CyberSecurity Insiders

JANUARY 27, 2022

Area 1 is a Certified Microsoft Partner, and Google Cloud Technology Partner of the Year for Security. Securing two new patents, one for advanced BEC detection techniques and the second in autoscaling infrastructure, bringing the company’s total number of patents to 21 across 12 separate patent families.

Phishing 52

Phishing Retail Marketing Financial Services 52

Malwarebytes

AUGUST 3, 2022

The threat actor is using a Microsoft Office document ( ???????.docx NET DLLs embedded inside. This very capable Rat falls into the category of unknown threat actors we track. org microsoft-ru-data[.]ru ru 194.36.189.179 microsoft-telemetry[.]ru Follina vulnerability. SharpExecutor and PowerSession Commands.

Malware 107

Malware Encryption Antivirus Architecture 107

ForAllSecure

JUNE 14, 2021

This is an overarching category for a variety of techniques, all of which are looking at the active runtime code. Fuzz testing, then, is a much more agile technique, under the dynamic testing category. While the inputs might be different, the net result is the same. So what about those unknown vulnerabilities, those zero days?

Software 52

Software Technology Risk Marketing 52

Approachable Cyber Threats

AUGUST 10, 2022

Category Awareness, Case Study, Vulnerability. Many state-backed or state-sponsored hacking groups prefer ransomware attacks because it accomplishes the mission (major disruption to adversary industry or public sector operations) and it may net them a big pay day if the victim unadvisedly pays the ransom. Risk Level. Are you at risk?

DDOS 98

DDOS Cyber Attacks Government Hacking 98

Malwarebytes

AUGUST 3, 2022

The threat actor is using a Microsoft Office document ( ???????.docx NET DLLs embedded inside. This very capable Rat falls into the category of unknown threat actors we track. microsoft-ru-data[.]ru. microsoft-telemetry[.]ru. Follina vulnerability. SharpExecutor and PowerSession Commands. Malware deletes itself.

Malware 62

Malware Encryption Antivirus Architecture 62

Spinone

APRIL 23, 2019

Restore Options for Deleted Google Drive Files There are native, built-in features when working from Google Drive storage that allow a safety net of sorts when thinking about how to perform a Google Drive recovery to recover deleted items from Google Drive due to the scenarios that are mentioned above below. Easy migration. Version Control.

Backups 95

Backups Accountability Ransomware Encryption 95

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. The vulnerability affects all supported versions of Outlook, and no user interaction is required to trigger it.

Malware 90

Malware Ransomware Encryption Energy and Utilities 90

eSecurity Planet

SEPTEMBER 22, 2023

How to Analyze This Year’s MITRE Results The MITRE results were separated into two categories: detection (SNAKE and CARBON scenarios) and protection (13 tests of a product’s ability to stop an attack). Product teams typically use the tests to improve their offerings, so participation is always a net positive. Fortinet 97.9%

Cybersecurity 99

Cybersecurity Security Defenses Marketing Technology 99

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Surveillance 95

Surveillance Social Engineering Phishing Government 95

IT Security Guru

SEPTEMBER 28, 2023

Ransomware activity Common tools Intent Stop processes taskkill.exe, net stop Ensure files targeted for encryption are not locked by various applications. Thanks to Microsoft and their incredible security experts, they have provided a hugely detailed KQL detection query to Check for multiple signs of ransomware activity.

Ransomware 118

Ransomware Encryption Backups Social Engineering 118

SecureList

MAY 4, 2022

Actor uses different compilers, from Microsoft’s cl.exe or GCC under MinGW to a recent version of Go. The dropper searches the event logs for records with category 0x4142 (“AB” in ASCII) and having the Key Management Service as a source. Event logs with category 0x4142 in Key Management Service source.

Malware 137

Malware Encryption Architecture Technology 137

Cisco Security

AUGUST 26, 2021

Today we are excited to welcome 26 net new industry partners with 48 new product integrations to the CSTA program. We work with vendors across every category to solve new customer challenges and provide zero trust access and insights for everyone. Cisco Duo Security. Cisco Kenna Security. Read more here. Read more here.

Technology 119

Technology Firewall VPN Authentication 119

SecureList

AUGUST 5, 2021

A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials. Emails with a link pointing to a fake WhatsApp voice message most likely belong to the same category. Investments and public property scams.

Phishing 116

Phishing Banking Scams Computers and Electronics 116

Security Boulevard

JUNE 15, 2023

In particular, the code checks for the manufacturer ID string (with a length of 12 bytes) for the following values: “XenVMMXenVMM” (Xen HVM) “VMwareVMware” (VMware) “Microsoft Hv” (Microsoft Hyper-V) “ KVMKVMKVM “ (KVM) “prl hyperv “ (Parallels) “VBoxVBoxVBox” (VirtualBox) This detection code is likely derived from Pafish.

Cryptocurrency 52

Cryptocurrency Password Management Malware DNS 52

ForAllSecure

MAY 2, 2023

For those of you who know or remember, Code Red, was a computer worm that exploits a vulnerability in Microsoft's Internet Information Server or IIS. Let's take apart packet captures you know, Project Honey net was going well. And so, this was right, right before Code Red hit. VAMOSI: Okay, the timing was great for Daniel.

Hacking 40

Hacking Media InfoSec Internet 40

SecureList

NOVEMBER 29, 2021

In the instances we have observed, the threat actor sent spear-phishing emails, luring the victims to open a malicious Microsoft Excel/Word document. function “GET.WORKSPACE”, with three integers: 1: Get the name of the environment in which Microsoft Excel is running, as text, followed by the environment’s version number.

Phishing 84

Phishing Malware Government Antivirus 84

SecureList

MARCH 7, 2024

One such page mimicking the Microsoft website warned visitors that their computer was infected with a Trojan. Naturally, professional scammers, not Microsoft engineers, were waiting at the other end of the line. To avoid losing data, they were advised not to reboot or turn off the device until the issue was resolved.

Phishing 94

Phishing Scams Cryptocurrency Accountability 94

SecureList

JULY 28, 2022

NET, Delphi, ObjectiveC), all using an identical C2 protocol based on Google Drive. The dropper saves the shellcode into the Key Management System (KMS) event source’s information events with a specific category ID and incremented message IDs. Another technique is the use of a C2 domain name that mimics a legitimate one.

Malware 129

Malware Firmware Phishing Cryptocurrency 129

Fox IT

MAY 4, 2021

GET_SYSINFO RUN_CMD=net group "domain computers" /domain RUN_CMD=net session. On the other hand, this task manager is a gold mine for understanding how all the interactions between bots and the C&C are performed and how to filter them into multiple categories. systeminfo.exe driverquery.exe net view nslookup 127.0.0.1

Banking 98

Banking Malware Encryption Architecture 98