What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-16 13:29:00 | Inferno Malware s'est masqué comme Coinbase, a drainé 87 millions de dollars de 137 000 victimes Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims (lien direct) |
Les opérateurs derrière le désormais disparu & nbsp; Inferno Drainer & nbsp; ont créé plus de 16 000 domaines malveillants uniques sur une période d'un an entre 2022 et 2023.
Le schéma & ldquo; a exploité des pages de phishing de haute qualité pour attirer les utilisateurs sans méfiance à la connexion de leurs portefeuilles de crypto-monnaie avec les attaquants & rsquo;Infrastructure qui a usurpé les protocoles Web3 pour inciter les victimes à l'autorisation
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme “leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers’ infrastructure that spoofed Web3 protocols to trick victims into authorizing |
Malware | ★★★ | |
 |
2024-01-16 12:34:28 | FBI: AndroxGH0st malware botnet vole AWS, Microsoft FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials (lien direct) |
La CISA et le FBI ont averti aujourd'hui que les acteurs de la menace utilisant des logiciels malveillants AndroxGH construisent un botnet axé sur le vol d'identification cloud et utilisent les informations volées pour fournir des charges utiles malveillantes supplémentaires.[...]
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...] |
Threat Malware Cloud | ★★★ | |
 |
2024-01-16 10:00:53 | Une méthode légère pour détecter les logiciels malveillants iOS potentiels A lightweight method to detect potential iOS malware (lien direct) |
Analyser le fichier Shutdown.log comme une méthode légère pour détecter les indicateurs d'infection par des logiciels malveillants iOS sophistiqués tels que Pegasus, Reign et Predator.
Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator. |
Malware | ★★★ | |
 |
2024-01-16 09:30:00 | Inferno Raindeur usurre plus de 100 marques cryptographiques pour voler 80 millions de dollars + Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ (lien direct) |
Le rapport du groupe-IB soulève le couvercle sur le tristement célèbre drainer malware crypto-drainer inferno
Group-IB report lifts the lid on infamous crypto-drainer malware Inferno Drainer |
Malware | ★★★ | |
 |
2024-01-16 08:32:19 | Défense post-livraison à propulsion du cloud: la dernière innovation de Proofpoint \\ dans la protection des e-mails Cloud-Powered Post-Delivery Defense: Proofpoint\\'s Latest Innovation in Email Protection (lien direct) |
Cybercriminals are constantly innovating so that they can infiltrate your systems and steal your valuable data. They do this through a complex multi-stage method commonly known as the attack chain. During the initial compromise, attackers use advanced email threats like phishing scams, malware attachments, business email compromise (BEC) and QR code threats to get a foothold in your systems. That\'s why email security tools typically focus on stopping these threats. Steps in the attack chain. But no technology is foolproof. Inevitably, some emails will get through. To keep your company safe, you need an email security solution that can detect, analyze and remediate email threats post-delivery. That\'s where Proofpoint can help. Proofpoint Cloud Threat Response is the cloud-based alternative to TRAP (Threat Response Auto-Pull), known for its effective post-delivery remediation capabilities. Not only is this solution easy to use, but it also automates post-detection incident response and remediation tasks that slow down security teams. In this blog post, we\'ll highlight some of its capabilities and benefits. Overview of Cloud Threat Response capabilities Proofpoint Cloud Threat Response keeps you safer by remediating threats post-delivery. Plus, it helps security teams prioritize and execute response actions three different ways: Automatically by Proofpoint. Cloud Threat Response automatically analyzes emails post-delivery. It identifies and quarantines malicious emails within user inboxes. Doing so reduces the risk that users will interact with them, helping to prevent your business from being compromised. Manually by the SOC team. Your security team gains instant access to detailed email analysis, historical data and risk scoring through an integration with Proofpoint Smart Search. This integration makes it easier for you to delve into specific emails and swiftly identify and remove any lurking threats. With the assistance of end users. Users can report messages that look suspicious thanks to a simple button directly integrated into their mailboxes. Reported emails are automatically investigated and are neutralized if determined to be a threat. Proofpoint Cloud Threat Response benefits At many companies, security incident response is a slow and labor-intensive process. Responding to security incidents may take days or weeks depending on the size of your security team. Time-intensive tasks can turn into painful bottlenecks. Compare that to Proofpoint Cloud Threat Response, which automates and simplifies threat response tasks. Here\'s what you can expect: Enjoy a simplified management interface. Our centralized, modern interface simplifies how you manage email security. From this dashboard, you can manage a range of tasks, including threat reporting, threat analysis and user administration. The simplified, modern interface of Proofpoint Cloud Threat Response. Respond to incidents faster. Proofpoint Cloud Threat Response acts on intelligence from our Supernova detection engine, which improves threat detection and reduces the mean time to respond (MTTR). Spend less time on deployment and maintenance. Because it\'s cloud native, our platform is not only easy to deploy but it eliminates the need for on-premises infrastructure. Plus, your investment is future-proof, and it comes with automated maintenance and security updates. Streamline security operations. Use Single Sign-On (SSO) to seamlessly navigate between Cloud Threat Response and other Proofpoint apps such as Targeted Attack Protection, Email Fraud Defense and Email Protection. This helps to boost analyst efficiency and response times. See more threats. It automatically shares a threat\'s remediation status across your other Proofpoint platforms. This increases threat visibility and helps you to identify and neutralize threats faster. Proofpoint Cloud Threat Response is integrated with Proofpoint threat intelligence and abuse mailbox sources. Contain threats quickly. Malici | Threat Malware Cloud Tool | ★★ | |
 |
2024-01-15 18:55:13 | Vulnérabilité de Windows Defender SmartScreen exploitée avec Phemedrone Stealer Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer (lien direct) |
> Par deeba ahmed
Attaquants tirant parti de la vulnérabilité de Windows dans la campagne de logiciels malveillants Phemedrone pour améliorer la furtivité.
