Security Affairs

MARCH 16, 2021

The IT giant reported that at least one China linked APT group, tracked as HAFNIUM , chained these vulnerabilities to access on-premises Exchange servers to access email accounts, and install backdoors to maintain access to victim environments. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments.”

Small Business 99

Small Business Manufacturing Banking Hacking 99

Security Affairs

SEPTEMBER 30, 2020

More than 247,000 Microsoft Exchange servers are still vulnerable to attacks exploiting the CVE-2020-0688 RCE issue impacting Exchange Server. The CVE-2020-0688 vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the problem is that Exchange servers fail to properly create unique keys at install time.

Advertising 104

Advertising Authentication Hacking Accountability 104

Krebs on Security

MARCH 1, 2022

Conti makes international news headlines each week when it publishes to its dark web blog new information stolen from ransomware victims who refuse to pay an extortion demand. News of the Trickbot compromise was first published here on Oct. News of the Trickbot compromise was first published here on Oct. On Sunday, Feb.

Ransomware 264

Ransomware Healthcare Cybercrime Government 264

Security Boulevard

OCTOBER 24, 2023

How do they recover operational efficiency without compromising trust or security through the recovery process? Attack Technique Format This blog covers multiple Kerberos abuse based attack techniques, detection guidance and remediation of a compromised domain. How do defenders truly reclaim control over their domain?

Backups 67

Backups Passwords Authentication Accountability 67

SecureList

MAY 6, 2021

Windows rootkits, especially those operating in kernel space, are pieces of malware infamous for their near absolute power in the operating system. Having said that, the successful deployment and execution of a rootkit component in Windows has become a difficult task over the years.

Malware 145

Malware Architecture Engineering Technology 145

SecureList

NOVEMBER 1, 2022

Our recent investigations show that this year, from February at least, HotCousin has attempted to compromise foreign affairs ministries in Europe, Asia, Africa and South America. Their blogpost also introduced new malware, dubbed Jackpot – previously unknown fileless malware targeting IIS servers.

Malware 139

Malware Ransomware Spyware Encryption 139

SecureList

AUGUST 15, 2022

Earlier this year, we discovered a malicious campaign that employed a new technique for installing fileless malware on target machines by injecting a shellcode directly into Windows event logs. While fileless malware is nothing new, the way the encrypted shellcode containing the malicious payload is embedded into Windows event logs is.

Mobile 79

Mobile Ransomware Malware Encryption 79

Security Boulevard

JULY 7, 2023

Once decrypted, the trojan gathers crucial system information, as well as data pertaining to installed browsers and the Topaz OFD Protection Module, before sending it to the command and control server of the attackers in an encoded format. Read on to learn more about this alarming threat. Figure 2 - The multi-staged infection chain.

Malware 104

Malware Encryption Phishing Internet 104

SecureList

FEBRUARY 25, 2021

We observed how they overcame network segmentation by gaining access to an internal router machine and configuring it as a proxy server, allowing them to exfiltrate stolen data from the intranet network to their remote server. One of the compromised hosts received several spear-phishing documents on May 19, 2020.

Malware 133

Malware Phishing Passwords Encryption 133

Security Boulevard

MAY 5, 2022

The most common scenario where this would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate. TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it.” Related Posts.

Encryption 52

Encryption Software Media Authentication 52

SecureList

MARCH 30, 2021

A month later, we discovered new activities from A41APT that utilized modified and updated payloads, and that’s what we cover in this blog. Encrypted Ecipekac Layer II loader (shellcode). Please note that the Ecipekac Layer III loader module is embedded in the encrypted Layer II loader. Ecipekac: Layer II loader shellcode.

Malware 141

Malware Encryption VPN Technology 141

Security Affairs

APRIL 24, 2019

MicrosoftCreate.exe ” file is the UPX-packed version of the “wget” tool compiled for Window, a free utility for non-interactive HTTP downloads and uploads, a flexible tool commonly used by sys-admins and sometimes abused by threat actors. Windows NT 6.1; Figure 8: Persistence through task schedule (II). cmd” script.

