Tag: VIRUS

https://github.com/jivoi/awesome-osint

A curated list of amazingly awesome open source intelligence tools and resources. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. In the intelligence community (IC), the term “open” refers to overt, publicly available sources (as opposed to covert or clandestine sources).

This list is to help all of those who are into Cyber Threat Intellience (CTI), threat hunting, or OSINT.…

Read More
Confluence Exploit Leads to LockBit Ransomware
A cyber intrusion targeting a Windows Confluence server exploited a critical vulnerability (CVE-2023-22527), leading to the rapid deployment of LockBit ransomware. The attacker utilized various tools and techniques for lateral movement and data exfiltration, completing the ransomware attack in just over two hours. Affected: Confluence, Windows Server, LockBit Ransomware victims

Keypoints :

Intrusion initiated by exploiting a critical Confluence vulnerability (CVE-2023-22527).…
Read More
Malicious LNK Analysis
A detailed analysis of a malicious LNK file that executes a PowerShell script to download additional malware. The analysis reveals the structure of the LNK file, the payload it carries, and the indicators of compromise associated with it. The piece emphasizes the importance of understanding the attributes of the malicious file and the steps taken by the attacker to execute their plan.…
Read More
Lumma Stealer Malware Thrives as Silent Push Uncovers Unique Patterns in the Infostealer’s Domain Clusters
The article discusses the Lumma Stealer infostealer malware, highlighting its distribution mechanisms, the sharing of its logs on hacking forums, and its connections to phishing campaigns, particularly through platforms like YouTube. It emphasizes the need for industry-wide cybersecurity measures to combat the increasing spread of this malware which significantly impacts users, organizations, and various online platforms.…
Read More
Summary: A Chinese cybersecurity report claims that the U.S. NSA was behind a significant cyberattack on Northwestern Polytechnical University in 2022, using various advanced malware and tactics. The report details specific tools and methods allegedly employed by the NSA’s Tailored Access Operations division, linking the attack to previous NSA operations.…
Read More
Updated Shadowpad Malware Leads to Ransomware Deployment
This blog entry examines the deployment of a new undetected ransomware family utilizing the Shadowpad malware, primarily propagated via weak passwords and bypassed multi-factor authentication by threat actors. Recent investigations reveal that Shadowpad targeted at least 21 companies across various industries and regions, linking it to advanced Chinese threat actors known for espionage.…
Read More
RevivalStone: Attack Campaign Targeting Japanese Organizations by Winnti Group | LAC WATCH
The LAC Cyber Emergency Response Team confirmed a new attack campaign named “RevivalStone,” launched by the China-based “Winnti Group” in March 2024. This campaign targeted Japanese companies in the manufacturing, materials, and energy sectors, utilizing a new version of “Winnti malware.” The report elaborates on the campaign’s overall scope, the updated functionalities of the Winnti malware, and introduces detection and mitigation strategies against similar attacks.…
Read More
Valve Removed the Game PirateFi From the Steam Platform After Discovery of Hidden Malware
Summary: Valve has removed the game PirateFi from its Steam platform due to the discovery of malware that could steal browser cookies and hijack user accounts. Affected users have been advised to conduct full system scans and possibly reformat their operating systems. The game was flagged by multiple antivirus programs as a threat shortly after its release.…
Read More
2024 Annual Active Mining Trojan Review – 4hou.com
The article discusses the various threats posed by mining trojans that infiltrate victims’ computers, utilizing their resources for illegal cryptocurrency mining without their consent. It highlights the negative impacts on system performance, increased risk of failure, and potential for creating backdoors leading to further cyberattacks. The trend towards the use of sophisticated techniques like BYOVD attacks and the rise of dark web mining pools is emphasized.…
Read More
DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses
Summary: Recent testing from AppSOC revealed that the Chinese generative AI model DeepSeek failed 6,400 security tests, showcasing a critical lack of guardrails and a high risk for enterprises. The model demonstrated alarming failure rates in generating malware and viruses, with researchers recommending organizations to refrain from using it for any business applications.…
Read More
US-CERT Vulnerability Summary for the Week of February 3, 2025 – RedPacket Security
The CISA Vulnerability Bulletin reports on new vulnerabilities identified within the past week, detailing their severity and impact based on the Common Vulnerability Scoring System (CVSS). Several vulnerabilities lack CVSS scores but involve critical systems including industrial automation, cybersecurity tools, and various software applications. Affected: 2N Access Commander, ABB ASPECT-Enterprise, Advantive VeraCore, Alexandros Georgiou Bitcoin Wallets, AMD EPYC, Apache Cassandra, Apache James server, Apache ShardingSphere, Cisco Identity Services Engine, IBM Cognos Analytics, and more.…
Read More
ScarCruft APT Malware Uses Image Steganography
The article discusses the capabilities of the North Korean ScarCruft APT, highlighting its sophisticated malware techniques, including Bluetooth harvesting and image steganography. The ScarCruft group targets diplomatic agencies and investment firms in various countries for cyber-espionage, emphasizing the advanced skills and resources of nation-state-backed APTs. Affected: North Korean ScarCruft APT, diplomatic agencies, investment companies

Keypoints :

ScarCruft is a North Korean APT, also known as APT37, Group123, TEMP.Reaper.…
Read More
Static Malware Analysis
This article explores static malware analysis focusing on fingerprinting techniques to identify malware through unique hash values generated by various algorithms. It explains the importance of malware fingerprinting for detection systems and introduces advanced hashing methods for better classification of related threats. Affected: Malware analysis, Cybersecurity

Keypoints :

Static malware analysis is crucial for understanding malware behavior without execution.…
Read More
Cybercriminals Court Traitorous Insiders via Ransom Notes
Summary: Ransomware actors are innovating by incorporating advertisements in their ransom notes to solicit insider information. Notable groups like Sarcoma and a LockBit impersonator, DoNex, are leveraging this new tactic, aiming to recruit individuals for information in exchange for financial incentives. These developments come amidst a rise in ransomware activities and profits despite increasing law enforcement efforts against cybercrime.…
Read More
THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]
Summary: This week’s cybersecurity update highlights emerging threats from popular AI platforms, significant law enforcement actions against cybercrime, and software vulnerabilities requiring urgent patches. With the rapid evolution of technology comes increased scrutiny, highlighting the importance of proactive security measures across organizations. Steps to enhance security and protect sensitive information are crucial in this ever-changing digital landscape.…
Read More
Summary: Renée Burton’s investigation into the impact of malicious advertising technology (adtech) reveals a pervasive cybercrime ecosystem that exploits compromised websites. Victims face ongoing threats from deceptive ads, fake alerts, and manipulated content, highlighting the urgency for enhanced defenses against such digital manipulations. The research underscores that these cybercrimes leverage legitimate ad infrastructure, complicating traditional cybersecurity measures.…
Read More