Ceci est un article de HackRead.com Lire le post d'origine: La vulnérabilité de Windows Defender SmartScreen exploitée avec Phemedrone Stealer
>By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer |
Malware Vulnerability | ★★★ | |
 |
2024-01-15 15:24:00 | Ukrainien arrêté pour avoir infecté le fournisseur de cloud américain par des logiciels malveillants de cryptomine Ukrainian arrested for infecting US cloud provider with cryptomining malware (lien direct) |
Un ressortissant ukrainien a été arrêté la semaine dernière pour avoir prétendument infecté les serveurs d'un fournisseur de services cloud américain «bien connu» avec un malware de cryptominage, selon la police ukrainienne .On pense qu'un pirate de 29 ans de la ville sud de Mykolaiv aura miné illicitement plus de 2 millions de dollars en crypto-monnaie au cours des deux dernières années.La police a dit
A Ukrainian national was arrested last week for allegedly infecting the servers of “a well-known” American cloud service provider with a cryptomining malware, according to Ukrainian police. A 29-year-old hacker from the southern city of Mykolaiv is believed to have illicitly mined over $2 million in cryptocurrency over the past two years. The police said |
Malware Cloud | ★★ | |
|
2024-01-15 13:32:13 | Flaw SmartScreen Windows exploité pour déposer des logiciels malveillants Phemedrone Windows SmartScreen flaw exploited to drop Phemedrone malware (lien direct) |
Une campagne de logiciels malveillants de volet d'informations Phemedrone exploite une vulnérabilité Microsoft Defender SmartScreen (CVE-2023-36025) pour contourner les invites de sécurité Windows lors de l'ouverture des fichiers URL.[...]
A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files. [...] |
Malware Vulnerability | ★★★ | |
|
2024-01-15 13:15:00 | L'injecteur Balada infecte plus de 7 100 sites WordPress en utilisant la vulnérabilité du plugin Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability (lien direct) |
Des milliers de sites WordPress utilisant une version vulnérable du plugin Popup Builder ont été compromis avec un malware appelé & nbsp; Balada Injecteur.
First & nbsp; documenté & nbsp; par Doctor Web en janvier 2023, la campagne se déroule dans une série d'ondes d'attaque périodiques, les plugins WordPress de sécurité d'armes à l'armement pour injecter une dérobée conçue pour rediriger les visiteurs des sites infectés vers Bogus Tech
Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech |
Malware Vulnerability | ★★★ | |
|
2024-01-14 22:53:23 | Remcos Rat distribué via les webards Remcos RAT Being Distributed via Webhards (lien direct) |
tout en surveillant les sources de distribution de logiciels malveillants en Corée du Sud, Ahnlab Security Intelligence Center (ASEC) a récemment découvert queLe malware Remcos Rat déguisé en jeux pour adultes est distribué via des webards.Les webards et les torrents sont des plateformes couramment utilisées pour la distribution des logiciels malveillants en Corée.Les attaquants utilisent normalement des logiciels malveillants facilement disponibles tels que NJRAT et UDP RAT, et les déguisent en programmes légitimes tels que des jeux ou du contenu pour adultes pour la distribution.Des cas similaires ont été introduits dans les blogs ASEC précédents ...
While monitoring the distribution sources of malware in South Korea, AhnLab SEcurity intelligence Center (ASEC) recently found that the Remcos RAT malware disguised as adult games is being distributed via webhards. Webhards and torrents are platforms commonly used for the distribution of malware in Korea. Attackers normally use easily obtainable malware such as njRAT and UDP RAT, and disguise them as legitimate programs such as games or adult content for distribution. Similar cases were introduced in the previous ASEC blogs... |
Malware | ★★ | |
 |
2024-01-13 02:26:04 | Le nombre d'organismes compromis via Ivanti VPN zéro-jours se développe à mesure que le mandiant pèse Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in (lien direct) |
Snoops n'avait pas moins de cinq bits personnalisés de logiciels malveillants aux réseaux de porte dérobée Deux bugs de jour zéro dans les produits Ivanti étaient probablement attaqués par les cyberspies dès décembre, selon Mandiant \\ 's Menace Intel Team.…
Snoops had no fewer than five custom bits of malware to hand to backdoor networks Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant\'s threat intel team.… |
Threat Malware Vulnerability | ★★★ | |
|
2024-01-12 23:54:00 | C'est pourquoi nous mettons à jour ... les logiciels malveillants de données de données exploitent les PC Windows non corrigées This is why we update... Data-thief malware exploits unpatched Windows PCs (lien direct) |
PheMedrone Stealer Loots Drives pour les mots de passe, les cookies, les jetons de connexion, etc. Les criminels exploitent une vulnérabilité de contournement SmartScreen de Windows Defender pour infecter les PC avec un voleur PheMedrone, une souche maline qui scanne des machines pour des informations sensibles & # & #8211;Mots de passe, cookies, jetons d'authentification, vous l'appelez & # 8211;pour saisir et fuite.… | Malware Vulnerability | ★★★ | |
 |
2024-01-12 19:55:57 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
#### Description
FBOT est un outil de piratage basé sur Python distinct des autres familles de logiciels malveillants cloud, ciblant les serveurs Web, les services cloud et les plateformes SaaS comme AWS, Office365, PayPal, SendGrid et Twilio.Les caractéristiques clés incluent la récolte des informations d'identification pour les attaques de spam, les outils de détournement de compte AWS et les fonctions pour permettre des attaques contre PayPal et divers comptes SaaS.
FBOT possède plusieurs fonctionnalités qui ciblent les services de paiement ainsi que les configurations SaaS.La fonction Validator PayPal valide l'état du compte PayPal en contactant une URL codée en dur avec une adresse e-mail lue à partir d'une liste de saisies.L'e-mail est ajouté à la demande de la section Détails du client pour valider si une adresse e-mail est associée à un compte PayPal.
