What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-21 05:11:00 | 2023 Anomali Predictions: New Risks to Put Added Pressure on Enterprise Defenders (lien direct) | Cybersecurity has a way of surprising us with the unexpected so I wouldn’t be surprised to see a completely new kind of security threat emerge in 2023. But as the ongoing cat-and-mouse game between attackers and defenders unfolds, certain scenarios are already coming into view. Why Threat Actors Will Love Pink Slips Amid growing economic uncertainty, many companies around the globe are tightening their belts and reducing headcount in advance of a possible economic recession. But as organizations brace for the worst, three related security risks now loom: 1. External attackers aren’t the only threats companies face. Insider threat incidents are up 44% in the past two years, as costs per incident have climbed more than a third to $15.38 million. But there’s new reason for concern since layoffs create insider threat risks – either in the form of disgruntled employees or among existing employees angry about corporate’s decision to let go of colleagues. That means more potential for theft or sabotage from within. 2. Staff reductions have unintended consequences on an organization’s security posture. When gaps in network defenses suddenly appear, the company now has fewer technical experts watching the situation. At the same time, the organization now has less visibility into the security status of its various products and systems. This presents a golden opportunity for professional threat actors searching out the path of least resistance. When they hear about layoff announcements at a particular firm, it doesn’t take very long before attackers start probing for security vulnerabilities. 3. Companies regularly get into trouble by failing to set up well-controlled and thorough off-boarding personnel procedures – particularly when it comes to senior or privileged users. Proper processes with verification of completion on user accounts, data, assets, etc. is critical. Also, don’t ignore the consequences of adding roles and responsibilities to remaining employees who may shoulder added responsibilities following a staff layoff. There are risks in maintaining segregation of duties and inadvertently creating ‘super users.’ This could pose an insider threat risk or present targets of opportunity for attackers looking to exploit ‘novices’ in new roles they have taken on. Commodity Malware and Tools Dominate Threat actor groups operate a profitable business selling increasingly complex malware and tools to would-be attackers, a trend that will continue in 2023, making it even harder for forensic investigators to determine the origin of attacks. All of which further underscores the importance of better threat intelligence to understand why certain actors are likely to target specific organizations and what malware and tools they might deploy. Supply Chain Is the Place to Be Cyber attackers stick with what works. So, after the run of big supply chain breaches in the last few years – SolarWinds 2020, Log4Shell 2021 and its variants into 2022 – expect more of the same in the new year. The too-common occurrence of trusted relationship abuse and supply chain attacks is a particular favorite of state-sponsored groups. Look for them to demonstrate patience and remain hidden as they go to great lengths to accomplish their objectives. None of this means that attackers are fated to have the advantage over defenders in 2023. But given their growing sophistication, it’s more important than ever to have fuller awareness of your assets and supply chain vectors. Pay close attention to shared development environments, where you work with 3rd parties and contractors in developing and maintaining your applications. Maintaining oversight over the security and access to these environments is key. Assure development practices and establish adequate segregation of code bases, data, and documentation. It’s hard to suffici | Malware Threat Prediction | ★★★ | |
 |
2022-12-21 03:00:00 | GodFather Android malware targets 400 banks, crypto exchanges (lien direct) | An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. [...] | Malware | ★★★ | |
 |
2022-12-20 22:47:50 | \'Russian hackers\' help two New York men game JFK taxi system (lien direct) | Operation involved malware loaded onto system computers, unauthorized wi-fi access and stolen equipment, feds say. | Malware | ★★★ | |
|
2022-12-20 20:46:00 | Anomali Cyber Watch: APT5 Exploited Citrix Zero-Days, Azov Data Wiper Features Advanced Anti-Analysis Techniques, Inception APT Targets Russia-Controlled Territories, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Backdoors, Belarus, China, Data wiping, Russia, Ukraine and Zero-days. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
APT5: Citrix ADC Threat Hunting Guidance
(published: December 13, 2022)
On December 13, 2022, the US National Security Agency published a report on the ongoing exploitation of Citrix products. Citrix confirmed that this critical remote code execution vulnerability (CVE-2022-27518, CTX474995) affects Citrix Application Delivery Controller™ (Citrix ADC) and Citrix Gateway versions: 12.1 and 13.0 before 13.0-58.32. Active exploitation of the CVE-2022-27518 zero-day was attributed to China-sponsored APT5 (Keyhole Panda, Manganese, UNC2630) and its custom Tricklancer malware.
