What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-29 22:25:52 | YouTube content creator credentials are under siege by YTStealer malware (lien direct) | Researchers unearth suspected credential-stealer service targeting YouTubers. | Malware | Uber | |
 |
2022-06-29 18:41:02 | ZuoRAT Hijacks SOHO Routers from Cisco, Netgear (lien direct) | The malware has been in circulation since 2020, with sophisticated, advanced malicious actors taking advantage of the vulnerabilities in SOHO routers as the work-from-home population expands rapidly. | Malware | ||
 |
2022-06-29 17:00:00 | Cybersecurity Researchers Launch New Malware Hunting Tool YARAify (lien direct) | The defensive tool is designed to scan suspicious files against a large repository of YARA rules | Malware Tool | ||
 |
2022-06-29 16:24:35 | Minors Use Discord Servers To Earn Extra Pocket Money Through Spreading Malware (lien direct) | Avast, a global leader in digital security and privacy, has discovered an online community of minors constructing, exchanging and spreading malware, including ransomware and a mix of information stealers and cryptominers. The group lures young users by advertising access to different malware builders and tool kits that allow laypeople to construct malware easily. In some cases, people […] | Ransomware Malware Tool Guideline | ||
 |
2022-06-29 13:53:15 | New YTStealer malware steals accounts from YouTube Creators (lien direct) | A new information-stealing malware named YTStealer is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels. [...] | Malware | ||
 |
2022-06-29 10:00:00 | A guide to teaching cybersecurity skills to special needs students (lien direct) | 
This blog was written by an independent guest blogger.
Schools and colleges were the worst hit by cyberattacks during the global health crisis in 2020. According to a report by GCN, ransomware attacks alone affected over 1,680 schools, colleges, and universities in the US. Such attacks also targeted 44% of educational institutions across the world. Schools worldwide are back to normal sessions and for many learners, that means spending hours online studying, doing homework, and submitting assignments.
While online learning guarantees convenience, flexibility, and affordability, it presents a major safety concern. Many teachers worry about securing schools as they transition to e-learning. Fortunately, there are plenty of useful guides for helping children stay safe online. The only downside is that these guides assume all young internet users possess the same skill levels. So, how do you teach online safety to children with learning disabilities? Keep reading to learn a few tips on how to teach students with special needs important cybersecurity skills.
Discourage sharing of important information
Online safety concerns for teachers and parents include cyberbullying, posting a lot of information, close interaction with strangers, and online scams. One of the best ways to improve student safety online is by discouraging sharing of important information via suspicious emails or links. Inform your students that any information they share online is public.
Details students shouldn’t share on the internet include real names, phone numbers, home address, school name, and photos. Consider writing a do not share list and post it on your students’ computers. Having a visual list helps your students remember who they can talk to online and what to post.
Teach proper use of devices and apps
Setting up limits on what content your students with special needs should access is an important step to keeping them safe from cybercriminals. To achieve the best outcome, teach students how to adjust device settings to enhance data privacy. It’s also wise to set up filters to filter search results and install virus protection software.
Other important cybersecurity best practices for students include setting strong passwords and encrypting data on all Internet-enabled devices. Don't forget to update malware software to ensure operating systems are up to date and advise students never to open links or attachments from strangers. Also, teach the proper use of password managers to prevent data breaches. Since password managers store login information in encrypted databases, students don’t need to write passwords in books where people can access them quickly.
Embrace gamification
Students with learning disabilities like dyslexia, ADHD, and autism have unique learning needs. For instance, when teaching neurodivergent students online and in person, you need to use different approaches. Avoid a one-size-fits-all teaching technique because some students will understand better through visuals, others study well with the help of text-speech software, interactive whiteboards, and voice dictation apps.
You can also improve your students’ cybersecurity skills through gamification. There are many reasons special needs students love online games to learn various things, including internet safety. Gamification designed for children with |
Ransomware Malware Threat | ||
 |
2022-06-29 08:30:00 | Fouler votre chemin dans les VPN, les procurations et les tunnels Burrowing your way into VPNs, Proxies, and Tunnels (lien direct) |
Pourquoi sommes-nous ici?
