What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-02-01 18:55:00 | Anomali Cyber Watch: Researchers Break Down WhisperGate Wiper Malware, Trickbot Will Now Try To Crash Researcher PCs to Stop Reverse Engineering Attempts, New DeadBolt Ransomware Targets QNAP Devices (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: CVE-2022-21882, DazzleSpy , DeadBolt, DTPacker, Trickbot, and WhisperGate. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Windows Vulnerability With New Public Exploits Lets You Become Admin
(published: January 29, 2022)
A new vulnerability, tracked as CVE-2022-21882 was discovered by researcher RyeLv in early January 2022. The exploit is a bypass to a previous vulnerability, CVE-2021-1732, and affects all Windows 10 machines that have not applied January’s Patch Tuesday patch. This vulnerability is a privilege escalation exploit, which grants administrator level privileges and allows for the creation of new admin accounts, as well as lateral movement. The exploit abuses a flaw in the manner in which the kernel handles callbacks, changing the flag ConsoleWindow. This will modify the window type, and tricks the system into thinking tagWND.WndExtra is an offset of the kernel desktop heap, thereby granting administrator level read and write access.
Analyst Comment: Apply patches when they become available to keep your systems and assets protected from the latest attacks and vulnerabilities. This is essential when new vulnerabilities are discovered as threat actors will actively attempt to exploit them. A strong patch management policy combined with an effective asset management policy will assist you in keeping your assets up to date and protected.
MITRE ATT&CK: [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Exploitation for Privilege Escalation - T1068 | [MITRE ATT&CK] Process Discovery - T1057
Tags: Windows, Priviledge escalation, CVE-2021-1732, CVE-2022-21882
Shipment-Delivery Scams Become the Favored Way to Spread Malware
(published: January 28, 2022)
Researchers at Cofense and Checkpoint have documented a series of Phishing campaigns throughout Q4 of 2021. The campaign imitates large known delivery brands such as DHL or the US postal service, and aims to abuse the trust these companies have associated with them to manipulate their targets into clicking malicious links or files. The most prominent tactic is to provide a link to a missed package, capitalizing on current global supply chain issues. Once clicked, TrickBot malware is delivered, though other campaigns are delivering as of yet non-attributed trojans. The malicious links in these campaigns are not particularly sophisticated, and are easily identified as false as they lead to domains outside the company they are targeting.
Analyst Comment: Never click on attachments or links from untrustworthy sources, and verify with the legitimate sender the integrity of these emails. Treat any email that attempts to scare, coerce, provide a time limit or force you to click links or attachments with extreme suspicion.
MITRE ATT&CK: [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Phishing |
Ransomware Malware Vulnerability Threat Guideline | NotPetya |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
