emails. zip Report-11003456773312.vbs.

Malware

Malware DNS Software Marketing

Exposing the "PDF Botnet" – An OSINT Analysis

Security Boulevard

MARCH 3, 2023

com[/]img[/]files[/]kelagug[.]pdf utm_term=picsart+background+image++hd hxxp:[/][/]www[.]lbtfilm[.]com[/]uploads[/]files[/]koxuwegemagobuwidewas[.]pdf com[/]uploads[/]files[/]koxuwegemagobuwidewas[.]pdf pdf hxxp:[/][/]teputire[.]weebly[.]com[/]uploads[/]1[/]3[/]0[/]8[/]130813428[/]tixok[.]pdf pdf hxxp:[/][/]www[.]hypnotiseur[.]com[/]wp-content[/]plugins[/]formcraft[/]file-upload[/]server[/]content[/]files[/]16210e2f2aed0f

Software

Expert discovered it was possible to delete all projects in the Microsoft Translator Hub

Security Affairs

JULY 21, 2018

the “ projectid ” parameter in the above request is the ID of the individual project in the database, which in this case is “ 12839 “, by observing the above HTTP request, a simple delete project query could be something like:-” wrote the expert in a blog post. img tag, iframe, lots of possibilities here) “[link].

Advertising

Advertising Hacking

Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers

Security Boulevard

JUNE 13, 2022

The sample with the SHA256 hash 4a88f9feaed04917f369fe5089f5c09f791bf1214673f6313196188e98093d74 was analyzed for this blog. img) file containing a fake.bat file named 63342221.BAT. WarzoneRAT. Overview of an infection process. This sample is an image (.img) 4a88f9feaed04917f369fe5089f5c09f791bf1214673f6313196188e98093d74.

Malware

Malware Encryption Antivirus Advertising

Remcos RAT delivered via Visual Basic

Malwarebytes

JULY 19, 2021

This blog post was authored by Erika Noerenberg. img) file, though malicious documents are also sometimes used. Introduction. Over the past months, Malwarebytes researchers have been tracking a unique malspam campaign delivering the Remcos remote access trojan (RAT) via financially-themed emails. zip Report-11003456773312.vbs.

Malware

Malware DNS Software Marketing

Kali NetHunter Updates

Kali Linux

MARCH 31, 2020

The USB Arsenal also allows you to mount images (img and iso) and to provide them as a mass storage device to target machines as if it were a USB stick. On the topic of documentation; the documentation for the kernel builder is yet to be completed but we plan to finish that within 7 days of this blog post going up.

Encryption

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

MARCH 31, 2021

In that blog post I included the code Scott Helme had de-obfuscated which showed a very simple bit of JavaScript, really just the inclusion of a.js The link goes through to this blog post and the message can be easily dismissed by folks who just want to browse the site. file from coinhive.com and the setting of a 32-byte key.

Technology

Technology Mobile Internet Internet

How we took part in MLSEC and (almost) won

SecureList

OCTOBER 28, 2021

Drawing on this domain knowledge, we devised our first obfuscation scheme: Create a small fake “personal blog” page. Instead of shifting, we encoded each byte as an integer number and put the numbers into invisible <img> tags. Phishing pages consisting almost entirely of screenshots in base64.

Phishing

Phishing Malware Architecture Technology

Year-long spear-phishing campaign targets global energy industry

SC Magazine

JULY 8, 2021

That attachment – which is designed to mimic the appearance of a PDF but is usually an IMG, ISO or CAB file — contains information-stealing malware to steal banking data, log keystrokes and collect browsing data.

Phishing

Phishing Malware Engineering Media

SOC Technology Failures?—?Do They Matter?

Anton on Security

DECEMBER 10, 2021

img src: [link] Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Hence this blog was born. SOC Technology Failures?—?Do Do They Matter? BTW, if somebody wakes me up at 3:00 a.m. and says “Anton, what is the top reason why a security operation center may fail?”

Technology

Technology CISO Data collection Threat Detection

Anti-Scraping Part 1: Core Principles to Deter Scraping

NetSpi Technical

JUNE 29, 2023

Fake Message Board In this series of blogs, a fake message board site we developed will be utilized to demonstrate the back and forth between defenders hardening their application, and scrapers bypassing those protections. HTTP Request: GET /home HTTP/1.1 Host: 127.0.0.1:12345 HTTP Request: GET /419101/profile/ HTTP/1.1 Host: 127.0.0.1:12345

Passwords

Passwords Accountability Authentication Media

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Troy Hunt

NOVEMBER 14, 2018

Logging on to Report URI and being greeted with something like this: This blog post is about how add-ons and extensions in browsers cause CSP violations like the ones above and how they should be dealt with. A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP).

Media

Media Accountability Technology

SOC Technology Failures?—?Do They Matter?

Security Boulevard

DECEMBER 10, 2021

img src: [link]. Hence this blog was born. SOC Technology Failures?—?Do Do They Matter? Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. BTW, if somebody wakes me up at 3:00 a.m. and says “Anton, what is the top reason why a security operation center may fail?”

Technology

Technology CISO Data collection Threat Detection

Russia-linked APT29 targets diplomatic and government organizations

Security Affairs

MAY 1, 2022

These phishing emails utilized a malicious HTML dropper tracked as ROOTSAW, that makes use of a technique known as HTML smuggling to deliver an IMG or ISO file to a victim system.” The messages used the HTML smuggling technique to deliver an IMG or ISO file to the victims. ” reads the analysis published by Mandiant.

Government

Government Phishing Hacking Malware

Cyber Security Informer

North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp

Security Affairs newsletter Round 263

Webinars

Trending Sources

CWE-22: Path Traversal Vulnerabilities

Webinars

Client-side Magecart attacks still around, but more covert

Lazarus targets defense industry with ThreatNeedle

Winner of the AT&T Diversity and Inclusion Champion Award 2021

Analyzing a Danabot Paylaod that is targeting Italy

Remcos RAT delivered via Visual Basic

Exposing the "PDF Botnet" – An OSINT Analysis

Expert discovered it was possible to delete all projects in the Microsoft Translator Hub

Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers

Remcos RAT delivered via Visual Basic

Kali NetHunter Updates

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

How we took part in MLSEC and (almost) won

Year-long spear-phishing campaign targets global energy industry

SOC Technology Failures?—?Do They Matter?

Anti-Scraping Part 1: Core Principles to Deter Scraping

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

SOC Technology Failures?—?Do They Matter?

Russia-linked APT29 targets diplomatic and government organizations

Stay Connected