Every month the Nextron Threat Research Team (NTRT) shares insights into evasive threats that we’ve seen in the wild via our Valhalla service. The aim is to highlight interesting samples our rules detected and have or had very low detection rates as reported by VirusTotal scanning.…
Tag: COLLECTION
COMMENTARY
Although it wasn’t called biometrics at the time, a rudimentary form of the technology emerged in 1901 when Scotland Yard adopted fingerprint classification to identify criminal suspects. The biometrics field has come a long way in the more than 120 years since then.
Public and private sector organizations now use it to identify and authenticate individuals to grant access to computer systems, such as laptops and tablets, and enterprise applications such as human resources or customer relationship management systems.…
The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents.
Stolen documents include:
confidential documents, including orders and reports circulated among over 2000 structural units of the Russian military service.…AhnLab Security intelligence Center (ASEC) has recently discovered the distribution of backdoor malware via aNotepad, a free online notepad platform. Said malware supports both the PE format that targets the Windows system and the ELF format that targets the Linux system. As the threat actor used the string ‘WingOfGod’ during the development of the malware, it is classified as WogRAT.…
Published On : 2024-03-05
EXECUTIVE SUMMARYAt CYFIRMA, our commitment is to provide timely insights into prevalent threats and malicious tactics affecting both organizations and individuals. Our research team recently identified a malicious .docx file linked to the stego-campaign, revealing a sophisticated cyber threat.
This campaign utilizes template injection in a Microsoft Office document to bypass traditional email security measures.…
Introduction to Hugging Face Malicious ML Models
Read More Background
A recent report by JFrog researchers found that some machine learning models on Hugging Face may be used to attack the user environment. These malicious models will lead to code execution when loaded, providing the attacker with the ability to gain full control of the infected machine and implementing backdoor implantation based on open-source models.…
GitHub, a cornerstone for programmers worldwide, faces a severe threat as an unknown attacker deploys an automated assault, cloning and creating malicious code repositories. The attack, involving sophisticated obfuscation and social engineering, poses a significant challenge to GitHub’s security infrastructure. An assailant employs an automated process to fork and clone existing repositories, concealing malicious code under seven layers of obfuscation.…
Read More Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme.
The malicious application, called XHelper, is a “key tool for onboarding and managing these money mules,” CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report.…
Executive summary
Read More In 2023, Account Takeover (ATO) was confirmed to be among the most harmful types of fraud for online banking customers. At Cleafy, we have seen that 90% of fraud attempts are still conducted via Account Takeover, and our forecasts expect this number to stay flat in 2024.…
Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks.
The threat actors behind GTPDOOR are believed to target systems adjacent to the GPRS roaming eXchange (GRX), such as SGSN, GGSN, and P-GW, which can provide the attackers direct access to a telecom’s core network.…
On February 29, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) which disseminates known Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) associated with the Phobos Ransomware variants observed as recently as February 2024.…
Table of contentsContext
Read More Since the onset of the War in Ukraine, various groups identified as “nationalist hacktivists” have emerged, particularly on the Russian side, to contribute to the confrontation between Kyiv and Moscow. Among these entities, the pro-Russian group NoName057(16) has garnered attention through the initiation of Project DDoSia, a collective endeavour aimed at conducting large-scale distributed denial-of-service (DDoS) attacks, targeting entities (private corporations, ministries and public institutions) belonging to countries supporting Ukraine, predominantly NATO member states.…
I-Soon’s commercial offering reveals that their main issue is processing collected data, not breaching their targets in the first place. Their products leverage deep learning to help them sort and classify stolen documents.
The company appears to have trouble sourcing malware and relies on generally crude methods (i.e.,…
Read More
Key TakeawaysIn February 2023, we detected an intrusion that was initiated by a user downloading and executing a file from a SEO-poisoned search result, leading to a Gootloader infection.Around nine hours after the initial infection, the Gootloader malware facilitated the deployment of a Cobalt Strike beacon payload directly into the host’s registry, and then executed it in memory.…
Read More A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware.
First identified twenty years ago, Bifrost is one of the longest-standing RAT threats in circulation.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
____________________ Summary: The article discusses the Azure Batch service and highlights potential areas for misconfigurations and sensitive data exposure. It explains how the service functions as a middle ground between Azure Automation Accounts and a full deployment of an individual Virtual Machine. The article also mentions the risks associated with Reader and Contributor access to Batch, such as reading sensitive data and gaining access to SAS tokens.…
Key PointsAvast discovered an in-the-wild admin-to-kernel exploit for a previously unknown zero-day vulnerability in the appid.sys AppLocker driver.
Thanks to Avast’s prompt report, Microsoft addressed this vulnerability as CVE-2024-21338 in the February Patch Tuesday update.
The exploitation activity was orchestrated by the notorious Lazarus Group, with the end goal of establishing a kernel read/write primitive. …
Read More Today Mandiant is releasing a blog post about suspected Iran-nexus espionage activity targeting the aerospace, aviation and defense industries in Middle East countries, including Israel and the United Arab Emirates (UAE) and potentially Turkey, India, and Albania.
Mandiant attributes this activity with moderate confidence to the Iranian actor UNC1549, which overlaps with Tortoiseshell—a threat actor that has been publicly linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).…
Here at Bitdefender, we’re constantly working on improving detection capabilities for our macOS cyber-security products; part of this effort involves revisiting old (or digging up new) samples from our malware zoo. During routine verifications, we were able to isolate multiple suspicious and undetected macOS disk image files surprisingly small for files of this kind (1.3 MB per file).…