I-Soon’s commercial offering reveals that their main issue is processing collected data, not breaching their targets in the first place. Their products leverage deep learning to help them sort and classify stolen documents.
The company appears to have trouble sourcing malware and relies on generally crude methods (i.e.,…
Read More Tag: FIREWALL
Key TakeawaysIn February 2023, we detected an intrusion that was initiated by a user downloading and executing a file from a SEO-poisoned search result, leading to a Gootloader infection.Around nine hours after the initial infection, the Gootloader malware facilitated the deployment of a Cobalt Strike beacon payload directly into the host’s registry, and then executed it in memory.…
Read More Sonatype has identified multiple open source packages named sniperv1, sniperv2, among others that infect npm developers with a Windows info-stealer and crypto-stealer called ‘Bladeroid.’…
With enterprise applications defaulting to cloud infrastructure, application security testing increasingly resembles penetration testing across an distributed attack surface area of the application — a similarity that is opening new markets for penetration-testing-as-a-service (PTaaS).
Rather than focusing on the edges of the network, PTaaS providers are focusing on cloud applications, which typically have three vectors of vulnerability: the application itself, the interconnections between applications, and the way the application changes over time.…
This post is also available in: 日本語 (Japanese)
Executive SummaryWe recently found a new Linux variant of Bifrost (aka Bifrose), showcasing an innovative technique to evade detection. It uses a deceptive domain, download.vmfare[.]com, which mimics the legitimate VMware domain. This latest version of Bifrost aims to bypass security measures and compromise targeted systems.…
SUMMARY
Read More Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
https://web-check.xyz/
Supported ChecksIP InfoSSL ChainDNS RecordsCookiesCrawl RulesHeadersQuality MetricsServer LocationAssociated HostsRedirect ChainTXT RecordsServer StatusOpen PortsTracerouteCarbon FootprintServer InfoWhois LookupDomain InfoDNS Security ExtensionsSite FeaturesHTTP Strict Transport SecurityDNS ServerTech StackListed PagesSecurity.txt…
Significant Increase in Attacks: In the first month of 2024, attempts to attack Web APIs impacted 1 in 4.6 organizations worldwide every week, marking a 20% increase compared to January 2023, highlighting the growing risk associated with API vulnerabilities.
Industry-Wide Impact: Education leads as the most impacted sector, with most sectors having a double-digit surge in attacks from last year.…
Read More Bitdefender Labs recently helped with an investigation that unfortunately aligns with two key predictions we made for 2024: the rapid rise of opportunistic ransomware and the growing risk of coordinated attacks. This ransomware attack was coordinated and impacted two separate companies simultaneously.…
Cisco Talos has discovered a new campaign operated by a threat actor distributing a previously unknown malware we’re calling “TimbreStealer.”This threat actor was observed distributing TimbreStealer via a spam campaign using Mexican tax-related themes starting in at least November 2023. The threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known as “Mispadu.”…
Read More Published On : 2024-02-23
EXECUTIVE SUMMARYAt CYFIRMA, we are dedicated to providing current insights into prevalent threats and strategies utilized by malicious entities, targeting both organizations and individuals. This in-depth examination focuses on the proliferation of Xeno RAT; an intricately designed malware, crafted with advanced functionalities, conveniently accessible at no cost on GitHub.…
Authors: Tejaswini Sandapolla, Shilpesh Trivedi
The 8220 Gang, a notorious Chinese-based threat actor group, has once again surfaced in the spotlight with a renewed assault on cloud based infrastructure. This latest campaign, unfolding from May 2023 through February 2024, showcases the gang’s strategic pivot towards more sophisticated tactics and techniques, targeting both Linux and Windows platforms.…
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and guidance for customers, researchers, investigators and incident responders. This information is based on observation and analysis of attacks by SophosLabs, Sophos Managed Detection and Response (MDR) and Sophos Incident Response (IR), in which the ScreenConnect client or server was involved.…
Quasar is a legitimate remote administration tool that has become popular among threat actors due to its range of capabilities and availability in open source. This blog details how Darktrace detected this tool without using signatures and how Darktrace RESPOND can be configured to block its malicious usage.…
This post is also available in: 日本語 (Japanese)
Executive SummaryDynamic-link library (DLL) hijacking is one of the oldest techniques that both threat actors and offensive security professionals continue to use today. DLL hijacking is popular because it grants threat actors a stealthy way to run malware that can be very effective at evading detection.…
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.
Talos also illustrates the post-compromise activity carried out by the operators of the TinyTurla-NG (TTNG) backdoor to issue commands to the infected endpoints.…
Read More This post is also available in: 日本語 (Japanese)
Executive SummaryFeb. 13, 2024, ConnectWise was notified of two vulnerabilities impacting their remote desktop software application ScreenConnect. These vulnerabilities were first reported through their vulnerability disclosure channel in the ConnectWise Trust Center.
Feb. 19, 2024, ConnectWise publicly disclosed the vulnerabilities in a security bulletin.…
Google Cloud Run is currently being abused in high-volume malware distribution campaigns, spreading several banking trojans such as Astaroth (aka Guildma), Mekotio and Ousaban to targets across Latin America and Europe.
The volume of emails associated with these campaigns has significantly increased since September 2023 and we continue to regularly observe new email distribution campaigns.…
Read More Summary
According to BleepingComputer, a ransomware attack that occurred starting 0n February 11 forced 100 hospitals across Romania to take their systems offline. BackMyData ransomware, which took credit for it, belongs to the Phobos family. The malware embedded an AES key that is used to decrypt its configuration containing whitelisted extensions, files, and directories, a public RSA key that is used to encrypt AES keys used for files’ encryption, and other information.…
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.…