Lorsque l'on considère un cycle de vie d'attaque dans une perspective contradictoire, l'adversaire a quelques options sur la façon de procéder à chaque étape.L'une des questions auxquelles il faut répondre est de savoir si l'adversaire utilisera des logiciels malveillants connus (c'est-à-dire Beacon ), MALWARE MALWOWIQUE INFORMATIQUE CUSTOLUS-D7B72CF6-C413-59E1-9BB2-E06C861BDED4 "Rel =" NOREFERRER NoOpenner "Target =" _ Blank "> hammertoss ), ou logiciel et services légitimes (c'est-à-dire Network privé virtuel doux ) qui fournissent les fonctionnalités nécessaires pour terminer ladite étape.
Chaque option a des avantages et des inconvénients: les logiciels malveillants connus peuvent être extrêmement bon marché, mais peuvent également être faciles à détecter car il
Why Are We Here? When considering an attack lifecycle from an adversarial perspective, the adversary has a few options on how to proceed at each step. One of questions that needs to be answered is whether the adversary will use publicly known malware (i.e. BEACON), custom built-from-the-ground-up malware (i.e. HAMMERTOSS), or legitimate software and services (i.e. SoftEther Virtual Private Network) that provide the necessary functionality to complete said step. Each option has upsides and downsides: Publicly known malware can be extremely cheap but also can be easy to detect since it |
Malware | ★★★ | |
 |
2022-06-29 05:06:20 | (Déjà vu) ASEC Weekly Malware Statistics (June 20th, 2022 – June 26th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 20th, 2022 (Monday) to June 26th, 2022 (Sunday). For the main category, info-stealer ranked top with 53.8%, followed by downloader with 25.1%, backdoor with 14.8%, banking malware with 4.9%, and ransomware with 1.3%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 25.6%. It is an info-stealer that... | Ransomware Malware | ||
 |
2022-06-29 04:57:36 | New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators (lien direct) | Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other | Malware Tool | ||
 |
2022-06-29 00:01:54 | A wide range of routers are under attack by new, unusually sophisticated malware (lien direct) | Router-stalking ZuoRAT is likely the work of a sophisticated nation-state, researchers say. | Malware | ||
 |
2022-06-28 21:24:18 | ZuoRAT malware hijacks SOHO Routers to spy in the vitims (lien direct) | >A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […] | Malware Threat | ||
 |
2022-06-28 19:11:00 | Anomali Cyber Watch: API Hammering Confuses Sandboxes, Pirate Panda Wrote in Nim, Magecart Obfuscates Variable Names, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: API hammering, APT, China, Phishing, Ransomware, Russia, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed
(published: June 24, 2022)
ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection.
Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562
Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware
There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families
(published: June 24, 2022)
Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes.
Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network.
MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: malware:BazarLoad |
Ransomware Spam Malware Tool Vulnerability Threat | APT 28 APT 23 | |
 |
2022-06-28 18:33:31 | The Link Between AWM Proxy & the Glupteba Botnet (lien direct) | On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy -- a 14-year-old anonymity service that rents hacked PCs to cybercriminals -- suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy's founder is one of the men being sued by Google. | Malware | ||
|
2022-06-28 18:33:21 | China-Backed APT Pwns Building-Automation Systems with ProxyLogon (lien direct) | The previously unknown state-sponsored group is compromising industrial targets with the ShadowPad malware before burrowing deeper into networks. | Malware | ||
 |
2022-06-28 12:35:43 | Des mineurs utilisent des serveurs Discord pour gagner de l\'argent de poche en diffusant des malwares (lien direct) | Avas vient de mettre au jour une communauté en ligne de mineurs qui génèrent, échangent et diffusent des programmes malveillants (malwares), dont des rançongiciels (ransomwares) et d'autres conçus pour voler des informations et miner des cryptomonnaies. Les initiateurs de ce groupe attirent les jeunes utilisateurs en leur proposant d'accéder à plusieurs builders ou générateurs de malwares et à des kits de développement qui permettent aux néophytes de fabriquer facilement des programmes malveillants. (...) - Malwares | Malware | ||
|
2022-06-28 11:33:09 | New ZuoRAT malware targets SOHO routers in North America, Europe (lien direct) | A newly discovered multistage remote access trojan (RAT) dubbed ZuoRAT has been used to target remote workers via small office/home office (SOHO) routers across North America and Europe undetected since 2020. [...] | Malware | ||
 |
2022-06-28 10:00:44 | New Bumblebee malware loader increasingly adopted by cyber threat groups (lien direct) | >Conti, Quantum and Mountlocker were all linked to having used the new piece of software to inject systems with ransomware. | Malware Threat | ||
|
2022-06-28 09:39:28 | Raccoon Stealer is back with a new version to steal your passwords (lien direct) | The Raccoon Stealer malware is back with a second major version circulating on cybercrime forums, offering hackers elevated password-stealing functionality and upgraded operational capacity. [...] | Malware | ||
|
2022-06-28 09:30:50 | Colt associe les fonctionnalités du SD WAN et de l\'ESS dans une nouvelle solution SASE (lien direct) | Les clients de Colt Technology Services vont pouvoir avoir accès à une solution intégrée Secure Access Service Edge (SASE) qui regroupe les fonctionnalités SD WAN et SSE. Cet accès est possible grâce au lancement de la nouvelle solution Colt SASE Gateway. Cette nouvelle solution de Colt est basée sur Versa SASE qui s'articule autour de Versa Secure Web Gateway. Elle propose ainsi aux entreprises une protection contre les malware et les menaces du cyberespace. Elle apporte également un contrôle (...) - Produits | Malware | ||
|
2022-06-28 07:38:24 | ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks (lien direct) | A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," | Malware | ★★ | |
 |
2022-06-28 07:28:01 | CrowdStrike Falcon Pro for Mac Achieves 100% Mac Malware Protection, Wins Fifth AV-Comparatives Approved Mac Security Product Award (lien direct) | CrowdStrike Falcon Pro for Mac achieved 100% Mac malware protection in the May 2022 AV-Comparatives Mac Security Test and Review CrowdStrike Falcon Pro for Mac has now won five consecutive Approved Mac Security Product Awards from AV-Comparatives, one of the leading third-party independent organizations testing the efficacy of endpoint security solutions in protecting against malware […] | Malware Guideline | ||
|
2022-06-28 04:44:03 | ASEC Weekly Malware Statistics (June 13th, 2022 – June 19th, 2022) (lien direct) | The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from June 13th, 2022 (Monday) to June 19th, 2022 (Sunday). For the main category, info-stealer ranked top with 63.8%, followed by backdoor with 17.8%, downloader with 8.9%, banking malware with 7.5%, and ransomware with 1.9%. Top 1 – AgentTesla AgentTesla is an infostealer that ranked first place with 29.1%. It is an info-stealer that... | Ransomware Malware | ||
|
2022-06-28 04:42:22 | New Info-stealer Disguised as Crack Being Distributed (lien direct) | The ASEC analysis team has previously uploaded posts about various malware types that are being distributed by disguising themselves as software cracks and installers. CryptBot, RedLine, and Vidar are major example cases. Recently, a single malware type of RedLine has disappeared (it is still being distributed as a dropper type) and a new infostealer malware is being actively distributed instead. Its distribution became in full swing starting from May 20th, globally categorized as “Recordbreaker Stealer.” Some analyses see it as... | Malware | ||
 |