#### URL de référence (s)
1. https://www.sentinelone.com/labs/exploring-fbot-python-basked-malware-targeting-cloud-and-payment-services/
#### Date de publication
11 janvier 2024
#### Auteurs)
Alex Delamotte
#### Description FBot is a Python-based hacking tool distinct from other cloud malware families, targeting web servers, cloud services, and SaaS platforms like AWS, Office365, PayPal, Sendgrid, and Twilio. Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various SaaS accounts. FBot has several features that target payment services as well as SaaS configurations. The PayPal Validator feature validates PayPal account status by contacting a hardcoded URL with an email address read from an input list. The email is added to the request in the customer details section to validate whether an email address is associated with a PayPal account. #### Reference URL(s) 1. https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/ #### Publication Date January 11, 2024 #### Author(s) Alex Delamotte |
Malware Cloud Tool | ★★ | |
|
2024-01-12 19:23:00 | Les acteurs de l'État-nation ont armé Ivanti VPN Zero-Days, déploiement de 5 familles de logiciels malveillants Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families (lien direct) |
Jusqu'à cinq familles de logiciels malveillants différentes ont été déployées par des acteurs suspects de l'État-nation dans le cadre des activités post-exploitation en tirant parti de la mise à profit et de la NBSP; deux appareils VPN Ivanti Connect Secure (ICS) depuis début décembre 2023.
"Ces familles permettent aux acteurs de la menace de contourner l'authentification et de fournir un accès de porte dérobée à ces appareils", Mandiant & nbsp; dit & nbsp; dans un
As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN appliances since early December 2023. "These families allow the threat actors to circumvent authentication and provide backdoor access to these devices," Mandiant said in an |
Threat Malware Vulnerability | ★★★★ | |
 |
2024-01-12 19:01:37 | La livraison de logiciels malveillants de l'installateur MSIX sur plusieurs campagnes MSIX installer malware delivery on the rise across multiple campaigns (lien direct) |
Red Canary a détecté plusieurs adversaires distincts en tirant parti des installateurs de MSIX pour fournir une variété de charges utiles de logiciels malveillants ces derniers mois.
Red Canary has detected multiple distinct adversaries leveraging MSIX installers to deliver a variety of malware payloads in recent months. |
Malware | ★★★ | |
|
2024-01-12 13:36:13 | Les pirates peuvent détourner votre thermostat Bosch et installer des logiciels malveillants Hackers can hijack your Bosch Thermostat and Install Malware (lien direct) |
> Par waqas
Vulnérabilité du firmware trouvé dans le modèle de thermostat Bosch BCC100: patch maintenant ou gel.
Ceci est un article de HackRead.com Lire le post original: Les pirates peuvent détourner votre thermostat Bosch et installer des logiciels malveillants
>By Waqas Firmware Vulnerability Found in Bosch Thermostat Model BCC100: Patch Now or Freeze. This is a post from HackRead.com Read the original post: Hackers can hijack your Bosch Thermostat and Install Malware |
Malware Vulnerability | ★★★ | |
|
2024-01-12 13:26:00 | Les cryptomineurs ciblant Apache Hadoop mal conçu et Flink avec Rootkit dans de nouvelles attaques Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks (lien direct) |
Les chercheurs en cybersécurité ont identifié une nouvelle attaque qui exploite les erreurs de configuration dans Apache Hadoop et Flink pour déployer des mineurs de crypto-monnaie dans des environnements ciblés.
"Cette attaque est particulièrement intrigante en raison de l'utilisation de l'attaquant des packers et des rootkits pour cacher les logiciels malveillants", a déclaré les chercheurs en sécurité aqua Nitzan Yaakov et Assaf Morag & nbsp; dit & nbsp; dans une analyse publiée plus tôt
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker\'s use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier |
Malware | ★★★ | |
 |
2024-01-12 13:16:14 | Sentinellabs: Exploration de FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement SentinelLabs: Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Explorer FBOT & # 8211;Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement
La scène des outils de piratage cloud est très liée, avec de nombreux outils qui se fondent sur le code de l'autre.Cela est particulièrement vrai pour les familles de logiciels malveillants comme Alienfox, Greenbot, Legion et Predator, qui partagent le code à partir d'un module de crampons des informations d'identification appelée AndroxGH0st.
-
mise à jour malveillant
Exploring FBot – Python-Based Malware Targeting Cloud and Payment Services The cloud hack tool scene is highly intertwined, with many tools relying on one another\'s code. This is particularly true for malware families like AlienFox, Greenbot, Legion, and Predator, which share code from a credential-scraping module called Androxgh0st. - Malware Update |
Malware Hack Cloud Tool | ★★★ | |
|
2024-01-12 13:15:08 | Alors, allons-nous parler de la façon dont Github est une aubaine absolue pour les logiciels malveillants, ou non? So, are we going to talk about how GitHub is an absolute boon for malware, or nah? (lien direct) |
Microsoft dit qu'il fait de son mieux pour réprimer les crims La popularité de Github a rendu trop grand pour bloquer, ce qui est une aubaine pour les dissidents qui ont baigné les censeurs du gouvernement mais un problème pourSécurité Internet.…
Microsoft says it\'s doing its best to crack down on crims The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.… |
Malware | ★★★ | |
 |
2024-01-12 10:43:03 | Les logiciels malveillants utilisés dans les attaques Ivanti Zero-Day montrent des pirates se préparant pour le déploiement du patch Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout (lien direct) |
> Les vulnérabilités ivanti zéro-jour surnommées connexion pourraient avoir un impact sur des milliers de systèmes et les cyberspies chinoises se préparent à la libération de patchs.
>Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. |
Threat Malware Vulnerability | ★★★ | |
|
2024-01-12 10:30:18 | Ivanti Connect Secure Zero-Days exploité pour déployer des logiciels malveillants personnalisés Ivanti Connect Secure zero-days exploited to deploy custom malware (lien direct) |
Les pirates exploitent les deux vulnérabilités zéro jour dans Ivanti Connect Secure divulguées cette semaine depuis début décembre pour déployer plusieurs familles de logiciels malveillants personnalisés à des fins d'espionnage.[...]
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. [...] |
Threat Malware Vulnerability | ★★★ | |
|
2024-01-12 06:00:17 | Déterministe vs détection de menace probabiliste: quelle est la différence? Deterministic vs. Probabilistic Threat Detection: What\\'s the Difference? (lien direct) |
When you understand the difference between deterministic and probabilistic threat detection, you can better choose the right mix of processes and tools that will keep your data, systems and users most secure. Here is a spoiler, though: As you compare probabilistic and deterministic methods, you will likely conclude that both approaches are needed to some degree. That means you\'re on the right track. When you employ both, you can use the strengths of each approach while mitigating their respective weaknesses. In other words, these methods are different but complementary. To help you figure out when to use each method, we put together this overview. In each section, we start by defining terms, and then we delve into the pros and cons of using the approach to detect threats. What is probabilistic threat detection? Probabilistic threat detection involves the use of probability-based analytic methods to identify potential security threats or malicious activities within a system. This approach doesn\'t rely on fixed (deterministic) rules or signatures alone. Instead, it relies on the likelihood-or probability-that certain behaviors or patterns may indicate the presence of a security threat. Tools for probabilistic threat detection analyze various factors and assign weights to different indicators. That helps cybersecurity systems-and security teams-to prioritize and respond to potential threats based on their perceived risk. This approach to threat detection presents advantages as well as challenges. Here\'s a look at some of the pros and cons of using probabilistic and deterministic detections. Pros Let\'s start with the pros of probabilistic threat detection. Adaptability to new threats. Probabilistic threat detection can help you identify new and evolving threats that may not have definitive signatures. Machine learning and behavioral analysis can adapt to changing attack tactics. Slight pivots in attacker tools and techniques won\'t necessarily fake out these detection techniques. Reduced false positives to unknown threats. Probabilistic methods may result in fewer false negatives for threats that have not been seen before. That\'s because these methods don\'t require a perfect match to a known signature to send an alert. Probabilistic methods are inherently non-binary. Behavioral analysis. This is often part of probabilistic threat detection. It typically uses a baseline of normal system behavior. That, in turn, makes it easier to detect deviations that may indicate a security threat. Continuous learning. Machine learning models for probabilistic threat detection can continuously learn, incorporate feedback from security analysts, and adapt to changes in the threat landscape. That means their accuracy is not static and can improve over time. Cons Now, here is a rundown of some cons. False positives. Probabilistic methods will produce false positives. They rely on statistical models that might interpret unusual but benign behavior as a potential threat. That can lead to alerts on activities that aren\'t malicious. Taken to extremes this can waste security analysts\' time. But making the models less sensitive can lead to false negatives. That\'s why tuning is part of ongoing maintenance. Complexity and resource intensiveness. Implementing and maintaining probabilistic threat detection systems can be complex and demand a lot of resources. That is especially true when it comes to systems that use machine learning because they require a great deal of computing power and expertise to operate. Cost issues. Probabilistic methods and tools deal with uncertainty, which is a key design principle. So they may not be as cost effective as deterministic approaches for detecting well-known threats. Difficulty in interpreting results. It can be a challenge to understand the output of probabilistic models. You may have difficulty discerning why a particular activity is flagged as a potential threat, as the rationale is deep within the model. To interpret the results, you | Threat Malware Tool Vulnerability | ★★ | |
 |
2024-01-12 00:00:00 | CVE-2023-36025 Exploité pour l'évasion de la défense dans la campagne de voleurs de Phemedrone CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign (lien direct) |
Ce blog se plonge dans l'exploitation de la campagne Phemedrone Stealer \\ de CVE-2023-36025, la vulnérabilité de contournement SmartScreen de Windows Defender, pour son évasion de défense et enquête sur la charge utile du malware \\.
This blog delves into the Phemedrone Stealer campaign\'s exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware\'s payload. |
Malware Vulnerability | ★★★ | |
|
2024-01-11 17:44:52 | NOABOT BOTNET basé à Mirai ciblant les systèmes Linux avec Cryptominer Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer (lien direct) |
> Par deeba ahmed
Un autre jour, une autre menace de logiciels malveillants contre les systèmes Linux!
Ceci est un article de HackRead.com Lire le post original: mirai-Botnet noabot basé ciblant les systèmes Linux avec cryptominer
>By Deeba Ahmed Another day, another malware threat against Linux systems! This is a post from HackRead.com Read the original post: Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer |
Threat Malware | ★★★ | |
|
2024-01-11 17:10:00 | Atomic Stealer obtient une mise à niveau - ciblant les utilisateurs de Mac avec charge utile cryptée Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (lien direct) |
Les chercheurs en cybersécurité ont identifié une version mise à jour d'un voleur d'informations MacOS appelé & nbsp; atomic & nbsp; (ou amos), indiquant que les acteurs de la menace derrière les logiciels malveillants améliorent activement ses capacités.
"Il semble qu'Atomic Stealer a été mis à jour vers la mi-fin à la fin décembre 2023, où ses développeurs ont introduit le cryptage en charge utile dans le but de contourner les règles de détection", "
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules," |
Threat Malware | ★★ | |
 |
2024-01-11 13:55:59 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Les acteurs de la menace des armes FBOT avec un outil d'attaque multifonction conçu pour détourner le cloud, le SaaS et les services Web.
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services. |
Threat Malware Cloud Tool | ★★ | |
 |
2024-01-11 11:00:00 | Histoires du Soc: Blackcat sur le prouvoir Stories from the SOC: BlackCat on the prowl (lien direct) |
This blog was co-authored with Josue Gomez and Ofer Caspi.