Analyst Comment: All customers using the affected builds are urged to install the current build or upgrade to the newest version (13.1 or newer) immediately. Anomali Platform has YARA signatures for the Tricklancer malware, network defenders are encouraged to follow additional NSA hunting suggestions (LINK). Check md5 hashes for key executables of the Citrix ADC appliance. Analyze your off-device logs: look for gaps and mismatches in logs, unauthorized modification of user permissions, unauthorized modifications to the crontab, and other known signs of APT5’s activities.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190
Tags: actor:APT5, actor:UNC2630, actor:Manganese, actor:Keyhole Panda, CVE-2022-27518, CTX474995, Citrix ADC, Citrix Gateway, Zero-day, China, source-country:CN
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
(published: December 12, 2022)
In November 2022, a new cryptojacking campaign was detected by Trend Micro researchers. Unlike previously-recorded campaigns that aim at installing a cryptomining software, this one is utilizing a remote access trojan (RAT): a Linux-targeting version of the open-source Chaos RAT. This Go-based RAT is multi-functional and has the ability to download additional files, run a reverse shell, and take screenshots.
Analyst Comment: Implement timely patching and updating to your systems. Monitor for a sudden increase in resource utilization, track open ports, and check the usage of and changes made to DNS routing.
MITRE ATT&CK: [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Network Service Scanning - T1046 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] Screen Capture - T1113 | [MITRE ATT&CK] Remote Access Tools - T12 |
Malware Tool Vulnerability Threat Patching Prediction | APT 5 | ★★★ |
 |
2022-12-20 20:03:00 | Beware: Cybercriminals Launch New BrasDex Android Trojan Targeting Brazilian Banking Users (lien direct) | The threat actors behind the Windows banking malware known as Casbaneiro has been attributed as behind a novel Android trojan called BrasDex that has been observed targeting Brazilian users as part of an ongoing multi-platform campaign. BrasDex features a "complex keylogging system designed to abuse Accessibility Services to extract credentials specifically from a set of Brazilian targeted apps, | Malware Threat | ★★ | |
 |
2022-12-20 19:30:10 | Microsoft reports macOS Gatekeeper has an \'Achilles\' heel (lien direct) | Insert your Trojan joke here Security researchers at Microsoft have discovered a bug in macOS that lets malicious apps bypass Apple's Gatekeeper security software "for initial access by malware and other threats." … | Malware | ★★ | |
 |
2022-12-20 17:49:05 | Addressed macOS vulnerability enables malware evasion of security checks (lien direct) | BleepingComputer reports that threat actors could exploit a macOS vulnerability to facilitate malware distribution without being detected by Gatekeeper through application execution restrictions. | Malware Vulnerability Threat | ★★★ | |
|
2022-12-20 16:11:00 | VirusTotal cheat sheet makes it easy to search for specific results (lien direct) | VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform. [...] | Malware Guideline | ★★★ | |
|
2022-12-20 13:42:20 | Hackers bombard PyPi platform with information-stealing malware (lien direct) | The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data. [...] | Malware | ★ | |
 |
2022-12-20 12:30:47 | Trojaned Windows Installer Targets Ukraine (lien direct) | Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. The trojanized ISOs were hosted on Ukrainian- and Russian-language torrent file sharing sites. Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it. At a subset of victims, additional tools are deployed to enable further intelligence gathering. In some instances, we discovered additional payloads that were likely deployed following initial reconnaissance including the STOWAWAY, BEACON, and SPAREPART backdoors... | Malware | ★★ | |
 |
2022-12-20 11:41:31 | New \'RisePro\' Infostealer Increasingly Popular Among Cybercriminals (lien direct) | A recently identified information stealer named 'RisePro' is being distributed by pay-per-install malware downloader service 'PrivateLoader', cyberthreat firm Flashpoint reports. Written in C++, RisePro harvests potentially sensitive information from the compromised machines and then attempts to exfiltrate it as logs. | Malware | ★★ | |
|
2022-12-20 10:15:59 | Raspberry Robin worm drops fake malware to confuse researchers (lien direct) | The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools. [...] | Malware | ★★★★★ | |
 |
2022-12-20 04:15:09 | CVE-2022-47578 (lien direct) | An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. | Malware | ||
 |