2022-06-28 00:00:00 | Rapport WatchGuard : Au 1er trimestre 2022, le volume de ransomwares a déjà atteint le double du total de l\\'année 2021 Rapport WatchGuard : Au 1er trimestre 2022, le volume de ransomwares a déjà atteint le double du total de l\\'année 2021 (lien direct) |
Paris, le 28 juin 2022 - WatchGuard® Technologies, leader mondial en matière de sécurité et d\'intelligence réseau, de Wi-Fi sécurisé, d\'authentification multifacteur et de protection avancée des endpoints, présente aujourd\'hui les résultats de son tout dernier Rapport trimestriel sur la sécurité Internet. Ce rapport présente les grandes tendances en matière de malwares et de menaces pour la sécurité des réseaux, analysées par les chercheurs du Threat Lab de WatchGuard. Les principales conclusions de l\'étude révèlent notamment que les détections de ransomware au cours du premier trimestre 2022 représentent le double du volume total enregistré pour 2021, que le botnet Emotet est revenu en force, que la tristement célèbre vulnérabilité Log4Shell a triplé ses efforts d\'attaque et que les activités malveillantes autour du cryptominage ont augmenté. Corey Nachreiner, Chief Security Officer chez WatchGuard commente : " Compte tenu de la hausse des ransomwares en ce début d\'année et des données issues des trimestres précédents, nous prévoyons que 2022 établira un nouveau record de détections annuelles de ransomware. Nous continuons d\'exhorter les entreprises à s\'engager non seulement à mettre en œuvre des mesures simples mais d\'une importance capitale, mais aussi à adopter une véritable approche de sécurité unifiée, capable de s\'adapter rapidement et efficacement à la croissance et à l\'évolution des menaces ". Parmi ses conclusions les plus notables, le rapport WatchGuard sur la sécurité Internet du 1er trimestre 2022 révèle ce qui suit. Les ransomwares explosent – Alors que les conclusions du Rapport sur la sécurité Internet du Threat Lab pour le quatrième trimestre 2021 montraient que les attaques par ransomware avaient tendance à diminuer d\'année en année, tout a changé au premier trimestre 2022 avec une explosion massive des détections de ransomware. Fait marquant, le nombre d\'attaques par ransomware détectées au premier trimestre atteint déjà le double du nombre total de détections pour 2021 ! LAPSUS$ émerge suite à la chute de REvil – Le quatrième trimestre 2021 a vu la chute du cybergang REvil, ce qui, rétrospectivement, a ouvert la voie à l\'émergence d\'un autre groupe : LAPSUS$. L\'analyse du premier trimestre de WatchGuard suggère que le groupe cybercriminels LAPSUS$ ainsi que les nombreuses nouvelles variantes de ransomware telles que BlackCat - le premier ransomware connu écrit dans le langage de programmation Rust - pourraient être autant de facteurs contribuant à un paysage de menaces marqué par l\'augmentation constante des ransomwares et des cyber-extorsions. Log4Shell fait son entrée dans la liste des 10 principales attaques réseau – Divulguée publiquement au début du mois de décembre 2021, la vulnérabilité Apache Log4j2, également connue sous le nom de Log4Shell, a fait son entrée dans la liste des 10 principales attaques réseau à la fin de ce trimestre. Par rapport aux détections IPS agrégées au 4ème trimestre 2021, la signature Log4Shell a presque triplé au premier trimestre de cette année. Considéré comme l\'incident de sécurité le plus important dans le précédent Rapport sur la sécurité Internet de WatchGuard, Log4Shell a marqué les esprits en obtenant un score CVSS de 10, soit le niveau de criticité maximal possible pour une vuln | Ransomware Malware Threat | ★★★ | |
|
2022-06-27 23:56:46 | New Android Banking Trojan \'Revive\' Targeting Users of Spanish Financial Services (lien direct) | A previously unknown Android banking trojan has been discovered in the wild, targeting users of the Spanish financial services company BBVA. Said to be in its early stages of development, the malware - dubbed Revive by Italian cybersecurity firm Cleafy - was first observed on June 15, 2022 and distributed by means of phishing campaigns. "The name Revive has been chosen since one of the | Malware | ||
|
2022-06-27 14:46:33 | New Matanbuchus Campaign drops Cobalt Strike beacons (lien direct) | >Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […] | Malware Threat | ||
|
2022-06-27 14:30:15 | Android malware \'Revive\' impersonates BBVA bank\'s 2FA app (lien direct) | A new Android banking malware named Revive has been discovered that impersonates a 2FA application required to log into BBVA bank accounts in Spain. [...] | Malware | ||
 |
2022-06-27 12:00:15 | Google accuse des opérateurs d\'être complice du piratage de leurs abonnés (lien direct) | 
Google accuse des opérateurs d'avoir participé au piratage de leurs abonnés. D'après les chercheurs du groupe, certains fournisseurs d'accès Internet ont collaboré avec des attaquants pour déployer un malware espion sur des smartphones.
