What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-12-12 09:32:48 | Cisco révèle l'opération forger Cisco reveals Operation Blacksmith as Lazarus targets organizations with new Telegram-based malware in DLang (lien direct) |
Cisco Talos a découvert une nouvelle campagne menée par le groupe Lazare qu'il a nommé le forgeron de l'opération, \\ 'employant ...
Cisco Talos discovered a new campaign conducted by the Lazarus Group that it has codenamed \'Operation Blacksmith,\' employing... |
Malware | APT 38 | ★★★ |
 |
2023-12-12 05:00:00 | Mémoire de sécurité: TA4557 cible les recruteurs directement par e-mail Security Brief: TA4557 Targets Recruiters Directly via Email (lien direct) |
What happened Since at least October 2023, TA4557 began using a new technique of targeting recruiters with direct emails that ultimately lead to malware delivery. The initial emails are benign and express interest in an open role. If the target replies, the attack chain commences. Previously, throughout most of 2022 and 2023, TA4557 typically applied to existing open job listings purporting to be a job applicant. The actor included malicious URLs, or files containing malicious URLs, in the application. Notably, the URLs were not hyperlinked and the user would have to copy and paste the URL text to visit the website. The legitimate job hosting sites would then generate and send email notifications to the prospective employers who posted the positions. In recently observed campaigns, TA4557 used both the new method of emailing recruiters directly as well as the older technique of applying to jobs posted on public job boards to commence the attack chain. Specifically in the attack chain that uses the new direct email technique, once the recipient replies to the initial email, the actor was observed responding with a URL linking to an actor-controlled website posing as a candidate resume. Alternatively, the actor was observed replying with a PDF or Word attachment containing instructions to visit the fake resume website. Example initial outreach email by TA4557 to inquire about a job posting. Example follow up email containing a URL linking to a fake resume website. Very notably, in campaigns observed in early November 2023, Proofpoint observed TA4557 direct the recipient to “refer to the domain name of my email address to access my portfolio” in the initial email instead of sending the resume website URL directly in a follow up response. This is likely a further attempt to evade automated detection of suspicious domains. Email purporting to be from a candidate directing the recipient to visit the domain in an email address. If the potential victims visit the “personal website” as directed by the threat actor, the page mimics a candidate\'s resume or job site for the candidate (TA4557) applying for a posted role. The website uses filtering to determine whether to direct the user to the next stage of the attack chain. Example of a fake candidate website operated by TA4557 that leads to download of a zip attachment. If the potential victim does not pass the filtering checks, they are directed to a page containing a resume in plain text. Alternatively, if they pass the filtering checks, they are directed to the candidate website. The candidate website uses a CAPTCHA which, if completed, will initiate the download of a zip file containing a shortcut file (LNK). The LNK, if executed, abuses legitimate software functions in "ie4uinit.exe" to download and execute a scriptlet from a location stored in the "ie4uinit.inf" file. This technique is commonly referred to as "Living Off The Land" (LOTL). The scriptlet decrypts and drops a DLL in the %APPDATA%\Microsoft folder. Next, it attempts to create a new regsrv32 process to execute the DLL using Windows Management Instrumentation (WMI) and, if that fails, tries an alternative approach using the ActiveX Object Run method. The DLL employs anti-sandbox and anti-analysis techniques. It incorporates a loop specifically designed to retrieve the RC4 key necessary for deciphering the More_Eggs backdoor. This loop is strategically crafted to extend its execution time, enhancing its evasion capabilities within a sandbox environment. Furthermore, the DLL employs multiple checks to determine if it is currently being debugged, utilizing the NtQueryInformationProcess function. The DLL drops the More_Eggs backdoor along with the MSXSL executable. Subsequently, it initiates the creation of the MSXSL process using the WMI service. Once completed, the DLL deletes itself. More_Eggs can be used to establish persistence, profile the machine, and drop additional payloads. Attribution Proofpoint has been tracking TA4557 since 2018 as a | Malware Tool Threat | ★★★ | |
 |
2023-12-12 01:48:38 | L'abus croissant des codes QR dans les logiciels malveillants et les escroqueries de paiement invite l'avertissement de FTC The growing abuse of QR codes in malware and payment scams prompts FTC warning (lien direct) |
La commodité des codes QR est une épée à double tranchant.Suivez ces conseils pour rester en sécurité.
