Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-04-30 08:33:11 |
Découvrez le côté obscur des DLL (Dynamic Link Library) (lien direct) |
>En bref :Le chargement latéral de DLL (Dynamic Link Library) est une technique permettant d'exécuter des charges virales malveillantes dans une DLL masquée en exploitant le processus d'exécution d'une application légitime.Des groupes de malware, tels que les groupes APT chinois et les malwares Darkgate, exploitent sur le terrain une vulnérabilité de chargement latéral de DLL Zero-Day [...]
|
Malware
Vulnerability
Threat
|
|
★★★
|
|
2023-12-27 07:39:30 |
Découverte du ransomware Rhysida et de ses activités (lien direct) |
>Faits marquants concernant le ransomware RhysidaRhysida est devenu l'un des groupes de ransomware les plus actifs en novembre 2023.Il cible les grandes et moyennes entreprises avec un impact significatif sur le secteur de l'éducation.Les victimes du groupe Rhysida sont réparties dans 25 pays, avec une majorité de victimes aux États-Unis.Il utilise les familles de malware [...]
|
Ransomware
Malware
|
|
★★
|
|
2023-02-23 09:57:34 |
Russia V Ukraine: Round two – Gamma Edition (lien direct) |
>By Nilaa Maharjan; Logpoint Global Services & Security ResearchContentsWhat has happened?Anticipating the anniversaryGamaredon: Who are they?The impact of these malware strains?Download Report: Russia V Ukraine: Round two - Gamma EditionA year on since the first attack on Ukrainian territory and the unofficial beginning of the cyber war, the Secretary of Ukraine's National Security and Defense [...]
|
Malware
|
|
★★
|
|
2023-02-06 09:04:22 |
A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) |
>By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...]
|
Ransomware
Malware
Vulnerability
|
|
★★
|
|
2022-12-14 09:17:48 |
Emerging Threats: Emotet-ually Unstable – The resurgence of a nuisance (lien direct) |
>By Anish Bogati, Logpoint Global Services and Security ResearchContentsTL;DRWhat is Emotet?Fast FactsBackgroundEmotet operations, tactics and techniquesTL;DREmotet, aka Geodo or Heodo, is a modular malware variant that was initially used as banking malware.At present Emotet is used as a dropper, which means it downloads other malware like IcedID, QakBOT, and TrickBot.Emotet was first detected in June [...]
|
Malware
|
|
★★
|
|
2022-11-17 11:39:21 |
Chasse, prévention et réponse au malware IcedID avec Logpoint (lien direct) |
>Par Nilaa Maharjan, Security ResearchIndex· Pourquoi cette menace est-elle sérieuse ?Ice-breaker #1 : diffusion d'IcedID via le formulaire de contactIce-breaker #2 : diffusion d'IcedID via des factures falsifiées· Ajout de menaces de poursuites judiciaires aux tactiques d'ingénierie sociale· Se défendre contre les attaques sophistiquées grâce à une défense coordonnéeRésumé: · IcedID, alias BokBot, est un cheval [...]
|
Malware
|
|
★★
|
|
2022-11-17 11:39:21 |
(Déjà vu) Emerging Threats: IcedID Beacon – Hunting, Preventing, and Responding to IcedID Malware using Logpoint (lien direct) |
>By Nilaa Maharjan, Security Research Index Why is this threat noteworthy? Ice-breaker #1. Delivering IcedID via contact form Ice-breaker #2. Delivering IcedID via Spoofed Invoices Adding legal threats to social engineering tactics Defending against sophisticated attacks through a coordinated defense Executive Summary: IcedID, aka BokBot, is a banking trojan that has evolved multiple times [...]
|
Malware
Threat
|
|
★★
|
|
2022-11-17 11:39:21 |
IcedID-IcedID Beacon – Hunting, Preventing, and Responding to IcedID Malware using Logpoint (lien direct) |
>Index Why is this threat noteworthy? Ice-breaker #1. Delivering IcedID via contact form Ice-breaker #2. Delivering IcedID via Spoofed Invoices Adding legal threats to social engineering tactics Defending against sophisticated attacks through a coordinated defense Executive Summary: IcedID, aka BokBot, is a banking trojan that has evolved multiple times and is now used as [...]
|
Malware
Threat
|
|
|
|
2022-03-14 13:26:58 |
Detecting malicious macros is a vital tool in the fight against malware (lien direct) |
>by Bhabesh Raj Rai, Security ResearchEven the most sophisticated and advanced state-sponsored attackers leave digital traces and detecting these anomalies is key to protecting organizations against malware. One common method threat actors use to initiate malware campaigns is by phishing with a malicious Word document. When a user opens the document, it's likely to trigger [...]
|
Malware
Tool
Threat
|
|
|
|
2020-09-29 10:32:33 |
Threat hunting with Linux – Detecting a cryptomining attack (lien direct) |
By Bhabesh Raj Rai, Associate Security Analytics Engineer, LogPoint Cryptomining malware was extremely popular in 2019 and is still relevant in today's threat landscape. As per the IBM X-Force telemetry, cryptomining activity spiked to unprecedented levels during mid-2019. At present, coin miners have seen a steady increase in the number of reports during [...]
|
Malware
Threat
|
|
|