L'article Google accuse des opérateurs d’être complice du piratage de leurs abonnés est à retrouver sur 01net.com. |
Malware | ||
|
2022-06-27 10:23:24 | Ukrainian telecommunications operators hit by DarkCrystal RAT malware (lien direct) | >The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […] | Malware | ||
|
2022-06-27 10:00:00 | Stories from the SOC - Detecting internal reconnaissance (lien direct) | Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Extended Detection and Response customers.
Executive summary
Internal Reconnaissance, step one of the Cyber Kill Chain, is the process of collecting internal information about a target network to identify vulnerabilities that can potentially be exploited. Threat actors use the information gained from this activity to decide the most effective way to compromise the target network. Vulnerable services can be exploited by threat actors and potentially lead to a network breach. A network breach puts the company in the hands of cybercriminals. This can lead to ransomware attacks costing the company millions of dollars to remediate along with a tarnished public image.
The Managed Extended Detection and Response (MXDR) analyst team received two alarms regarding an asset performing network scans within a customer's environment. Further investigation into these alarms revealed that the source asset was able to scan 60 unique IPs within the environment and successfully detected numerous open ports with known vulnerabilities.
Investigation
Initial alarm review
Indicators of Compromise (IOC)
The initial alarm that prompted this investigation was a Darktrace Cyber Intelligence Platform event that was ingested by USM Anywhere. The priority level associated with this alarm was High, one level below the maximum priority of Critical. Network scanning is often one of the first steps a threat actor takes when attempting to compromise a network, so it is a red flag any time an unknown device is scanning the network without permission. From here, the SOC went deeper into associated events to see what activity was taking place in the customer’s environment. The image shown below is the Darktrace alarm that initiated the investigation.
Expanded investigation
Events search
Utilizing the filters built into USM Anywhere , the events were narrowed down to the specific source asset IP address and Host Name to only query events associated to that specific asset. The following events were found that provide more information about the reconnaissance activity that was being observed.
Event deep dive
Upon reviewing the logs from the events shown above, the SOC was able to determine that the source asset scanned two separate Classless Inter-Domain Routing (CIDR) blocks, detecting, and scanning 60 unique internal devices for open ports. As shown in the log snippets below, the scans revealed multiple open ports with known vulnerabilities, most notable is Server Message Block (SMB) port 445 which is the key attack vector for the infamous WannaCry malware. Looking at the logs we can also see that the source asset detected port 5985, the port utilized by Windows Remote Management (WinRM). WinRM can be used by threat actors to move laterally in environments by executing remote commands on other assets from the compromised host. These remote commands are typically batch files performing malicious activity or implanting backdoors to maintain persistence in the network. Lastly, we can see the asset scanning for Lightweight Directory Access Protocol (LD |
Ransomware Malware Threat Guideline | Wannacry | |
 |
2022-06-27 09:15:10 | CVE-2022-1995 (lien direct) | The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | Malware Guideline | ||
|
2022-06-27 09:15:08 | CVE-2022-1028 (lien direct) | The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | Malware Guideline | ★★ | |
|
2022-06-27 02:00:33 | Researchers Warn of \'Matanbuchus\' Malware Campaign Dropping Cobalt Strike Beacons (lien direct) | A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage executables from command-and-control (C&C) servers on infected | Malware | ||
 |