The convenience of QR codes is a double-edged sword. Follow these tips to stay safe. |
Malware | ★★★ | |
 |
2023-12-11 20:30:00 | Pirates nord-coréens utilisant la vulnérabilité log4j dans la campagne mondiale North Korean hackers using Log4J vulnerability in global campaign (lien direct) |
Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des
Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the |
Malware Vulnerability | APT 38 | ★★ |
 |
2023-12-11 19:29:00 | Les chercheurs démasquent le lien caché de Sandman Apt \\ avec la porte de la porte de la Chine à la Chine Researchers Unmask Sandman APT\\'s Hidden Link to China-Based KEYPLUG Backdoor (lien direct) |
Des chevauchements tactiques et des ciblage ont été découverts entre la menace persistante avancée énigmatique (APT) appelée & nbsp; Sandman & nbsp; et un groupe de menaces basé sur la Chine qui est connu pour utiliser une porte dérobée connue sous le nom de clés.
L'évaluation provient conjointement de Sentinélone, PwC et de l'équipe Microsoft Threat Intelligence Bases sur le fait que le malware Luadream et KeyPlug de l'adversaire ont été basés sur Lua
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that\'s known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary\'s Lua-based malware LuaDream and KEYPLUG have been |
Malware Threat | ★★★ | |
 |
2023-12-11 18:08:15 | Langues de mémoire de mémoire si chaudes en ce moment, accepte le groupe Lazarus alors qu'il frappe les logiciels malveillants dlang Memory-safe languages so hot right now, agrees Lazarus Group as it slings DLang malware (lien direct) |
Le dernier cyber-groupe offensif pour passer à la programmation atypique pour les charges utiles La recherche sur les attaques de Lazarus Group \\ à l'aide de Log4Shell a révélé de nouvelles souches de logiciels malveillants écrits dans un langage de programmation atypique.… | Malware | APT 38 | ★★ |
 |
2023-12-11 16:53:06 | Entité électrique ukrainienne ciblée d'électrum à l'aide d'outils personnalisés et de logiciels malveillants CaddyWiper, octobre 2022 ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022 (lien direct) |
> Le 9 novembre 2023, Mandiant a publié de nouveaux détails des enquêtes médico-légales à la suite d'une attaque perturbatrice contre l'Ukraine Electric Sondat qui ...
Le post Electrum Electric Ukrainian Electric à l'aide d'outils personnalisés et de malware de caddywiper, octobre octobre, octobre2022 est apparu pour la première fois sur dragos .
>On November 9, 2023, Mandiant released new details from forensic investigations following a disruptive attack against Ukraine electric substation which... The post ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022 first appeared on Dragos. |
Malware Tool Industrial | ★★★ | |
 |
2023-12-11 16:25:32 | Les pirates de Lazarus déposent de nouveaux logiciels malveillants de rat en utilisant un bug Log4J de 2 ans Lazarus hackers drop new RAT malware using 2-year-old Log4j bug (lien direct) |
Le célèbre groupe de piratage nord-coréen connu sous le nom de Lazarus continue d'exploiter le CVE-2021-44228, alias "Log4Shell", cette fois pour déployer trois familles de logiciels malveillants invisibles écrites à Dlang.[...]
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [...] |
Malware Threat | APT 38 | ★★ |
 |
2023-12-11 16:15:00 | Le groupe Lazarus est toujours à la main Log4Shell, en utilisant des rats écrits en \\ 'd \\' Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in \\'D\\' (lien direct) |
La tristement célèbre vulnérabilité peut être de l'ancien côté à ce stade, mais Primo apt Lazarus de la Corée du Nord crée de nouveaux logiciels malveillants uniques autour de lui à un clip remarquable.
The infamous vulnerability may be on the older side at this point, but North Korea\'s primo APT Lazarus is creating new, unique malware around it at a remarkable clip. |
Malware Vulnerability | APT 38 | ★★ |
|
2023-12-11 16:00:00 | Microsoft: groupe mystère ciblant les opérateurs de télécommunications liés aux Apts chinois Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs (lien direct) |
L'analyse montre des preuves que le groupe Sandman précédemment inconnu partage des logiciels malveillants de porte dérobée avec divers groupes d'APT chinois.
Analysis shows evidence the previously unknown Sandman group shares backdoor malware with various Chinese APT groups. |
Malware | ★★★ | |
 |
2023-12-11 14:19:01 | Des pirates nord-coréens développant des logiciels malveillants dans le langage de programmation DLANG North Korean Hackers Developing Malware in Dlang Programming Language (lien direct) |
> Les pirates nord-coréens ont utilisé des logiciels malveillants basés sur DLANG dans les attaques contre les organisations de fabrication, d'agriculture et de sécurité physique.