Executive summary
BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries. This blog will cover a recent incident impacting one of the AT&T Managed Detection and Response (MDR) Security Operations Center SOC’s customers and discuss how in partnering with AT&T Alien Labs, the MDR SOC was able to detect and remediate the incident.
Building the investigation
On September 14th, 2023, the AT&T MDR SOC received multiple alarms indicating that lateral movement was occurring for one of our clients. The alarm detections were generated after activity in SentinelOne for multiple users attempting to perform network traversing through the clients’ environment.
Figure 1. Alarm Detection
The AT&T SOC immediately generated an investigation that included a call to the client to notify them of the activity as well as escalate the detection to the AT&T MDR Incident Response (IR) Team and the client\'s dedicated Threat Hunter. The IR team and Threat Hunter began the engagement by creating a timeline and searching through SentinelOne Deep Visibility tool. Within its events, they found a user was successfully logged into the client’s internal network on multiple endpoints using lsass.exe.. Additionally, multiple files were logged as being encrypted, which resulted in the team designating the incident a ransomware attack.
Figure 2. Lsass Activity in SentinelOne
During the review of the lsass.exe activity, a specific file was located with a suspicious process tree. A command line was recorded with the file execution that included an internal IP address and the user ADMIN$. The activity from the suspicious file prompted an immediate blocklist for the SHA 1 file hash to ensure that the file was unable to be executed within the client’s environment. Following the block of the file hash, multiple detections from SentinelOne populated, indicating that the file was successfully killed and quarantined and that the client’s devices were protected.
Figure 3. File execution command line
After initiating the blocklist, the Threat Hunter utilized the SentinelOne “file fetch” feature, which enabled them to download the malicious file and save a copy locally. The AT&T SOC then worked with the AT&T Alien Labs team to perform a deeper analysis of the file in order to more understand the true nature of the ransomware attack.
Technical analyses
As previously mentioned, BlackCat ransomware is developed in the Rust programming language, providing the attacker with the versatility to compile and run it on both Windows and Linux operating systems.The ransomware e |
Threat Ransomware Malware Tool | ★★★ | |
|
2024-01-11 09:29:43 | Classement Top Malware Check Point - décembre 2023 : Retour de Qbot et de FakeUpdates (lien direct) | Classement Top Malware Check Point - décembre 2023 : Retour de Qbot et de FakeUpdates. Les chercheurs notent un retour en force du malware Qbot, qui a été détecté dans des tentatives de phishing à l'encontre du secteur de l'hôtellerie et de la restauration. Quant au téléchargeur FakeUpdates, il s'est hissé à la première place. - Investigations | Malware | ★★ | |
|
2024-01-10 21:33:16 | Black Basta-Affiliated Water Curupira\'s Pikabot Spam Campaign (lien direct) | #### Description
L'ensemble d'intrusion Water Curupera, connu pour avoir utilisé le ransomware Black Basta, a utilisé Pikabot, un logiciel malveillant de chargeur similaire à Qakbot, dans des campagnes de spam tout au long de 2023.
Pikabot est un logiciel malveillant en plusieurs étapes avec un chargeur et un module de base dans le même fichier, ainsi qu'un code shellcopted décrypté qui décrypte un autre fichier DLL à partir de ses ressources.Le malware gagne un premier accès à la machine de sa victime via des e-mails de spam contenant une archive ou une pièce jointe PDF.Les e-mails utilisent des filetages, une technique où les acteurs malveillants utilisent des fils de messagerie existants et créent des e-mails qui semblent être censés faire partie du fil pour inciter les destinataires à croire qu'ils sont légitimes.
#### URL de référence (s)
1. https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html
#### Date de publication
10 janvier 2024
#### Auteurs)
Micro-recherche tendance
#### Description The Water Curupira intrusion set, known for using the Black Basta ransomware, has been using Pikabot, a loader malware similar to Qakbot, in spam campaigns throughout 2023. Pikabot is a multi-stage malware with a loader and core module within the same file, as well as a decrypted shellcode that decrypts another DLL file from its resources. The malware gains initial access to its victim\'s machine through spam emails containing an archive or a PDF attachment. The emails employ thread-hijacking, a technique where malicious actors use existing email threads and create emails that look like they were meant to be part of the thread to trick recipients into believing that they are legitimate. #### Reference URL(s) 1. https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html #### Publication Date January 10, 2024 #### Author(s) Trend Micro Research |
Ransomware Spam Malware | ★★★ | |
 |
2024-01-10 19:52:40 | Pikabot malware se propage par les campagnes de phishing Pikabot Malware Spreading Through Phishing Campaigns (lien direct) |
Threat Malware Prediction | ★★ | ||
 |
2024-01-10 16:29:00 | Pikabot Malware surface en remplacement de Qakbot pour les attaques Black Basta Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (lien direct) |
Un acteur de menace émergente, Water Curupera, exerce un nouveau chargeur sophistiqué dans une série de campagnes de phishing en filetage qui précèdent les ransomwares.
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware. |
Threat Ransomware Malware | ★★★ | |
 |
2024-01-10 16:12:40 | Les dispositifs Linux sont attaqués par un ver jamais vu auparavant Linux devices are under attack by a never-before-seen worm (lien direct) |
Basé sur les logiciels malveillants Mirai, l'auto-reproduction de NOABOT installe une application de cryptominage sur des appareils infectés.
