Event, Information Security and Malware

Malware campaign hides a shellcode into Windows event logs

Security Affairs

MAY 7, 2022

Experts spotted a malware campaign that is the first one using a technique of hiding a shellcode into Windows event logs. In February 2022 researchers from Kaspersky spotted a malicious campaign using a novel technique that consists of hiding the shellcode in Windows event logs. SecurityAffairs – hacking, Windows event logs).

Malware

Malware Encryption Hacking Cybersecurity

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Security Affairs

APRIL 27, 2024

ThreatFabric researchers identified a new Android malware called Brokewell, which implements a wide range of device takeover capabilities. ThreatFabric researchers uncovered a new mobile malware named Brokewell, which is equipped with sophisticated device takeover features. ” reads the report published by ThreatFabric.

Malware

Malware Spyware Authentication Mobile

Frebniis malware abuses Microsoft IIS feature to create a backdoor

Security Affairs

FEBRUARY 19, 2023

Experts spotted a malware dubbed Frebniis that abuses a Microsoft IIS feature to deploy a backdoor and monitor all HTTP traffic to the system. Frebniis operates by injecting code into the memory of the iisfreb.dll which is used by the IIS feature Failed Request Event Buffering (FREB) for troubleshooting failed requests.

Malware

Malware Passwords Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Putin proposes new information security collaboration to US, including no-hack pact for election

Security Affairs

SEPTEMBER 28, 2020

Russian Government has published a statement by President Vladimir Putin that proposes to the United States a comprehensive program of measures for restoring the Russia – US cooperation in information security. ” Putin suggested four actions to set up a prolific collaboration on Information security. .

Information Security

Information Security Hacking Advertising Government

USENIX Security ’23 – Yizheng Chen, Zhoujie Ding, David Wagner – # Continuous Learning for Android Malware Detection

Security Boulevard

JANUARY 29, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Malware

Malware Information Security

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

JUNE 7, 2023

aerospace defense sector with a new PowerShell malware dubbed PowerDrop. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption.

Malware

Malware Encryption Internet Internet

USENIX Security ’23 – Black-box Adversarial Example Attack Towards FCG Based Android Malware Detection Under Incomplete Feature Information

Security Boulevard

JANUARY 31, 2024

Author/Presenters : Heng Li, Zhang Cheng, Bang Wu, Liheng Yuan, Cuiying Gao, Wei Yuan, Xiapu Luo Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.

Malware

Malware Architecture Education Information Security

US govt is hunting a Chinese malware that can interfere with its military operations

Security Affairs

AUGUST 1, 2023

The US government believes that China has deployed malware in key US power and communications networks that can be activated in case of a conflict. American intelligence officials believe China has implanted malware in key US power and communications networks that can be used in case of conflict, reported The New York Times.

Malware

Malware Government Manufacturing Hacking

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

Security Affairs

NOVEMBER 2, 2021

The FBI warns of ransomware attacks on businesses involved in “time-sensitive financial events” such as corporate mergers and acquisitions. Ransomware gangs target these companies because there is a high likelihood that they will pay the ransom to avoid the impact of the disclosure of sensitive data during these events.

Ransomware

Ransomware Hacking Accountability Cybercrime

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The team of experts presented their technique at the Annual Computer Security Applications Conference ( ACSAC ) that took place in December. ” reads a research paper published by the experts.

IoT

IoT Malware Internet Internet

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Security Affairs

MARCH 11, 2024

In January, Sucuri researchers reported that Balada Injector malware infected over 7100 WordPress sites using a vulnerable version of the Popup Builder WordPress plugin. In the past three weeks, the researchers observed a spike in attacks from a new malware campaign e this same exploiting the same flaw in Popup Builder. traveltraffic[.]cc

Malware

Malware Hacking Cybercrime Information Security

Iranian Broadcaster IRIB hit by wiper malware

Security Affairs

FEBRUARY 23, 2022

Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. Researchers from CheckPoint that investigated the attack reported that the attackers used a wiper malware to disrupt the state’s broadcasting networks, damaging both TV and radio networks.

Malware

Malware Passwords Backups Hacking

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

Italy was also marginally affected by the attack and the case was dealt with by the Computer Crime Operations Centre of the Postal Police (CNAIPIC ) [link] , which promptly issued an alert [link] on the very day of the event, recommending some useful actions also to prevent further possible propagation. The infection chain.

Malware

Malware Computers and Electronics Encryption Ransomware

Operation Triangulation: previously undetected malware targets iOS devices

Security Affairs

JUNE 1, 2023

“The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data” reads the analysis published by Kaspersky. According to Kaspersky researchers, Operation Triangulation began at least in 2019 and is still ongoing.

Malware

Malware Backups Mobile Hacking

USENIX Security ’23 – Simone Aonzo, Yufei Han, Alessandro Mantovani, Davide Balzarotti – Humans vs. Machines in Malware Classification

Security Boulevard

JANUARY 30, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Malware

Malware Architecture Education Information Security

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’

Security Boulevard

NOVEMBER 17, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’ appeared first on Security Boulevard.