>North Korean hackers have used Dlang-based malware in attacks against manufacturing, agriculture, and physical security organizations. |
Malware | ★★★ | |
|
2023-12-11 12:50:49 | Le géant du stockage à froid Americold révèle la violation des données après l'attaque de logiciels malveillants d'avril Cold storage giant Americold discloses data breach after April malware attack (lien direct) |
Le géant du stockage et de la logistique à froid, Americold a confirmé que plus de 129 000 employés et leurs personnes à charge se sont fait voler leurs informations personnelles lors d'une attaque en avril, affirmé plus tard par Cactus Ransomware.[...]
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware. [...] |
Ransomware Data Breach Malware | ★★ | |
 |
2023-12-11 07:35:53 | Distribution des e-mails de phishing sous couvert de fuite de données personnelles (Konni) Distribution of Phishing Email Under the Guise of Personal Data Leak (Konni) (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a récemment identifié la distribution d'un fichier exe malveillant déguisé en matière liée au matériel lié au matérielÀ une fuite de données personnelles, ciblant les utilisateurs individuels.Le comportement final de ce logiciel malveillant n'a pas pu être observé car le C2 a été fermé, mais le malware est une porte dérobée qui reçoit des commandes obscurcies de l'acteur de menace et les exécute au format XML.Lorsque le fichier EXE malveillant est exécuté, les fichiers de la section .data sont créés dans le% ProgramData% ...
AhnLab Security Emergency response Center (ASEC) recently identified the distribution of a malicious exe file disguised as material related to a personal data leak, targeting individual users. The final behavior of this malware could not be observed because the C2 was closed, but the malware is a backdoor that receives obfuscated commands from the threat actor and executes them in xml format. When the malicious exe file is executed, the files in the .data section are created into the %Programdata%... |
Malware Threat | ★★★ | |
|
2023-12-10 18:17:45 | Fausse réservation d'hôtel, l'escroquerie de phishing utilise des liens PDF pour répandre le voleur Mranon Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer (lien direct) |
> Par waqas
a reçu un e-mail sur une réservation d'hôtel que vous n'avez pas réservé?C'est probablement une tentative de phishing qui fournit le malware du voleur de Mranon.
Ceci est un article de HackRead.com Lire le post original: Fake Hotel Reservation Scamhing Scam utilise des liens PDF pour diffuser le voleur Mranon
>By Waqas Received an email about a hotel reservation you didn\'t book? It\'s likely a phishing attempt delivering the MrAnon Stealer malware. This is a post from HackRead.com Read the original post: Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer |
Malware | ★★ | |
|
2023-12-09 12:46:00 | Les chercheurs déverrouillent les dernières techniques anti-analyse de Guloader. Researchers Unveal GuLoader Malware\\'s Latest Anti-Analysis Techniques (lien direct) |
Les chasseurs de menaces ont démasqué les dernières astuces adoptées par une souche malveillante appelée & nbsp; Guloder & nbsp; dans le but de rendre l'analyse plus difficile.
"Alors que la fonctionnalité principale de Guloader \\ n'a pas changé radicalement au cours des dernières années, ces mises à jour constantes dans leurs techniques d'obscurcissement font de l'analyse de Guloder un processus long et à forte intensité de ressources", Elastic Security Labs
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader\'s core functionality hasn\'t changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs |
Malware Threat Technical | ★★★★ | |
 |
2023-12-08 21:21:52 | 40 nouveaux domaines du vétéran Magecart ATMZow trouvé dans Google Tag Manager 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager (lien direct) |
#### Description
Une analyse approfondie de la façon dont Magecart Group Atmzow exploite Google Tag Manager pour diffuser des logiciels malveillants de commerce électronique.Découvrez leurs dernières tactiques, évolution, techniques d'obscurcissement et étapes pour protéger les sites contre les infections Magecart et de commerce électronique.
L'écumoire d'Amzow est lié à des infections généralisées sur le site Web de Magento depuis 2015 et est toujours active.Le malware continue d'évoluer et la dernière variation utilise une complexité supplémentaire pour masquer tous les domaines et les conditions d'activation.Le code malveillant sélectionne au hasard deux des domaines "CDN. *" Dans une liste de 40 domaines nouvellement enregistrés utilisés pour injecter une autre couche de l'écumoire.Ces domaines sont cachés derrière un pare-feu Cloudflare pour échapper à la détection.L'écumateur d'Amzow continue de cibler spécifiquement les sites Magento, et tout script qui n'a pas été initialement placé sur une page par un webmaster devrait soupçonner des soupçons et être considéré comme un signe de compromis potentiel.