Based on Mirai malware, self-replicating NoaBot installs cryptomining app on infected devices. |
Malware | ★★★ | |
|
2024-01-10 16:06:59 | December 2023\'s Most Wanted Malware: The Resurgence of Qbot and FakeUpdates (lien direct) | décembre 2023 \\ est le malware le plus recherché: la résurgence de QBot et FakeUpdates
Les chercheurs ont découvert un renouveau du malware QBOT, qui a été détecté dans les tentatives de phishing destinées à l'industrie hôtelière.Pendant ce temps, le téléchargeur FakeUpdates a sauté en première place
-
mise à jour malveillant
December 2023\'s Most Wanted Malware: The Resurgence of Qbot and FakeUpdates Researchers discovered a revival of the Qbot malware, which was detected in phishing attempts directed at the hospitality industry. Meanwhile, downloader FakeUpdates jumped into first place - Malware Update |
Malware | ★★★ | |
|
2024-01-10 16:01:00 | Decryptor gratuit publié pour les victimes de ransomwares de tortilla de Black Basta et Babuk \\ Free Decryptor Released for Black Basta and Babuk\\'s Tortilla Ransomware Victims (lien direct) |
Un décrypteur pour la variante Tortilla du ransomware Babuk a été & nbsp; libéré & nbsp; par Cisco Talos, permettant aux victimes ciblées par le malware de retrouver l'accès à leurs fichiers.
Le cabinet de cybersécurité a déclaré que les renseignements sur les menaces qu'il partageaient avec les autorités néerlandaises de l'application des lois avaient permis d'arrêter l'acteur de menace derrière les opérations.
La clé de chiffrement a également été partagée avec Avast,
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast, |
Threat Ransomware Malware | ★★ | |
|
2024-01-10 15:00:00 | \\ 'Encore un autre botnet basé à Mirai \\' propose un cryptominer illicite \\'Yet another Mirai-based botnet\\' is spreading an illicit cryptominer (lien direct) |
Une opération bien conçue utilise une version du fameux Mirai Malware pour distribuer secrètement le logiciel d'extraction de crypto-monnaie, ont annoncé mercredi des chercheurs.L'appelant Noabot, des chercheurs d'Akamai ont déclaré que la campagne était active depuis environ un an, et elle a diverses bizarreries qui compliquent l'analyse des logiciels malveillants et pointent vers des acteurs de menace hautement qualifiés.Le
A well-designed operation is using a version of the infamous Mirai malware to secretly distribute cryptocurrency mining software, researchers said Wednesday. Calling it NoaBot, researchers at Akamai said the campaign has been active for about a year, and it has various quirks that complicate analysis of the malware and point to highly-skilled threat actors. The |
Threat Malware | ★★★ | |
|
2024-01-10 15:00:00 | Les maîtrise des logiciels malveillants montrent des progrès, mais luttent contre la cybercriminalité non plus Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over (lien direct) |
Les opérations d'application de la loi sur les infrastructures cybercriminales se sont révélées efficaces pour entraver l'activité des logiciels malveillants, mais sont loin d'être une solution miracle, selon l'avenir enregistré
Law enforcement operations on cybercriminal infrastructure have proven efficient at hindering malware activity but are far from being a silver bullet, according to Recorded Future |
Malware | ★★ | |
|
2024-01-10 12:05:43 | L'ingénieur néerlandais a utilisé la pompe à eau pour obtenir un milliard de dollars malveillants Stuxnet dans une installation nucléaire iranienne: rapport Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report (lien direct) |
Un ingénieur recruté par les services de renseignement a utilisé une pompe à eau pour livrer Stuxnet, qui aurait coûté 1 à 2 milliards de dollars pour se développer.
An engineer recruited by intelligence services used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop. |
Malware | ★★★ | |
 |
2024-01-10 10:30:00 | Attaque des copies: comment les fausses applications de messagerie et les mods d'applications pourraient vous mordre Attack of the copycats: How fake messaging apps and app mods could bite you (lien direct) |
WhatsApp, Telegram et Signal Clones and Mods restent un véhicule populaire pour la distribution de logiciels malveillants.Ne soyez pas pris pour un tour.
WhatsApp, Telegram and Signal clones and mods remain a popular vehicle for malware distribution. Don\'t get taken for a ride. |
Malware | ★★★ | |
|
2024-01-09 21:31:00 | Alerte: les pirates de curupera d'eau distribuant activement les logiciels malveillants du chargeur de pikabot Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware (lien direct) |
Un acteur de menace appelé Water Curupera a été observé en distribuant activement le & nbsp; pikabot & nbsp; chargeur malware dans le cadre des campagnes de spam en 2023.
«Les opérateurs de Pikabot \\ ont mené des campagnes de phishing, ciblant les victimes via ses deux composants - un chargeur et un module de base - ce qui a permis un accès à distance non autorisé et a permis l'exécution de commandes arbitraires via une connexion établie avec
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot\'s operators ran phishing campaigns, targeting victims via its two components - a loader and a core module - which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with |
Threat Spam Malware | ★★ | |
|
2024-01-09 15:35:00 | Méfiez-vous des canaux YouTube armées répartissant le voleur de Lumma Beware Weaponized YouTube Channels Spreading Lumma Stealer (lien direct) |
Les vidéos faisant la promotion de la façon de faire fissurer les logiciels populaires de contourner les filtres Web en utilisant GitHub et MediaFire pour propager les logiciels malveillants.
Videos promoting how to crack popular software circumvent Web filters by using GitHub and MediaFire to propagate the malware. |
Malware | ★★ | |
|
2024-01-09 13:47:00 | Méfiez-vous!Les vidéos YouTube faisant la promotion du logiciel Cracked Distribuent Lummma Stealer Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer (lien direct) |
Les acteurs de la menace recourent à des vidéos YouTube avec du contenu lié à des logiciels fissurés afin d'atteindre les utilisateurs dans le téléchargement d'un malware d'information sur le voleur appelé Lumma.
