Search Results for: play
This post is also available in: 日本語 (Japanese)
Executive SummaryThis blog describes an attack that Unit 42 observed utilizing malicious compiled HTML help files for the initial delivery. We …
This blog post was authored by Hossein Jazi and Jérôme Segura
Populations around the world—and in Europe in particular—are following the crisis in Ukraine very closely, and with events unfolding …
We all know vulnerabilities have a lifecycle. First, they start as closely held secrets, hopefully known to the company producing the vulnerable software. After becoming publically known, there is often …
Fortinet’s FortiGuard Labs captured a phishing campaign that was delivering three fileless malware onto a victim’s device. Once executed, they are able to steal sensitive information from that device.
In …
It started with a seemingly benign email, dealing with the purchase of a vehicle, and ended in a reveal of a months’ long campaign targeting German organizations. Most of …
Emotet is a malware family that steals sensitive and private information from victims’ computers. The malware has infected more than a million devices and is considered one of the most …
In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service (RaaS) group. Shortly afterwards, …
By Jer O’Donovan, Cofense Phishing Defense Center
COVID-19 has become an ever-present topic in our lives since the start of 2020. With this we’ve seen threat actors leveraging the pandemic …
Over the last several years, the Cybereason Nocturnus Team has been tracking different APT groups operating in the Middle East region, including two main sub-groups of the Hamas cyberwarfare division: …
A new Traffic Direction System (TDS) we are calling Parrot TDS, using tens of thousands of compromised websites, has emerged in recent months and is reaching users from around the …
Remcos RAT (Remote Access Trojan) was originally designed as a professional tool to remotely control computers. Remcos RAT is recognized as a malware family because it has been abused by …
Broadcom, have found.
Activity on infected networksIn several cases, the initial activity on victim networks is seen on Microsoft Exchange Servers, suggesting the possibility that a known, unpatched vulnerability …
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity …
Morphisec Labs has detected a new wave of Remcos trojan infection. The theme of the phishing emails is again financial, this time as payment remittances sent from financial institutions. The …
By Juan Andres Guerrero-Saade (@juanandres_gs) and Max van Amerongen (@maxpl0it)
Executive Summary On Thursday, February 24th, 2022, a cyber attack rendered Viasat KA-SAT modems inoperable in Ukraine. Spillover from this…By Max Kersten, Marc Elias, Leandro Velasco, and Alexandre Mundo Alguacil · March 28, 2022
For over a decade, the PlugX malware has been observed internationally with different variants found …
By Asheer Malhotra and Justin Thattil with contributions from Kendall McKay.
Cisco Talos has observed a new Transparent Tribe campaign targeting Indian government and military entities. While the actors are…Malicious email and phishing scams are usually topical and follow a pattern of current events, and they typically are crafted around calendar and/or trending issues as attackers realize that victims …
A Cobalt Strike Cybercrime Syndicate and the Ransomware Hackers’ Favorite Weapon
On March 9, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service issued an updated alert …
The post-pandemic world has seen cryptocurrencies and blockchain products in general catapult in valuation and adoption. “Web3”, “DeFi”, and “NFT” have become household terms and the sector is growing so …
This is the story of piecing together information and research leading to the discovery of one of the largest botnet-as-a-service cybercrime operations we’ve seen in a while. This research reveals …
ESET researchers discovered a still-ongoing campaign using a previously undocumented Korplug variant, which they named Hodur due to its resemblance to the THOR variant previously documented by Unit 42 in …
UNC2891 often made use of the STEELCORGI in-memory dropper which decrypts its embedded payloads by deriving a ChaCha20 key from the value of an …
Update 05.27.22: An unknown APT group is targeting Russian government entities with at least four separate spear-phishing campaigns since the beginning of the conflict in Ukraine. Source: Security Affairs.
Overview…Dragos has observed consistent network communication between Emotet Command and Control (C2) servers and numerous auto manufacturing companies. These Emotet servers are suspected to be controlled by the Conti ransomware …
Over recent months, the CrowdStrike Falcon® OverWatch™ team has tracked an ongoing, widespread intrusion campaign leveraging bundled .msi installers to trick victims into downloading malicious payloads alongside legitimate software. These …
CryptBot is back. A new and improved version of the malicious infostealer has been unleashed via compromised pirate sites, which appear to offer “cracked” versions of popular software and video …
8/24 Editor’s Note: Since the publication, SMTP2Go has updated its security measures.
Key Takeaways Proofpoint researchers have identified ongoing activity by the China-aligned APT actor TA416 in which the group…The criminal group behind the Arkei information stealer appears to be interested in more than just picking our pockets. While cryptocurrency remains a primary target for the malware, which …
Soon after execution of the Qbot …
Recently, we’ve been researching several threat actors operating in South Asia: Transparent Tribe, SideCopy, etc., that deploy a range of remote access trojans (RATs). After a hunting session in our …
These websites host Smokeloader payloads as part of three categories named “pab1”, “pab2” and “pab3”. These are not necessarily linked to the analogous “pub*” affiliate IDs, since we have seen …
In August 2021, a disgruntled CONTI affiliate leaked training documents, playbooks, and tools used to assist in CONTI ransomware operations. Mandiant has determined that some of the activity listed …
February 3, 2022
[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would …
Analysis of a new malware called Mars Stealer, which is a further development of Oski Stealer.
It has been noticed that Oski support stopped answering its customers and deleted its …
Cisco Talos has observed a new campaign targeting Turkish private organizations alongside governmental institutions.
Talos attributes this campaign with high confidence to MuddyWater — an APT group recently attributed to…The Belarusian Cyber Partisans have shared documents related to another hack, and explained that Curated Intel member, SttyK, would “understand some of the methods used.”
Written by @BushidoToken and edited …
TrickBot Bolsters Layered Defenses to Prevent Injection Research
Limor Kessem and Charlotte Hammond.
The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, …
While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards …
In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. These files …
Authored by: Wenfeng Yu
McAfee Mobile Research team recently discovered a new piece of malware that specifically steals Google, Facebook, Twitter, Telegram and PUBG game accounts. This malware hides in …
Over the past year, we have seen ransomware attackers change the way they have responded to organizations that have either chosen to not pay the ransom or …
In this report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team details an espionage campaign, targeting telecommunication companies, dubbed Operation Diànxùn.
In this attack, we discovered malware using similar …