Hacking

Hacking Malware Architecture Education

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

The risks are real, and the impact of cybersecurity events continues to grow. A cyber catastrophe may seem inevitable, but there are basic practices and actionable steps any healthcare organization can take to begin reducing the clear and present risk of being impacted by a cybersecurity event. Scheduling? Practice to improve response.

Healthcare

Healthcare Cyber Attacks Education Social Engineering

DEF CON 31 – Patrick Wardle’s ‘Leveraging macOS Networking Frameworks to Heuristically Detect Malware’

Security Boulevard

NOVEMBER 5, 2023

Originating from the conference events at Caesars Forum, Flamingo, Harrah’s and Linq in Las Vegas, Nevada ; via the organizations YouTube channel. Permalink The post DEF CON 31 – Patrick Wardle’s ‘Leveraging macOS Networking Frameworks to Heuristically Detect Malware’ appeared first on Security Boulevard.

Malware

Malware Architecture Education Information Security

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization’s worst nightmare come true.

Malware

Malware Computers and Electronics Adware Spyware

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

million unfilled cyber security jobs, showing a big need for skilled professionals. Email Threats: More than 75% of targeted attacks start with an email, delivering 94% of malware. Healthcare Spending: From 2020 to 2025, the healthcare sector plans to spend $125 billion on cyber security to tackle its vulnerability.

Social Engineering

Social Engineering Cyber Attacks Cyber Insurance IoT

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. In the recent campaign, threat actors used a customized PlugX malware that includes a completed backdoor command module, the researchers named it DOPLUGS. ” reads the report published by Trend Micro.

Malware

Malware Phishing Government Passwords

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

Security Affairs

SEPTEMBER 3, 2021

Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. CLFS can be used for both data logging as well as for event logging. Mandiant provides YARA rules to detect PRIVATELOG and STASHLOG malware as well as possible variants.

Malware

Malware Encryption Hacking Cybersecurity

NFL Teams Up with Cisco to Secure Super Bowl LVI

Cisco Security

FEBRUARY 15, 2022

Since it’s a live event, 100 percent uptime is imperative for the Super Bowl, ensuring fans don’t miss a moment of the action. The Super Bowl is the largest sporting and television event in the United States, with nearly 100 million viewers. Securing an event of this magnitude can be quite a challenge.

Firewall

Firewall Technology Malware Network Security

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

iShutdown lightweight method allows to discover spyware infections on iPhones

Security Affairs

JANUARY 17, 2024

The iOS devices log any reboot event in this file along with multiple environment information. The analysis of the infections also revealed other similarities such as the path associated with malware execution (“/private/var/db/”). The experts noticed some log entry notes related to processes that prevented a normal reboot.

Spyware

Spyware Mobile Malware Surveillance

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

ESET researchers discovered a new piece of malware dubbed CDRThief targets a specific Voice over IP system to steal call data records (CDR). The VoIP platform Linknat VOS2009 and VOS3000 targeted by the malware is used by two China-produced softswitches (software switches). ” reads the analysis published by ESET.

Malware

Malware Encryption Advertising Passwords

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 31, 2023

INC RANSOM ransomware gang claims to have breached Xerox Corp Spotify music converter TuneFab puts users at risk Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania Russia-linked APT28 used new malware in a recent phishing campaign Clash of Clans gamers at risk while using third-party app New Version of Meduza (..)

Artificial Intelligence

Artificial Intelligence Cyber Attacks Malware Ransomware

Balada Injector continues to infect thousands of WordPress sites

Security Affairs

JANUARY 15, 2024

Balada Injector malware infected more than 7100 WordPress sites using a vulnerable version of the Popup Builder plugin. The Balada injector is a malware family that has been active since 2017. The malware supports multiple attack vectors and persistence mechanisms. ” concludes the report.

Malware

Malware Hacking Accountability Information Security

BSides Calgary 2020 – Greg Foss’ ‘The Future Of Destructive Malware’

Security Boulevard

FEBRUARY 27, 2021

The post BSides Calgary 2020 – Greg Foss’ ‘The Future Of Destructive Malware’ appeared first on Security Boulevard.

Malware

Malware Education Information Security

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Security Affairs

APRIL 18, 2024

The nature of the targets, low detection rate, and sophisticated malware-supported features suggest that an APT group developed it. The malware masqueraded as a Microsoft Word Add-In (.wll) The malware has a multi-threaded implementation, utilizing event objects for thread synchronization and signaling.

Malware

Malware Ransomware Hacking Technology

Incident response analyst report 2023

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East.

Ransomware

Ransomware Authentication Passwords Government

On Detection: Tactical to Functional

Security Boulevard

OCTOBER 20, 2023

Note: In this context, a behavioral detection analytic is one that focuses on what the malware does instead of what the malware is. This is not to say that detecting known bad malware based on what it is, is a bad idea; we simply are attempting to take the next logical step. It decouples the action from the actor.