«Ces vidéos YouTube présentent généralement du contenu lié aux applications fissurées, présentant les utilisateurs avec des guides d'installation similaires et incorporant des URL malveillantes souvent raccourcis à l'aide de services comme Tinyurl et Cuttly,
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly, |
Threat Malware | ★★★ | |
 |
2024-01-09 13:00:53 | Décembre 2023 \\'s Mostware le plus recherché: la résurgence de QBOT et FakeUpdates December 2023\\'s Most Wanted Malware: The Resurgence of Qbot and FakeUpdates (lien direct) |
> Les chercheurs ont découvert un renouveau du logiciel malveillant QBOT, qui a été détecté dans les tentatives de phishing destinées à l'industrie hôtelière.Pendant ce temps, le téléchargeur FakeUpdates a sauté à la première place de notre dernier indice mondial de menaces pour décembre 2023, les chercheurs ont vu la résurrection de QBOT, quatre mois après les États-Unis et les forces de l'ordre internationales démantelées son infrastructure dans l'opération Duck Hunt en août 2023. En attendant, le téléchargeur Javascript FakeUpdates a sauté dansLe premier lieu et l'éducation sont restés l'industrie la plus touchée dans le monde.Le mois dernier, le malware QBOT a été utilisé par les cybercriminels dans le cadre d'une attaque de phishing à échelle limitée des organisations de ciblage dans le secteur de l'hôtellerie.Dans la campagne, les chercheurs [& # 8230;]
>Researchers discovered a revival of the Qbot malware, which was detected in phishing attempts directed at the hospitality industry. Meanwhile, downloader FakeUpdates jumped into first place Our latest Global Threat Index for December 2023 saw researchers identify the resurrection of Qbot, four months after US and International law enforcement dismantled its infrastructure in Operation Duck Hunt in August 2023. Meanwhile, JavaScript downloader FakeUpdates jumped into first place and Education remained the most impacted industry worldwide. Last month, Qbot malware was employed by cybercriminals as part of a limited-scale phishing attack targeting organizations in the hospitality sector. In the campaign, researchers […] |
Threat Malware | ★★ | |
 |
2024-01-09 12:30:09 | Antivirus primé, en vente pour 25 $, offre une protection d'élite contre les logiciels malveillants Award Winning Antivirus, On Sale for $25, Offers Elite Protection from Malware (lien direct) |
ESET NOD32 Antivirus 2024 Edition offre une protection multicouche contre les logiciels malveillants et les pirates sans entraver les performances de votre PC Mac ou Windows.
ESET NOD32 Antivirus 2024 Edition provides multi-layered protection from malware and hackers without impeding the performance of your Mac or Windows PC. |
Malware | ★★ | |
 |
2024-01-09 12:03:11 | Malware Android voleur d'épingles PIN-Stealing Android Malware (lien direct) |
Il s'agit d'un ancien élément de malware & # 8212; le cheval de Troie bancaire Android caméléon & # 8212; qui désactive désormais l'authentification biométrique afin de voler la broche :
La deuxième nouvelle fonctionnalité notable est la possibilité d'interrompre les opérations biométriques sur l'appareil, comme les empreintes digitales et le déverrouillage du visage, en utilisant le service d'accessibilité pour forcer une reproche à la broche ou l'authentification du mot de passe.
Le malware capture toutes les épingles et les mots de passe entre que la victime entre pour déverrouiller leur appareil et peut les utiliser plus tard pour déverrouiller l'appareil à volonté pour effectuer des activités malveillantes cachées.
...
This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication. The malware captures any PINs and passwords the victim enters to unlock their device and can later use them to unlock the device at will to perform malicious activities hidden from view. ... |
Malware Mobile | ★★ | |
|
2024-01-09 11:57:12 | L'augmentation préoccupante des attaques centrées sur l'identité: tendances et faits The Concerning Rise in Identity-Centric Attacks: Trends and Facts (lien direct) |
Identity threats are by no means a new type of crime. But in today\'s increasingly digitized world, there are more opportunities for bad actors to steal identities and engage in identity-centric attacks than ever before. Unfortunately, user identities are tough for businesses to protect. The fact that these types of attacks are skyrocketing is evidence of that-in the past year alone the Identity Defined Security Alliance reports that a whopping 84% of companies experienced an identity-related security breach. In this post, we\'ll take a look at identity attack statistics and trends and provide some recent case studies to illustrate how some attacks work. We\'ll also highlight one of the most important identity threat facts-that the human element plays a crucial role in the success of these attacks. Understanding identity-centric attacks There are many types of identity attacks. When most people think of these types of crimes, they often imagine traditional identity theft scenarios: Financial identity theft, where a criminal gains access to a victim\'s financial data, like their credit card details, bank account numbers or Social Security number, to make unauthorized purchases, withdraw funds or open new accounts. Tax identity theft, where a bad actor uses a victim\'s personal information to file false tax returns and claim refunds, diverting the money to their own accounts. Employment identity theft, where a fraudster uses a victim\'s identity to get a job, potentially causing issues for that person when discrepancies arise in their employment and tax records. But identity-based attacks also target enterprises and their online users. The cybercriminals behind these attacks might aim to steal sensitive data, siphon off funds, damage or disrupt systems, deploy ransomware or worse. Those are the types of identity attacks we\'re covering here. Identity threat trends and tactics In short, identity-centric attacks are a practical calculation by bad actors: Why would they invest their time and resources to build exploits to help them get in through a virtual back door when they can just walk through the front door? But before they reap the rewards, they still have some legwork to do. Here are a few techniques that cybercriminals use to progress identity-based attacks against businesses and their users: MFA bypass attacks. Many businesses today use multifactor authentication (MFA) to protect the account of their users. It\'s more secure than using passwords alone. But of course, bad actors have found new ways to bypass commonly used MFA methods. MFA fatigue attacks are one example. People-activated malware. People often give life to malware when they fall for a phishing scam or other social engineering tactics. Malware can appear in the form of a .zip file, QR code, .html link, MS Office file and more-there are at least 60 known techniques to plant people-activated malware on corporate networks. Active Directory (AD) attacks. Most enterprises today use AD as a primary method for directory services like user authentication and authorization. Cybercriminals are keen to target AD, which touches almost every place, person and device on a network. This approach works very well, too-more than half of identity-related breaches can be traced back to AD. Cached credentials harvesting. Cached credentials are commonly stored on endpoints, in memory, in the registry, in a browser or on disk. Attackers use various tools and techniques to collect these credentials and gain access to more privileged identities. Once they have harvested these credentials, they can use them to move laterally and log into different applications. Adversaries are likely to find a good “crop” when they are harvesting cached credentials. Recent research from Proofpoint found that more than one in 10 endpoints have exposed privileged account passwords, making it one of the most common identity risks. Keep in mind that cybercriminals are always innovating, and they are quick to build or adopt tools that | Threat Ransomware Malware Studies Tool | Uber | ★★ |
 |
2024-01-09 07:51:10 | GPTS personnalisés: un cas d'analyse de logiciels malveillants et d'analyse du CIO Custom GPTs: A Case of Malware Analysis and IoC Analyzing (lien direct) |
Le 6 novembre 2023, CustomGpts, une nouvelle fonctionnalité qu'Openai a déclaré sur son blog, est devenu ...