2022-12-20 00:00:00 | Raspberry Robin Malware Targets Telecom, Governments (lien direct) | We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools. | Malware | ★★ | |
 |
2022-12-19 21:28:00 | Sophisticated DarkTortilla Malware Serves Imposter Cisco, Grammarly Pages (lien direct) | Sites spoofing Grammarly and a Cisco webpage are spreading the DarkTortilla threat, which is filled with follow-on malware attacks. | Malware | ★★ | |
|
2022-12-19 15:35:00 | New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure (lien direct) | A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across | Ransomware Malware | ★★ | |
|
2022-12-19 14:37:18 | (Déjà vu) Microsoft finds macOS bug that lets malware bypass security checks (lien direct) | Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] | Malware Vulnerability | ★★ | |
|
2022-12-19 14:37:18 | Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper (lien direct) | Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] | Malware Vulnerability | ★★ | |
 |
2022-12-19 14:00:00 | How Reveton Ransomware-as-a-Service Changed Cybersecurity (lien direct) | >In 2012, Reveton ransomware emerged. It’s considered to be the first Ransomware-as-a-Service (RaaS) operation ever. Since then, RaaS has enabled gangs with basic technical skills to launch attacks indiscriminately. Now, nearly anyone can create highly effective malware campaigns. We now see RaaS outfits with organizational capabilities that rival the most professional Software-as-a-Service (SaaS) brands. But […] | Ransomware Malware | ★★★ | |
|
2022-12-19 12:39:27 | Ukraine\'s DELTA military system users targeted by info-stealing malware (lien direct) | A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the 'DELTA' situational awareness program to infect systems with information-stealing malware. [...] | Malware | ★★★ | |
|
2022-12-17 11:08:16 | Glupteba malware is back in action after Google disruption (lien direct) | The Glupteba malware botnet has sprung back into action, infecting devices worldwide after its operation was disrupted by Google almost a year ago. [...] | Malware | ★★★ | |
|
2022-12-16 16:00:03 | Chinese APT Group MirrorFace Interferes in Japanese Elections (lien direct) | The MirrorFace group has deployed popular malware LodeInfo for spying and data theft against certain members of the Japanese House of Representatives. | Malware | ★★★ | |
|
2022-12-16 14:00:00 | Live From London: Next-Gen Cybersecurity Takes Stage at Black Hat Europe (lien direct) | Check out our slideshow detailing the emerging cybersecurity trends in cloud, creating a defensible Internet, malware evolution, and more that lit up audiences in London. | Malware | ★★ | |
 |
2022-12-16 11:46:06 | (Déjà vu) MoneyMonger : un nouveau malware dissimulé dans des applications mobiles de prêt d\'argent (lien direct) | Après avoir prêté de l'argent, les criminels à l'origine de ce malware extorquent les victimes en utilisant des informations personnelles volées sur leurs appareils.... | Malware | ★★ | |
|
2022-12-16 10:23:17 | Microsoft warns of new Minecraft DDoS malware infecting Windows, Linux (lien direct) | A new cross-platform malware botnet named 'MCCrash' is infecting Windows, Linux, and IoT devices to conduct distributed denial of service attacks on Minecraft servers. [...] | Malware | ★★ | |
 |
2022-12-15 20:51:24 | Expanding the App Defense Alliance (lien direct) | Posted by Brooke Davis, Android Security and Privacy Team The App Defense Alliance launched in 2019 with a mission to protect Android users from bad apps through shared intelligence and coordinated detection between alliance partners. Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment). With a new dedicated landing page at appdefensealliance.dev, the ADA has an expanded mission to protect Android users by removing threats while improving app quality across the ecosystem. Let's walk through some of the latest program updates from the past year, including the addition of new ADA members. Malware MitigationTogether, with the founding ADA members - Google, ESET, Lookout, and Zimperium, the alliance has been able to reduce the risk of app-based malware and better protect Android users. These partners have access to mobile apps as they are being submitted to the Google Play Store and scan thousands of apps daily, acting as another, vital set of eyes prior to an app going live on Play. Knowledge sharing and industry collaboration are important aspects in securing the world from attacks and that's why we're continuing to invest in the program. New ADA MembersWe're excited to see the ADA expand with the additions of McAfee and Trend Micro. Both McAfee and Trend Micro are leaders in the antivirus space and we look forward to their contributions to the program. Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever. According to Data.ai, the pandemic accelerated existing mobile habits - with app categories like finance growing 25% YoY and users spending over 100 billion hours in shopping apps. That's why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project. The project's mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. Developers can work directly with an ADA Authorized Lab to have their apps evaluated against a set of MASVS L1 requirements. Once successful, the app's validation is listed in the recently launched App Validation Directory, which provides users a single place to view all app validations. The Directory also allows users to access more assessment details including validation date, test lab, and a report showing all test steps and requirements. The Directory will be updated over time with new features and search functionality to make it more user friendly. The Google Play Store is the first commercial app store to recognize and display a badge for any app that has completed an independent security review through ADA MASA. The badge is displayed within an app's respective | Malware Guideline Prediction | Uber | ★★ |
 |
2022-12-15 17:15:19 | WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections (lien direct) | WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties - Malware Update | Malware Threat | APT 3 | ★★ |
|
2022-12-15 16:20:20 | Blackmailing MoneyMonger Malware Hides in Flutter Mobile Apps (lien direct) | Money-lending apps built using the Flutter software development kit hide a predatory spyware threat and highlight a growing trend of using personal data for blackmail. | Malware Threat Prediction | ★★★ | |
 |
2022-12-15 16:00:00 | Loan Scam Campaign \'MoneyMonger\' Exploits Flutter to Hide Malware (lien direct) | Zimperium said the code was part of an existing campaign previously discovered by K7 Security Labs | Malware | ★★ | |
|
2022-12-15 15:54:00 | Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims (lien direct) | A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform Flutter framework to develop the apps. MoneyMonger "takes advantage of Flutter's framework to | Malware | ★★★ | |
 |
2022-12-15 15:00:00 | Les installateurs du système d'exploitation Trojanisé Windows 10 ciblaient le gouvernement ukrainien ciblé Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government (lien direct) |
Résumé exécutif
mandiant a identifié une opération axée sur le gouvernement ukrainien via des installateurs de système d'exploitation Trojanisé Windows 10.Ceux-ci ont été distribués via des sites torrent dans une attaque de chaîne d'approvisionnement.
Activité de menace suivie comme UNC4166 Trojanisé et distribué des installateurs de système d'exploitation malveillants qui réduisent la reconnaissance et les déploiementsCapacité supplémentaire sur certaines victimes à effectuer un vol de données.
Les fichiers trojanisés utilisent le pack de langues ukrainien et sont conçus pour cibler les utilisateurs ukrainiens.Suivre les cibles de compromis sélectionnées pour suivre
Executive Summary Mandiant identified an operation focused on the Ukrainian government via trojanized Windows 10 Operating System installers. These were distributed via torrent sites in a supply chain attack. Threat activity tracked as UNC4166 likely trojanized and distributed malicious Windows Operating system installers which drop malware that conducts reconnaissance and deploys additional capability on some victims to conduct data theft. The trojanized files use the Ukrainian language pack and are designed to target Ukrainian users. Following compromise targets selected for follow |
Malware | ★★★ | |
|
2022-12-15 13:33:39 | Zimperium Discovers Novel Predatory Loan Malware Hiding in Mobile Apps Developed With Flutter (lien direct) | Zimperium Discovers Novel Predatory Loan Malware Hiding in Mobile Apps Developed With Flutter After Loaning Money, Criminals Behind MoneyMonger Blackmail Victims with Personal Information Stolen from their Device - Malware Update | Malware | ★★ | |
|
2022-12-15 11:32:00 | Hacking Using SVG Files to Smuggle QBot Malware onto Windows Systems (lien direct) | Phishing campaigns involving the Qakbot malware are using Scalable Vector Graphics (SVG) images embedded in HTML email attachments. The new distribution method was spotted by Cisco Talos, which said it identified fraudulent email messages featuring HTML attachments with encoded SVG images that incorporate HTML script tags. HTML smuggling is a technique that relies on using legitimate features of | Malware | ★★★ | |
|
