Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
This blog delves into the Phemedrone Stealer campaign’s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware’s payload.
During routine threat hunting, Trend Micro uncovered evidence pointing to an active exploitation of CVE-2023-36025 to infect users with a previously unknown strain of the malware, Phemedrone Stealer.…
In its 2023 Adversary Infrastructure report, Insikt Groups outlook for the infrastructure landscape in 2024 suggests a continuation of the evolving nature of cyber threats, with an emphasis on government efforts to combat malicious activities. Anticipated increases in takedowns of malicious infrastructure reflect a growing awareness among governments of the devastating impacts of ransomware and other destructive attacks.…
Published On : 2024-01-03
EXECUTIVE SUMMARYThis report provides a glimpse into the evolving landscape of RAT development and malicious activities performed by threat actors working under name of ‘Anonymous Arabic’. Our team investigated the Silver RAT (written in C sharp) which has capabilities to bypass anti-viruses and covertly launch hidden applications, browsers, keyloggers, and other malicious activities.…
On December 19, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a join Cybersecurity Advisory (CSA) that disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV BlackCat Ransomware-as-a-Service (RaaS) identified through FBI investigations as recently as December 6, 2023.…
A new plant has grown in the desert of cyber threats, wielding its thorns to pierce through organizations and individuals alike. The Cactus Ransomware Group, a name recently whispered with curiosity across the cybersecurity realm, has emerged from the shadows, sowing seeds of chaos and disruption in its wake.…
On Christmas Eve, Resecurity’s HUNTER (HUMINT) spotted the author of perspective password stealer Meduza has released a new version (2.2). This product has already generated significant interest in Dark Web after the initial release in June this year. One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on various platforms to extract credentials and tokens.…
[This is a Guest Diary by Elias Bou Zeid, an ISC intern as part of the SANS.edu BACS program]
Introduction
In this digital age, as our dependence on technology grows, understanding which devices are connected to our networks and keeping track of their security updates is critically important.…
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
Estimated reading time: 13 minutes
SEQRITE Labs APT-Team has uncovered a phishing campaign targeting various Indian government personnel since October 2023. We have also identified targeting of both government and private entities in the defence sector over December. New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server.…
The Sophos MDR Threat Intelligence team previously published the blog Akira Ransomware is “bringin’ 1988 back” in May 2023, roughly two months after the group is reported to have begun operations. Since the ransomware group’s initial attacks in March, Akira has emerged as a formidable ransomware threat in the cybersecurity landscape for small to medium-sized businesses, posting hundreds of alleged victims on its data leak site.…
Threat actors constantly improve their tactics and are always on the hunt for technical or social vulnerabilities they can exploit. The pandemic-induced Great Resignation, massive layoffs, continuous company restructuring, and upcoming holidays make this a very busy time of changes in the labor force. …
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers have observed threat actors using malicious JavaScript samples to steal sensitive information by abusing popular survey sites, low-quality hosting and web chat APIs. In some campaigns, attackers created chatbots that they registered to someone noteworthy such as an Australian footballer.…
Research by: hasherezade
HighlightsThe Rhadamanthys stealer is a multi-layer malware, sold on the black market, and frequently updated. Recently the author released a new major version, 0.5.0. In the new version, the malware expands its stealing capabilities and also introduces some general-purpose spying functions. A new plugin system makes the malware expandable for specific distributor needs.…ESET researchers analyzed a growing series of OilRig downloaders that the group has used in several campaigns throughout 2022, to maintain access to target organizations of special interest – all located in Israel. These lightweight downloaders, which we named SampleCheck5000 (SC5k v1-v3), OilCheck, ODAgent, and OilBooster, are notable for using one of several legitimate cloud service APIs for C&C communication and data exfiltration: the Microsoft Graph OneDrive or Outlook APIs, and the Microsoft Office Exchange Web Services (EWS) API.…
ESET Research has discovered a cluster of malicious Python projects being distributed in PyPI, the official Python package repository. The threat targets both Windows and Linux systems and usually delivers a custom backdoor. In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both.…
This post is also available in: 日本語 (Japanese)
Executive SummaryUnit 42 researchers observed a series of apparently related attacks against organizations in the Middle East, Africa and the U.S. We will discuss a set of tools used in the course of the attacks that reveal clues about the threat actors’ activity.…
High
Analysis SummaryAPT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been active since at least 2012 and primarily targets victims in South Korea. However, it has also conducted operations against entities in other countries, including Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and various parts of the Middle East.…