On November 6, 2023, CustomGPTs, a new feature that OpenAI stated on its blog, became... |
Malware | ★★★ | |
|
2024-01-09 02:00:00 | États-Unis, Israël a utilisé l'espion néerlandais pour lancer des logiciels malveillants Stuxnet contre l'Iran US, Israel Used Dutch Spy to Launch Stuxnet Malware Against Iran (lien direct) |
Le rapport indique que nous et Israël ont dépensé 1 milliard de dollars pour développer le tristement célèbre virus Stuxnet, conçu pour saboter le programme nucléaire de l'Iran \\ en 2008.
Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran\'s nuclear program in 2008. |
Malware | ★★★★★ | |
|
2024-01-09 00:00:00 | Campagne de spam Pikabot de Water Water Black Basta. Black Basta-Affiliated Water Curupira\\'s Pikabot Spam Campaign (lien direct) |
Pikabot est un chargeur avec des similitudes avec Qakbot qui a été utilisé dans les campagnes de spam pendant la majeure partie de 2023. Notre entrée de blog fournit une analyse technique de ce malware.
Pikabot is a loader with similarities to Qakbot that was used in spam campaigns during most of 2023. Our blog entry provides a technical analysis of this malware. |
Spam Malware Technical | ★★ | |
|
2024-01-08 21:44:27 | Un joueur devenu développeur de logiciels malveillants: plongée en silverrat A Gamer Turned Malware Developer: Diving Into SilverRAT (lien direct) |
#### Description
Le Silver Rat V1.0 est un cheval de Troie (RAT) à accès à distance basé sur Windows qui a été observé pour la première fois en novembre 2023. Les développeurs de Silver Rat fonctionnent sur plusieurs forums de pirate et plateformes de médias sociaux, présentant une présence active et sophistiquée.
Le rat a des capacités de contourner les anti-virus et de lancer secrètement des applications cachées, des navigateurs, des keyloggers et d'autres activités malveillantes.Lors de la génération d'une charge utile à l'aide du constructeur de Silver Rat \\, les acteurs de la menace peuvent sélectionner diverses options avec une taille de charge utile jusqu'à un maximum de 50 Ko.Une fois connecté, la victime apparaît sur le panneau Silver Rat contrôlé par l'attaquant, qui affiche les journaux de la victime en fonction des fonctionnalités choisies.L'acteur de menace peut masquer les processus sous faux titres, et la charge utile finale peut être générée dans un fichier exécutable Windows, livré par diverses méthodes d'ingénierie sociale.
#### URL de référence (s)
1. https://www.cyfirma.com/outofband/a-gamer-turned-malware-developer-diving-into-silverrat-and-its-tyrian-roots/
#### Date de publication
8 janvier 2024
#### Auteurs)
Cyfirma
#### Description The Silver RAT v1.0 is a Windows-based Remote Access Trojan (RAT) that was first observed in November 2023. The developers of Silver RAT operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence. The RAT has capabilities to bypass anti-viruses and covertly launch hidden applications, browsers, keyloggers, and other malicious activities. While generating a payload using Silver RAT\'s builder, threat actors can select various options with a payload size up to a maximum of 50kb. Once connected, the victim appears on the attacker controlled Silver RAT panel, which displays the logs from the victim based on the functionalities chosen. The threat actor can hide processes under false headings, and the final payload can be generated in a Windows executable file, delivered through various social engineering methods. #### Reference URL(s) 1. https://www.cyfirma.com/outofband/a-gamer-turned-malware-developer-diving-into-silverrat-and-its-syrian-roots/ #### Publication Date January 8, 2024 #### Author(s) Cyfirma |
Threat Malware | ★★★ | |
|
2024-01-08 19:11:00 | MALWORIE D'ELTYERS TROUVÉ DANS L'ANALYSE DES ATTAQUES LINSÉES IRANS contre les institutions albanais Wiper malware found in analysis of Iran-linked attacks on Albanian institutions (lien direct) |
Au cours de la vague d'attaques contre des organisations albanaises plus tôt en décembre, des pirates liés à l'Iran ont utilisé des logiciels malveillants d'essuie-glace que les chercheurs appellent le non-justice.Le attaques , attribuée à l'acteur de menace iranien Homeland Justice , a ciblé le Parlement albanais, deux sociétés de télécommunications locales (One Albanie et Eagle Mobile) et le drapeau de l'Albanie \\ SCarrier aérien (Air Albanie).Les pirates ont prétendu
During the wave of attacks on Albanian organizations earlier in December, Iran-linked hackers used wiper malware that researchers are calling No-Justice. The attacks, attributed to the Iranian threat actor Homeland Justice, targeted the Albanian parliament, two local telecom companies (ONE Albania and Eagle Mobile), and Albania\'s flag air carrier (Air Albania). The hackers claimed to |
Threat Malware | ★★★ |
To see everything:
Our RSS (filtrered)
