Tag: WINDOWS

Emulating the Sophisticated Russian Adversary Seashell Blizzard
Seashell Blizzard, also known as APT44, is a highly sophisticated Russian adversary linked to military intelligence, targeting various critical sectors to conduct espionage through persistent access and custom tools. The AttackIQ assessment template helps organizations validate their security against this threat. Affected: energy, telecommunications, government, military, transportation, manufacturing, retail sectors.…
Read More

Summary: The video discusses the recent developments in security related to various topics, including a ransomware attack on Kuala Lumpur’s International Airport, the hacking of Troy Hunt’s Have I Been Pwned website, and the European Union’s potential shift towards a Linux-based operating system for public sector use.…
Read More
BYOVD Reloaded: Abusing a New Driver to Kill EDR
The article discusses a sophisticated ransomware attack involving Qilin ransomware, which utilizes the technique of bring-your-own-vulnerable-driver (BYOVD) to bypass traditional Endpoint Detection and Response (EDR) measures. The analysis uncovers the exploitation of a lesser-known driver, TPwSav.sys, in the context of a ransomware-as-a-service model. It emphasizes the vulnerabilities exploited, the attack chain, and the retaliation measures taken by Blackpoint’s Security Operations Center (SOC).…
Read More
John the Ripper is a powerful hash-cracking tool that efficiently cracks various hash types such as Windows authentication hashes, /etc/shadow hashes, and password-protected files. Through practical tasks, users learn the syntax, features, and methods to conduct dictionary attacks and utilize custom rules. Affected: Windows systems, Linux systems, password-protected ZIP and RAR files

Keypoints :

John the Ripper is a versatile tool for hash cracking.…
Read More
RolandSkimmer: Silent Credit Card Thief Uncovered
The “RolandSkimmer” campaign utilizes malicious browser extensions and LNK files to execute persistent credit card skimming attacks, primarily targeting users in Bulgaria. The malware collects sensitive data through deceptive mechanisms while maintaining stealth and adaptation to its victims’ environments. Affected: Microsoft Windows, Chrome, Edge, Firefox

Keypoints :

The “RolandSkimmer” campaign targets Microsoft Windows users through malicious LNK files and browser extensions.…
Read More
Microsoft adds hotpatching support to Windows 11 Enterprise
Summary: Microsoft has introduced hotpatch updates for Windows 11 Enterprise 24H2 systems, allowing users to install security updates in the background without rebooting. This feature is aimed at helping businesses quickly protect against cyberattacks with minimal disruption. Hotpatch updates are available quarterly through a quality update policy managed by Microsoft Intune, requiring specific system and subscription prerequisites.…
Read More
DragonForce Claims to Be Taking Over RansomHub Ransomware Infrastructure
Summary: The DragonForce ransomware group has announced a potential takeover of RansomHub’s infrastructure, a leading ransomware group. Cyble reports that while the specifics are unclear, DragonForce claims to be integrating RansomHub into their operations amid speculation following RansomHub’s site going offline. This shift follows DragonForce’s recent expansion of its ransomware services and infrastructure upgrades.…
Read More
SmokeLoader Malware Deployed in Stealthy Campaign Targeting Major Banks
Summary: G DATA security researchers have uncovered a sophisticated malware infection chain targeting First Ukrainian International Bank, centering on the enhanced SmokeLoader and its intermediary, Emmenhtal Loader. The attack utilizes social engineering, living off the land binaries, and advanced evasion techniques to deploy multiple malware stages stealthily without detection.…
Read More
Cisco warns of CSLU backdoor admin account used in attacks
Summary: Cisco has issued a warning regarding a critical vulnerability (CVE-2024-20439) in its Smart Licensing Utility (CSLU) that exposes a backdoor admin account, allowing unauthenticated attackers to gain remote admin access to vulnerable systems. This flaw, which was patched in September, is being actively exploited in conjunction with another vulnerability (CVE-2024-20440) to access sensitive data.…
Read More
Lazarus Uses ClickFix Tactics in Fake Cryptocurrency Job Attacks
Summary: The North Korea-linked APT group Lazarus is employing the ClickFix technique to deliver malware through fake job interviews targeting cryptocurrency developers. This campaign, identified as ClickFake Interview, continues Lazarus’s focus on exploiting the cryptocurrency sector to steal valuable assets. With a history of targeting software developers through various campaigns, they have successfully amassed significant amounts of cryptocurrency through deception and social engineering tactics.…
Read More
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
Summary: The financially motivated threat actor FIN7 has been linked to a Python-based backdoor known as Anubis, which grants attackers remote access to compromised Windows systems. This malware enables a variety of malicious activities while minimizing detection risks and is delivered through malspam campaigns. Additionally, FIN7 continues to expand its capabilities and monetization strategies by promoting tools that can disable security measures.…
Read More
Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities
Summary: Google and Mozilla have released Chrome 135 and Firefox 137, addressing nearly two dozen security vulnerabilities, including high-severity memory safety bugs. Chrome 135 includes 14 security fixes, while Firefox 137 resolves eight security defects, some of which could lead to code execution. Users are encouraged to update their applications promptly, as no active exploitation of these vulnerabilities has been reported.…
Read More
PicoCTF 2025 Walkthrough
The article provides walkthroughs for various challenges in the PicoCTF 2025 competition, focusing on different aspects of cybersecurity such as cryptography, reverse engineering, and web exploitation. It details methods for cracking hashes, decoding encrypted messages, analyzing binaries, and exploiting web vulnerabilities to capture flags. Affected: cybersecurity sector, educational platforms

Keypoints :

The first challenge involves cracking an MD5 hash using online tools.…
Read More

Summary: The video discusses the latest updates in the cybersecurity realm, featuring topics such as the RSA conference, a supposed Microsoft acquisition of Debian, advancements in phishing as a service, security vulnerabilities in various systems, and the European Union’s funding for digital innovation. With humorous commentary and expert analysis, Doug White provides insights on recent developments and trends that are shaping the security landscape.…
Read More
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
Aqua Nautilus researchers have identified a new malware campaign that exploits Apache Tomcat servers, capable of hijacking resources for cryptocurrency mining. The attackers leverage encrypted payloads to establish backdoors, steal SSH credentials, and execute arbitrary code. Rapid exploitation was noted, taking just 30 hours to weaponize the vulnerability, indicating the urgency for organizations to secure their Tomcat instances.…
Read More
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
Summary: A new phishing-as-a-service platform, Lucid, has emerged, targeting 169 entities across 88 countries through advanced smishing techniques. Utilizing Apple iMessage and RCS, Lucid bypasses traditional anti-phishing measures, enabling significant increases in phishing success rates. This sophisticated model threatens financial security as it focuses primarily on harvesting credit card information and personally identifiable information (PII).…
Read More
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
Summary: The Acronis Threat Research Unit (TRU) analyzed a complex malware delivery chain demonstrating the use of multiple scripting languages and obfuscation techniques, leading to the deployment of high-profile malware such as DCRat. The infection starts with a deceptive email attachment, escalating through a multi-stage process involving Visual Basic Script, batch files, and PowerShell.…
Read More
Summary: TRUeSentire’s Threat Response Unit has identified an advanced KoiLoader malware intrusion attempting to compromise systems through a phishing email. The attack leverages misleading file formats, manipulates PowerShell commands, and employs multiple anti-detection techniques to deploy the Koi Stealer for extensive data theft. KoiLoader exemplifies sophisticated malware engineering, utilizing custom cryptographic channels for Command and Control (C&C) operations.…
Read More