1. Overview
AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by …
1. Overview
AhnLab Security intelligence Center (ASEC) confirmed that botnets trending since 2019 have been continuously used to install NiceRAT malware. A botnet is a group of devices infected by …
Written by: Kristen Dennesen, Luke McNamara, Dmitrij Lenz, Adam Weidemann, Aline Bueno
Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of …
Affected Platforms: Microsoft WindowsImpacted Users: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity Level: Critical
A new phishing campaign was recently captured by our FortiGuard Labs that spreads a new Agent …
The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. This edition of the …
In so many penetration tests or assessments, the client gives you a set of subnets and says “go for it”. This all seems reasonable, until you realize that if you …
Email forensics involves the examination, extraction, and analysis of email data to gather digital evidence crucial for resolving crimes and specific incidents, ensuring the integrity of the …
Threat Actor: IntelBroker | IntelBroker Victim: Europol | Europol Price: $20,000 in cryptocurrency Exfiltrated Data Type: FOUO (For Official Use Only) and other classified data, Alliance employees, files related to …
Threat Actor: IntelBroker | IntelBroker Victim: Major Cybersecurity Company | Major Cybersecurity Company Price: $20,000 Exfiltrated Data Type: Confidential and highly critical logs, credentials, SMTP access, PAuth Pointer Auth access, …
Welcome to Picus Security‘s weekly cyber threat intelligence roundup! …
Summary: A new campaign conducted by the TA558 hacking group is using steganography to hide malicious code inside images and deliver various malware tools onto targeted systems.
Threat Actor: TA558 …
Key Point : —————————— – The Manipulaters, a cybercrime group, have attempted to rebrand themselves as legitimate but still engage in illegal activities. – The core brand of The Manipulaters …
Formbook is a type of malware that specializes in stealing sensitive information from infected systems, primarily focusing on capturing keystrokes, clipboard data, and form data from web browsers.
Figure 1:…Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats …
Google recently announced the release of Magika, an “AI-powered file-type identification system”. I tested this on a corpus of nearly 125k files to see how it fared.
Why?File type …
Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced evasion techniques, loaders bypass security …
In order to understand malware comprehensively, it is essential to employ various analysis techniques and examine …
AndroxGh0st is a Python-based malware designed to target Laravel applications. It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio. …
Web browsers are some of the programs most commonly and frequently used by PC users. Users generally use browsers to look up information, send and receive emails, and use web …
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro.
The campaign, codenamed gitgub, includes 17 repositories associated …
Snake Keylogger is a Trojan Stealer that emerged as a significant threat in November 2020, showcasing a fusion of credential theft and keylogging functionalities. Developed using .NET, its arsenal includes …
This post is also available in: 日本語 (Japanese)
Executive SummaryWhen reviewing a packet capture (pcap) of suspicious activity, security professionals may need to export objects from the pcap for …
Overview
SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability.…
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization.
Guardio …
By Nati Tal, Oleg Zaytsev (Guardio Labs)
Guardio Labs uncovers a sprawling campaign of subdomain …
Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such …
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of Revenge RAT malware that had been developed based on legitimate tools. It appears that the attackers have used tools such …
The cybersecurity landscape is in a state of flux, marked by flow of illicit activities within hacker forums. Not so recent events surrounding the shutdown and subsequent revival of Breach …
By Oleg Zaytsev, Nati Tal (Guardio Labs)
Over the last few years, the phishing ecosystem has been “democratized. …
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and …
Resecurity has uncovered a cybercriminal group known as “GXC Team“, which specializes in crafting tools for online banking theft, ecommerce fraud, …
JANUARY 4th, 2024:
On 12/29/2023, version 0.66 of Spreadsheet::ParseExcel was published. This release fixes CVE-2023-7101.
https://metacpan.org/dist/Spreadsheet-ParseExcel/changes
For organizations utilizing Spreadsheet::ParseExcel in their own products or services, we recommend reviewing CVE-2023-7101 and …
Known to be supported by North Korea, the Kimsuky threat group has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a …
Resecurity has identified an alarming rise in ransomware operators targeting the energy sector, including nuclear facilities and related research entities. Over the last year, ransomware attackers have targeted energy installations …
Mystic Stealer is a relatively new downloader and information stealer that emerged in early 2023. The malware harvests data from a large number of web browsers and cryptocurrency wallet …
Lena aka LambdaMamba
I am a Cybersecurity Analyst, Researcher, and ANY.RUN Ambassador. My passions include investigations, experimentations, gaming, …
Authored by Yashvi Shah
Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard …
A new ransomware family calling itself 3AM has emerged. To date, the ransomware has only been used in a limited fashion. Symantec’s Threat Hunter Team, part of Broadcom, has seen …
Affected platforms: WindowsImpacted parties: Any organizationImpact: Remote attackers steal credentials, sensitive information, and cryptocurrencySeverity level: Critical
In August, FortiGuard Labs obtained a Word document containing a malicious URL designed to …
Affected platforms: Microsoft WindowsImpacted parties: Windows UsersImpact: Collects sensitive information from a victim’s computerSeverity level: Critical
Our FortiGuard Labs captured a phishing campaign that spreads a new Agent Tesla variant. …
On June 15, 2023, Mandiant released a blog post detailing an 8-month-long global espionage campaign conducted by a Chinese-nexus threat group tracked as UNC4841. In this follow-up blog post, we …
In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down …
We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced …
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. …
This is the third part of our research based on an investigation of a series of attacks against industrial organizations in Eastern Europe.
The attackers aimed to establish a permanent …