Engineering

Engineering Malware Software Information Security

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Security Affairs

NOVEMBER 3, 2023

The bad news is that, in some cases, threat actors spread malware-laced mods to infect as many devices as possible. The broadcast receiver gets a message like that, it calls the event handler. Then the malware contacts the command-and-control (C2) server and sends information about the compromised device (i.e.

Spyware

Spyware Malware Mobile Advertising

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “The script creates a ‘Covert Channel’ by exploiting the event descriptions in Google Calendar. “To use GRC, only a Gmail account is required.” ” reads the Google Report.

Accountability

Accountability Hacking Information Security Malware

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool. Once the malware has escalated the privileges on a machine, the threat actors use a batch script to uninstall popular antivirus solutions installed on the machine.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Security Affairs

MARCH 23, 2024

org/util.php” The WINELOADER backdoor supports multiple features and functions that overlap with other malware in the APT29’s arsenal such as BURNTBATTER, MUSKYBEAT and BEATDROP , which suggests they are likely developed by the same professionals. ” concludes the report.

Phishing

Phishing Malware Hacking Information Security

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

The malware uses Windows events for synchronization, with the first primary malware thread initiated in the DLL’s ServiceMain function. Since the beginning of the campaign, the attackers used various C2 servers to host PowerShell scripts and arbitrary commands that could be executed on the victim’s machine.

Password Management

Password Management Malware Passwords Hacking

The Muncy malware is on the rise

Security Affairs

FEBRUARY 19, 2019

Over the last few days, a phishing campaign from DHL and entitled “ DHL Shipment Notification ” has been targeted users worldwide distribution the Muncy malware. Now, the malware is targeting user’s worldwide and has been spread via phishing campaigns. The process flow diagram below shown how the malware works.

Malware

Malware Phishing DNS Engineering

New SPIKEDWINE APT group is targeting officials in Europe

Security Affairs

FEBRUARY 29, 2024

The cyberspies used a bait PDF document masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The researchers pointed out that WINELOADER is not injected into the DLLs that contain exported functions used by the malware.

Malware

Malware Hacking Information Security

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Daniel Miessler

MAY 19, 2021

My Definitions of Event, Alert, and Incident. A definitions reminder: Incident : A security event that compromises the integrity, confidentiality or availability of an information asset. For incidents, the breakdown was: dos (hacking), phishing (social), other, and then ransomware (malware). Content extraction.

Data breaches

Data breaches Social Engineering Ransomware Phishing

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Security Affairs

JANUARY 2, 2022

This is not an issue with malware scanning or the malware engine, and it is not a security-related issue.” “The version checking performed against the signature file is causing the malware engine to crash, resulting in messages being stuck in transport queues.” Event ID: 5300. Event ID: 1106.

Engineering

Engineering Malware Hacking Information Security

Malware campaign hides a shellcode into Windows event logs

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Webinars

Trending Sources

Frebniis malware abuses Microsoft IIS feature to create a backdoor

Webinars

Putin proposes new information security collaboration to US, including no-hack pact for election

USENIX Security ’23 – Yizheng Chen, Zhoujie Ding, David Wagner – # Continuous Learning for Android Malware Detection

New PowerDrop malware targets U.S. aerospace defense industry

USENIX Security ’23 – Black-box Adversarial Example Attack Towards FCG Based Android Malware Detection Under Incomplete Feature Information

US govt is hunting a Chinese malware that can interfere with its military operations

Ransomware gangs target companies involved in time-sensitive financial events, FBI warns

Researchers used electromagnetic signals to classify malware infecting IoT devices

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Iranian Broadcaster IRIB hit by wiper malware

Wannacry, the hybrid malware that brought the world to its knees

Operation Triangulation: previously undetected malware targets iOS devices

USENIX Security ’23 – Simone Aonzo, Yufei Han, Alessandro Mantovani, Davide Balzarotti – Humans vs. Machines in Malware Classification

BRATA Android Malware evolves and targets the UK, Spain, and Italy

DEF CON 31 – Jared Stroud’s ‘Packet Hacking Village – WINE Pairing With Malware’

Woody RAT: A new feature-rich malware spotted in the wild

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

DEF CON 31 – Patrick Wardle’s ‘Leveraging macOS Networking Frameworks to Heuristically Detect Malware’

CDRThief Linux malware steals VoIP metadata from Linux softswitches

The Most Common Types of Malware in 2021

26 Cyber Security Stats Every User Should Be Aware Of in 2024

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection

NFL Teams Up with Cisco to Secure Super Bowl LVI

Woody RAT: A new feature-rich malware spotted in the wild

iShutdown lightweight method allows to discover spyware infections on iPhones

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

Balada Injector continues to infect thousands of WordPress sites

BSides Calgary 2020 – Greg Foss’ ‘The Future Of Destructive Malware’

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Incident response analyst report 2023

On Detection: Tactical to Functional

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Cactus ransomware gang claims the Schneider Electric hack

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

The Muncy malware is on the rise

New SPIKEDWINE APT group is targeting officials in Europe

Analysis of the 2021 Verizon Data Breach Report (DBIR)

Microsoft rolled out emergency fix for Y2k22 bug in Exchange servers

Stay Connected