Summary :
The article discusses the Bring Your Own Vulnerable Driver (BYOVD) technique, highlighting its exploitation by malicious actors through vulnerable Windows drivers. It details various payloads, recent ransomware activities, and the challenges of creating malicious drivers in modern Windows environments. #BYOVD #WindowsSecurity #Malware
Keypoints :
BYOVD is a technique where attackers exploit known vulnerable drivers for malicious purposes.…Summary:
Cisco Talos has identified a phishing campaign targeting Facebook business and advertising account users in Taiwan, utilizing deceptive emails and malware delivery methods to compromise victims. The threat actor employs various evasion techniques to bypass security measures, leveraging cloud services and obfuscation methods to deliver information stealers.…Short Summary:
Cisco Talos has uncovered a phishing campaign utilizing the open-source toolkit Gophish, targeting Russian-speaking users. The campaign employs modular infection chains involving malicious documents and HTML files, leading to the deployment of PowerRAT and DCRAT payloads. The threat actor is actively developing their tools and using sophisticated methods to execute and maintain persistence on compromised machines.…
Short Summary:
Cisco Talos has identified a financially motivated threat actor, active since 2022, distributing a MedusaLocker ransomware variant named “BabyLockerKZ.” The actor has targeted organizations globally, with a notable increase in victims in South America since early 2023. The attacks utilize various publicly known tools and custom scripts for credential theft and lateral movement, showcasing a professional and aggressive approach.…
Short Summary:
Attackers are exploiting legitimate web features to send spam, utilizing automated processes and human involvement to manipulate web forms and email servers. Credential stuffing is also a significant threat, allowing attackers to access email accounts and send spam from legitimate domains. The article discusses various methods used by spammers and tools that facilitate these attacks, while also providing recommendations for users to enhance their security.…
Short Summary:
Cisco Talos has identified a new cyber threat named “DragonRank,” which targets web application services primarily in Asia and parts of Europe. This threat utilizes the PlugX and BadIIS malware to manipulate search engine optimization (SEO) rankings and deploy web shells for data collection and malware execution.…
Short Summary:
Certain versions of WeChat contain a type confusion vulnerability (CVE-2023-3420) that allows remote code execution. Although patched in the V8 engine, the WeChat Webview component remains vulnerable. Cisco Talos confirmed that WeChat versions up to 8.0.42 are affected, and users are advised to update their app and avoid clicking on untrusted links.…
Cisco Talos has identified a series of malicious Microsoft Office documents uploaded to VirusTotal, generated using the MacroPack framework. These documents, linked to various actors from countries including China, Pakistan, Russia, and the U.S., deliver multiple payloads, such as the Havoc and Brute Ratel frameworks, and a new variant of the PhantomCore RAT.…
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns. As a critical path for data into and out of the network, these devices need to be routinely and promptly patched; using up-to-date hardware and software versions and configurations; and be closely monitored from a security perspective.…
By Joey Chen, Chetan Raghuprasad and Alex Karkins.
Cisco Talos discovered a new ongoing campaign since at least February 2024, operated by a threat actor distributing three famous infostealer malware, including Cryptbot, LummaC2 and Rhadamanthys. Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.…Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the ,identification of these attacks.
Cisco Talos is actively monitoring a global increase in brute-force attacks against a variety of targets, including Virtual Private Network (VPN) services, web application authentication interfaces and SSH services since at least March 18, 2024.…