2022-06-27 02:00:00 | 5 years after NotPetya: Lessons learned (lien direct) | On June 27, 2017, the eve of Ukraine's Constitution Day holiday, a major global cyberattack was launched, infecting more than 80 companies in that country using a brand-new cyber pathogen that became known as NotPetya. NotPetya didn't stay within Ukraine's borders but spilled out to infect and cause havoc for thousands of organizations across Europe and worldwide.NotPetya was so named because it was similar to but different from Petya, a self-propagating ransomware virus discovered in 2016 that, unlike other nascent forms of ransomware at the time, was incapable of being decrypted. In another departure from the earlier forms of ransomware, Petya also overwrote and encrypted master boot records and was, therefore, considered more a form of wiper malware than bona fide ransomware.To read this article in full, please click here | Ransomware Malware | NotPetya NotPetya | |
 |
2022-06-26 12:52:15 | My Paste Command, (Sun, Jun 26th) (lien direct) | The clip command that Xavier mentions is not only used by malware authors. I often use it, to copy the output of a command-line to the clipboard and then paste it inside a GUI application, like an hexadecimal editor. | Malware | ||
|
2022-06-26 11:05:10 | Fake copyright infringement emails install LockBit ransomware (lien direct) | LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims. [...] | Ransomware Malware | ||
|
2022-06-24 13:40:44 | This new malware diverts cryptocurrency payments to attacker-controlled wallets (lien direct) | >A new malware dubbed Keona Clipper aims to steal cryptocurrencies from infected computers and uses Telegram to increase its stealth. Learn more about what the Clipper malware threat is and how to protect from it. | Malware Threat | ||
 |
2022-06-24 11:02:00 | Google Warns Spyware Being Deployed Against Android, iOS Users (lien direct) | The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. | Malware | ||
 |
2022-06-24 07:00:00 | Sécurisez automatiquement vos téléchargements avec Virus Total (lien direct) | On ne présente plus le site Virus Total qui permet de passer au scan antivirus n’importe quel fichier. La particularité de Virus Total, c’est qu’il se repose sur des dizaines de moteurs AV différents. Cela permet d’avoir une meilleure compréhension de ce qu’on a scanné, afin d’esquiver les vrais malwares … Suite | Malware | ||
|
2022-06-24 03:40:50 | Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (lien direct) | A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat | Malware Cloud | APT 37 | |
|
2022-06-23 21:24:05 | New \'Quantum\' Builder Lets Attackers Easily Create Malicious Windows Shortcuts (lien direct) | A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities | Malware Tool | ||
|
2022-06-23 18:40:55 | Chinese Tropic Trooper APT spreads a hacking tool laced with a backdoor (lien direct) | >China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity cluster with ties to China-linked APT Tropic Trooper (aka Earth Centaur, KeyBoy, and Pirate Panda) which involved the use of a previously undescribed loader (dubbed “Nimbda”) written in Nim language. The Tropic Trooper APT has been active at least […] | Malware Tool | APT 23 | |
|
2022-06-23 12:21:33 | Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug (lien direct) | The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers. | Malware Threat | APT 28 | |
|
2022-06-23 11:04:57 | Malicious Windows \'LNK\' attacks made easy with new Quantum builder (lien direct) | Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. [...] | Malware | ||
 |
2022-06-23 10:55:09 | (Déjà vu) Microsoft Office 365 Feature Could Help Ransomware Attackers Infiltrate Cloud Files (lien direct) | A “dangerous piece of functionality” has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure. The cloud ransomware attack allows file-encrypting malware to launch and “encrypt files stored on SharePoint and OneDrive in a way […] | Ransomware Malware | ||
|
2022-06-23 10:11:31 | Mouvements latéraux : le succès des récents malwares (lien direct) | Trop souvent méconnu, le mouvement latéral est pourtant la principale raison de l'ampleur insoupçonnée qu'ont pris les cyberattaques depuis plusieurs années. Kesako ? Pourquoi si peu d'organisations prennent en compte cette technique utilisée par les cybercriminels ? Comment s'en prémunir ? Décryptage. Un objectif : gagner en privilèges Vecteur de diffusion des malwares comme WannaCry et NotPetya, la technique du mouvement latéral a largement contribué au succès de ces attaques. Le principe de cette (...) - Points de Vue | Malware | NotPetya Wannacry Wannacry | |