Advertising 81

Advertising Passwords Cyber threats Malware 81

SecureList

APRIL 27, 2022

This wiper, named HermeticWiper by the research community, abuses legitimate drivers from EaseUS Partition Master to corrupt the drivers of the compromised system. Octopus is only one of DustSquad’s tools, along with other Windows and Android malware such as Zaka, Akinak and Harpoon. Chinese-speaking activity.

Malware 131

Malware Firmware Government Phishing 131

Security Boulevard

JUNE 27, 2022

In earlier campaigns observed in 2021, the main distribution vector used by this threat group was Windows Shortcut files (LNK) sent inside malicious archive files (ZIP) as email attachments in spear phishing emails to the victims. In this blog, we present the technical details of all components involved in the end-to-end attack chain.

Encryption 52

Encryption Media Engineering Phishing 52

McAfee

SEPTEMBER 14, 2021

Within ATR we typically monitor many adversaries for years and collect and store data, ranging from indicators of compromise (IOCs) to the TTPs. McAfee customers are protected from the malware/tools described in this blog. Payload file with the config to communicate with Command & Control Server (C2). Windows NT 6.3;

Malware 144

Malware DNS Accountability Manufacturing 144

Malwarebytes

APRIL 6, 2023

Act II: Malwarebytes Takes the Stage (September 2012 - 2016) With the grand entrance of Malwarebytes Enterprise Edition (MEE) in late 2012, our business offerings went from a fresh-faced newcomer to a seasoned performer. Keep an eye on our blog and press center for the latest goodness for Malwarebytes for Business!

Cybersecurity 69

Cybersecurity Malware Cyber threats Small Business 69

NopSec

APRIL 26, 2017

According to the The Register’s article , last week we started assisting to the widespread exploitation of The Shadow Brokers ’ leaked Windows exploits, compromising thousands of vulnerable hosts over the Internet. This widespread exploitation prompted me to release this blog post that I have been mulling for a while.

Hacking 52

Hacking Banking Firewall Internet 52

SecureList

MAY 12, 2021

As soon as such a vulnerability is disclosed, they compromise as many affected servers as possible before the defenders have applied the corresponding updates. Part II: The darknet shenanigans. The ransomware is now distributed mainly through compromised RDP accesses, phishing, and software vulnerabilities.

Ransomware 123

Ransomware Encryption Malware Cybercrime 123

Fox IT

JUNE 23, 2020

In one case, they successfully compromised a target over 6 months after their initial failure to obtain privileged access. Typically, they hit file servers, database services, virtual machines and cloud environments. They also demonstrate patience and persistence. WastedLocker. Technical Analysis. CobaltStrike payloads.

Ransomware 45

Ransomware Encryption Malware Architecture 45

Security Affairs

MARCH 19, 2020

Today I want to contribute to such a blog-roll analyzing a new spreading variant that hit my observatory. js performs an ActiveXObject call to WScript.Shell in order to execute Windows command lists. OCX and (ii) MiZl5xsDRylf0W.tmp renamed by Stage 2 into Wordcnvpxy.exe. Text file including PE32 file. 9sOXN6Ltf0afe7.js

Computers and Electronics 100

Computers and Electronics Penetration Testing Malware Cyber Attacks 100

SecureList

JULY 28, 2022

We identified a Windows variant of this sample using the same string encryption algorithm, internal modules, and functionalities. Our two private reports provided technical information on the Windows and SPARC variants respectively. On January 24, a hash for sophisticated Solaris SPARC malware was posted on Twitter.

Malware 130

Malware Firmware Phishing Cryptocurrency 130

ForAllSecure

MAY 2, 2023

That, of course, was not all, but it is an example of how someone -- anyone on the internet -- can take a photo or blog post or Yelp review from social media, or some other seemingly random open source item and tie it back to a crime. And we're never going to be good at blogging. That’s not always as easy as it sounds.

Hacking 40

Hacking Media InfoSec Internet 40

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. Okta was breached through one of its service providers, Sitel, itself compromised via the insecure VPN gateway of a recently acquired company.

Firmware 106

Firmware Surveillance Mobile Telecommunications 106