2022-12-15 10:23:49 | Zimperium découvre un nouveau malware dissimulé dans des applications mobiles de prêt d\'argent développées sur Flutter (lien direct) | Zimperium découvre un nouveau malware dissimulé dans des applications mobiles de prêt d'argent développées sur Flutter Après avoir prêté de l'argent, les criminels à l'origine de ce malware extorquent les victimes en utilisant des informations personnelles volées sur leurs appareils. - Malwares | Malware | ★★ | |
 |
2022-12-15 06:44:06 | Tracking Malicious Glupteba Activity Through the Blockchain (lien direct) | >Glupteba is a trojan horse typically deployed via malicious installers and software cracks. It is a modular malware operators can use to perform a wide range of tasks. Surprisingly, Glupteba leverages the Bitcoin blockchain to distribute its C&C domains. | Malware | ★★ | |
 |
2022-12-15 06:10:39 | (Déjà vu) ASEC Weekly Malware Statistics (December 5th, 2022 – December 11th, 2022) (lien direct) | The ASEC analysis team uses the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from December 5th, 2022 (Monday) to December 11th, 2022 (Sunday). For the main category, downloader ranked top with 44.3%, followed by Infostealer with 28.2%, backdoor with 18.3%, ransomware with 8.5%, and CoinMiner with 0.7%. Top 1 – Amadey This week, Amadey Bot ranked first place with 15.9%. Amadey is a downloader that can receive commands... | Ransomware Malware | ★★ | |
|
2022-12-15 06:02:24 | STOP Ransomware Being Distributed in Korea (lien direct) | The ASEC analysis team discovered that the STOP ransomware is being distributed in Korea. This ransomware is being distributed at a very high volume that it is ranked among the Top 3 in the ASEC Weekly Malware Statistics (November 28th, 2022 – December 4th, 2022). The files that are currently being distributed are in the form of MalPe just like SmokeLoader and Vidar, and the filenames include a random 4-byte string as shown below. When the ransomware is executed, it first... | Ransomware Malware | ★ | |
|
2022-12-15 05:12:00 | Anomali November Quarterly Product Update (lien direct) | We’re excited to announce our quarterly platform update for November. This update introduces new capabilities that automate defense actions and allow enterprise organizations to understand their relevant threat landscape and visualize what’s happening inside and outside their network. Key highlights for this quarter include: Attack Surface Management Visualizations of Attack Flow Patterns Anomali Intelligence Channels Cloud XDR Data Usage and Notification Feeds Health Status Attack Surface Management: Understanding your threat landscape is essential in knowing which assets you need to protect. With this release, we’re proud to offer a unique Attack Surface Management solution that provides cyber security teams with a comprehensive, accurate view of their environment through the eyes of the attacker. “Recent ESG Research showed that security operations have become more difficult at most organizations over the past few years, partly due to a growing attack surface,” said Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group. Anomali’s Attack Surface Management provides visibility into ALL external facing assets to identify exposures, enabling organizations to understand impact based on asset criticality, vulnerability, and attack severity. This allows analysts to prioritize investigation activities and perform remediation of misconfigured assets and security controls. The real power is using it in combination with other Anomali solutions. For example, with Anomali Match, organizations can prioritize asset remediation based on real, detected threats to exposed assets. With this, they can assess the potential impact of the threat actors targeting organizations, their motivations for attacking, and their tactics and techniques as they carry out an active campaign. Anomali’s proprietary data provides a point in time and a historical view with insights that others can’t. Reach out or download our datasheet to learn more. Visualizations of Attack Flow Patterns: Understanding an attacker and their tools, techniques, and procedures TTPs is paramount to becoming a proactive security organization. “Attack flows help defenders understand, share, and make threat-informed decisions based on the sequence of actions in a cyber-attack,” as per MITRE Enginuity’s Center for Threat Informed Defense. Based upon our work with the MITRE Engenuity Center for Threat-Informed Defense, we’ve added a new Attack Flow Library that helps visualize the sequence of attack techniques in ThreatStream Cloud. An initial group of 15 Attack Flows is available in ThreatStream, curated by the Anomali Threat Research Team. This library enables analysts to understand attack pattern sequences for infiltrating an environment. It also provides SOC teams with a foundation for future automated Attack Pattern detection capabilities that could