|
2022-06-23 10:00:00 | All you need to know about data security and its benefits for small businesses (lien direct) | This blog was written by an independent guest blogger. Cyberthreats don't affect only large enterprises and governments – they can also affect small businesses. According to research, nearly half of small businesses have experienced a cyberattack, and 69% are concerned about future attacks. Small businesses should be aware of cyber security statistics and take tangible steps to protect their businesses against cyberattacks. Employee records, customer information, loyalty schemes, transactions, and data collection are critical pieces of information that businesses need to protect. This is to prevent third parties from using the information for fraudulent purposes, such as phishing scams and identity theft. It's crucial to safeguard your company from cyberattacks, but some business owners are unsure how to do it. This article is intended to help small business owners navigate the realm of cyber threats and fortify their data security. The benefits of data security for small businesses are also discussed. Data security Data security is the practice of keeping data safe from unauthorized access or corruption. Data protection entails safeguarding not only your company's data but also that of your customers and vendors. Data encryption, hashing, tokenization, and key management are data security strategies that safeguard data across all applications and platforms. Small firms, unfortunately, appear to be a much easier target for hackers, as their security systems are typically less advanced than those of a medium or large company. Despite this fact, most small business owners believe they are not vulnerable to a data breach. Why data security? To secure their essential assets, organizations all over the world are investing extensively in information technology (IT) cyber security capabilities. Every business has to protect its brand, intellectual capital, and customer information. It also needs to provide controls for essential infrastructure. However, incident detection and response have three fundamental elements: people, processes, and technology. Cyber security problems and their effect on small businesses Security risks faced by small businesses? Small businesses may not have the operational know-how or employees to protect their IT systems and networks appropriately. Small firms confront a variety of cyber security challenges, including: Attacks by phishers: Phishing refers to a type of social engineering attack that is frequently used to obtain personal data from users; such data includes login credentials and credit card details. Malware attack: Malware attacks are common cyberattacks in which malware (usually malicious software) performs unauthorized actions on the victim's system. Ransomware: Ransomware is a sort of crypt | Ransomware Malware Tool Threat | Satori | |
|
2022-06-23 06:52:14 | FLOSS 2.0 Has Been Released, (Thu, Jun 23rd) (lien direct) | When you have to deal with malware in your day job, for research purposes, or just for fun, one of the key points is to have a lab ready to be launched. Your sandbox must be properly protected and isolated to detonate your samples in a safe way but it must also be fulfilled with tools, and scripts.&#;x26;#;xc2;&#;x26;#;xa0;This toolbox is yours and will be based on your preferred tools but starting from zero is hard, that&#;x26;#;39;s why there are specific Linux distributions built for this purpose. The one that I use in FOR610 and for my daily investigations is REMnux[1], created and maintained by Lenny Zeltser[2]. This environment offers tons of tools that help to perform all the malware analysis steps from static analysis up to code reversing and debugging. | Malware Tool | ||
|
2022-06-23 01:24:30 | Organizations Battling Phishing Malware, Viruses the Most (lien direct) | Organizations may not encounter malware targeting cloud systems or networking equipment frequently, but the array of malware they encounter just occasionally are no less disruptive or damaging. That is where the focus needs to be. | Malware | ||
|
2022-06-22 23:14:08 | Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside (lien direct) | A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity | Malware Tool Threat | APT 23 |
To see everything:
Our RSS (filtrered)
