Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
While monitoring the Dark web for emerging threats, our researcher at Cyble Research and Intelligence Labs (CRIL) found a post where Threat Actors (TAs) advertising a project named “Temp” and selling a loader and stealer. The TA named them Temp Loader and Temp Stealer, respectively.…
This post is also available in: 日本語 (Japanese)
Executive SummaryPalo Alto Networks Advanced URL Filtering subscription collects data regarding two types of URLs; landing URLs and host URLs. We define a malicious landing URL as one that provides an opportunity for a user to click a malicious link.…
Summary
Actions to take today to mitigate cyber threats from ransomware:
Install updates for operating systems, software, and firmware as soon as they are released. Require phishing-resistant MFA for as many services as possible. Train users to recognize and report phishing attempts.Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.…
Recently, Zscaler ThreatLabz discovered a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan: a backdoor we’ve called “WarHawk.” SideWinder APT, aka Rattlesnake or T-APT4, is a suspected Indian Threat Actor Group active since at least 2012, with a history of targeting government, military, and businesses throughout Asia, particularly Pakistan.…
Overview
One of the previous ASEC blog posts discussed cases where attackers abused various remote control tools that are originally used for system management purposes to gain control over infected systems.[1] This post will cover cases where RDP (Remote Desktop Protocol), a default service provided by baseline Windows OS, was used.…
was first documented in May 2022 by researchers at Cybereason, who said the intelligence-gathering campaign had been operating under the radar since at least 2019, stealing intellectual property and other sensitive data from victims.
In the attacks observed by Symantec, the attackers remained active on some networks for more than a year.…
On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.…
Author: Tomer Bar, VP Security Research, SafeBreach
As part of our ongoing commitment to conducting original research to uncover new threats and ensure our Hacker’s Playbook provides the most comprehensive collection of attacks, the SafeBreach Labs research team recently discovered a new fully undetectable (FUD) PowerShell backdoor that leverages a novel approach of disguising itself as part of the Windows update process.…
ESET-Forscher entdeckten und analysierten eine Reihe bösartiger Tools, die von der berüchtigten Lazarus APT-Gruppe bei Angriffen im Herbst 2021 eingesetzt wurden. Die Kampagne begann mit Spearphishing-E-Mails. Diese kamen in Form von gefälschten Amazon-Mails und zielten auf einen Mitarbeiter eines Luft- und Raumfahrtunternehmens in den Niederlanden und einen politischen Journalisten in Belgien ab.…
FJ.exe is the tool responsible for creating the JJ, J1, J2, or WD fields on URSNIF payloads based on the variant. But in LDR4 those magic bytes are missing, and the hidden files usually hardcoded at the end of the payload are now gone.…
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.…
As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year. The ransomware business continues to grow in gargantuan proportions due to the lucrative payments demanded – and often received – by cybercrime gangs.…
The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the time of writing, we have observed 1,658,281 exploit attempts across our network of 4 million protected websites.…
This post is also available in: 日本語 (Japanese)
Executive SummaryIn May 2021, Palo Alto Networks launched a proactive detector employing state-of-the-art methods to recognize malicious domains at the time of registration, with the aim of identifying them before they are able to engage in harmful activities.…
This post is also available in: 日本語 (Japanese)
Executive SummaryRansom Cartel is ransomware as a service (RaaS) that surfaced in mid-December 2021. This ransomware performs double extortion attacks and exhibits several similarities and technical overlaps with REvil ransomware. REvil ransomware disappeared just a couple of months before Ransom Cartel surfaced and just one month after 14 of its alleged members were arrested in Russia.…
Emotet is usually delivered by SPAM campaigns containing document files. This self-propagating Trojan is a downloader malware that typically downloads and executes additional payloads. Around Jan 2021, Emotet’s operations were reportedly shut down. However, it has shown its appearance again by the end of 2021. In recent months, Emotet seems to have shifted to 64 bit.…
A new adversary simulation tool is steadily growing in the ranks of popularity among red teamers and most recently adversaries. Brute Ratel states on its website that it “is the most advanced Red Team & Adversary Simulation Software in the current C2 Market.” Many of these products are marketed to assist blue teams in validating detection, prevention, and gaps of coverage.…
Online digital tools are used by many people today simply due to their ease of use and the fact that they provide a platform for the user to perform various operations effectively. These tools are web-based software hosted on websites and can be accessed via the internet without having to download and install anything on the user’s machine.…
Research By: Karthickkumar K
…
Phishing sites are becoming an increasingly attractive target for Threat Actors (TAs) to lure victims into stealing sensitive information, and downloading other malware, such as RAT, Ransomware, etc., to damage the victim’s machine. Generally, the link of these phishing pages arrives to users via SMS, Email, social networks, etc.…