help prevent, stop, or remediate an attack. Keep an eye out for more innovations around this initiative. And download our ebook, The Need to Focus on the Adversary, to learn why understanding the attacker is important. Intelligence Channels: Security teams are under pressure to do more with less. Unfortunately, most organizations need help effectively implementing threat intelligence, not benefiting from the value their threat intelligence team, processes, and tools provide. We’ve made it easier for Security teams to implement out-of-the-box tailored intelligence with Intelligence Channels. Intelligence Channels are for organizations that need help implementing threat intelligence. Curated by The Anomali | Malware Threat | ★ | |
|
2022-12-15 02:36:18 | Hackers target Japanese politicians with new MirrorStealer malware (lien direct) | A hacking group tracked as MirrorFace has been targeting Japanese politicians for weeks before the House of Councilors election in July 2022, using a previously undocumented credentials stealer named 'MirrorStealer.' [...] | Malware | ★ | |
 |
2022-12-14 19:02:41 | Interest in Infostealer Malware Within Cyberattacks Spikes as MFA Fatigue Attacks Increase (lien direct) |
|
Malware | ★★ | |
|
2022-12-14 18:38:00 | Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems (lien direct) | Microsoft on Tuesday disclosed it took steps to suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program were used to sign malware. The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is | Ransomware Malware | ★ | |
|
2022-12-14 17:00:00 | AgentTesla Remains Most Prolific Malware in November, Emotet and Qbot Grow (lien direct) | These are some of the key findings from the latest Check Point Research Most Wanted report | Malware | ★★ | |
|
2022-12-14 14:13:11 | Attackers use SVG files to smuggle QBot malware onto Windows systems (lien direct) | QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. [...] | Malware | ★★ | |
|
2022-12-14 13:24:00 | Microsoft patches Windows zero-day used to drop ransomware (lien direct) | Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] | Ransomware Malware Vulnerability Threat | ★★ | |
|
2022-12-14 12:27:13 | Zscaler State of Encrypted Attacks Report: Mehr als 85 Prozent der Angriffe erfolgen über verschlüsselte Kanäle (lien direct) | Jährlicher Bericht zeigt, dass das Volumen der Sicherheitsbedrohungen im Vergleich zum Vorjahr um 20 Prozent zunahm, was die Bedeutung von Zero Trust unterstreicht. Mehr als 85 Prozent aller Angriffe nutzen inzwischen verschlüsselte Kanäle in verschiedenen Phasen der Angriffskette, was einem Anstieg um 20 Prozent gegenüber dem Vorjahr entspricht. Nahezu 90 Prozent aller Cyberbedrohungen gehen auf Malware zurück, die über einen via E-Mail oder infizierte Webseiten verbreiteten Link die schädliche Payload nachlädt. Die USA und Indien sind Hauptziele für verschlüsselte Angriffe. Südafrika, das Vereinigte Königreich und Australien vervollständigen die Top Five. In Deutschland nahmen die Angriffe im Vergleich zu 2021 um 352 Prozent zu. - Sonderberichte | Malware | ★ | |
 |
2022-12-14 10:35:16 | Attention, des applications Android " zombies " se propagent sur les smartphones (lien direct) |  Des applications dites " zombies " se propagent sur les smartphones Android. D'après ThreatFabric, les pirates utilisent un programme malveillant pour cacher un malware dans le code d'applications populaires. Celui-ci s'empare ensuite de données sensibles… |
Malware | ★★ | |
 |
2022-12-14 09:17:48 | Emerging Threats: Emotet-ually Unstable – The resurgence of a nuisance (lien direct) | >By Anish Bogati, Logpoint Global Services and Security ResearchContentsTL;DRWhat is Emotet?Fast FactsBackgroundEmotet operations, tactics and techniquesTL;DREmotet, aka Geodo or Heodo, is a modular malware variant that was initially used as banking malware.At present Emotet is used as a dropper, which means it downloads other malware like IcedID, QakBOT, and TrickBot.Emotet was first detected in June [...] | Malware | ★★ | |
 |
2022-12-14 01:13:40 | Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware (lien direct) | Tales of derring-do in the cyberunderground! (And some zero-days.) | Malware | ★★ | |
|
2022-12-14 00:00:00 | Probing Weaponized Chat Applications Abused in Supply-Chain Attacks (lien direct) | This report examines the infection chain and the pieces of malware used by malicious actors in supply-chain attacks that leveraged trojanized installers of chat-based customer engagement platforms. | Malware | ★★ | |
 |
2022-12-13 22:16:36 | Cloud Threats Memo: Understanding the Dead Drop Resolver Technique (lien direct) | >If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead […] | Malware | ★★★★ |
To see everything:
Our RSS (filtrered)