#### URL de référence (s)
1. https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-found-in-google-tag-manager.html
#### Date de publication
7 décembre 2023
#### Auteurs)
Denis Sinegubko
#### Description An in-depth analysis of how Magecart Group ATMZOW exploits Google Tag Manager to spread ecommerce malware. Learn about their latest tactics, evolution, obfuscation techniques, and steps to protect sites against Magecart and ecommerce infections. The ATMZOW skimmer has been linked to widespread Magento website infections since 2015 and is still active. The malware keeps evolving, and the latest variation uses extra complexity to hide all the domains and activation conditions. The malicious code randomly selects two of the "cdn.*" domains from a list of 40 newly registered domains used to inject another layer of the skimmer. These domains are hidden behind a CloudFlare firewall to evade detection. The ATMZOW skimmer continues to specifically target Magento sites, and any script that was not initially placed on a page by a webmaster should raise suspicions and be considered a sign of potential compromise. #### Reference URL(s) 1. https://blog.sucuri.net/2023/12/40-new-domains-of-magecart-veteran-atmzow-found-in-google-tag-manager.html #### Publication Date December 7, 2023 #### Author(s) Denis Sinegubko |
Malware | ★★ | |
|
2023-12-08 15:22:00 | Les utilisateurs de Mac se méfient: la nouvelle propagation de logiciels malveillants Trojan-Proxy via un logiciel piraté Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software (lien direct) |
Des sites Web non autorisés distribuant des versions trojanisées de logiciel Cracked ont été trouvés pour infecter les utilisateurs d'Apple MacOS avec un nouveau & nbsp; trojan-proxy & nbsp; malware.
"Les attaquants peuvent utiliser ce type de logiciels malveillants pour gagner de l'argent en construisant un réseau de serveurs proxy ou pour effectuer des actes criminels au nom de la victime: pour lancer des attaques sur des sites Web, des entreprises et des particuliers, acheter des armes à feu, des drogues et d'autres illicites
Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit |
Malware | ★★★ | |
|
2023-12-08 13:09:01 | Un logiciel macOS fissu Cracked macOS Software Laced with New Trojan Proxy Malware (lien direct) |
> Par deeba ahmed
Arrêtez d'installer un logiciel piraté et fissuré pour garantir la protection de vos appareils contre le Troie proxy et d'autres nouvelles menaces de logiciels malveillants.
Ceci est un article de HackRead.com Lire la publication originale: Le logiciel macOS fissuré emprunté avec un nouveau logiciel malveillant proxy de Troie
>By Deeba Ahmed Stop installing pirated and cracked software to ensure the protection of your devices against Proxy Trojan and other new malware threats. This is a post from HackRead.com Read the original post: Cracked macOS Software Laced with New Trojan Proxy Malware |
Malware | ★★ | |
|
2023-12-08 06:00:37 | Protéger les identités: comment ITDR complète EDR et XDR pour garder les entreprises plus en sécurité Protecting identities: How ITDR Complements EDR and XDR to Keep Companies Safer (lien direct) |
Defenders who want to proactively protect their company\'s identities have no shortage of security tools to choose from. There are so many, in fact, that it seems like a new category of tool is invented every few months just to help keep them all straight. Because most security teams are finding it increasingly difficult to stop attackers as they use identity vulnerabilities to escalate privilege and move laterally across their organization\'s IT environment, some of today\'s newest tools focus on this middle part of the attack chain. Endpoint detection and response (EDR) and extended detection and response (XDR) are two tools that claim to cover this specialized area of defense. But unfortunately, because of their fundamental architecture and core capabilities, that\'s not really what they do best. That\'s why a new category of tool-identity threat detection and response (ITDR)-is emerging to fill the gaps. In this blog post, we\'ll explain the difference between EDR, XDR and ITDR so that you can understand how these tools complement and reinforce each other. They each have strengths, and when they\'re combined they provide even better security coverage. But first, let\'s rewind the cybersecurity evolution timeline back to the 1980s to understand why ITDR has emerged as a critical defense measure in today\'s threat landscape. The rise of antivirus software and firewalls We\'re starting in the 1980s because that\'s the decade that saw the advent of computer networks and the proliferation of personal computers. It also saw the rapid rise of new threats due to adversaries taking advantage of both trends. There were notable computer threats prior to this decade, of course. The “Creeper” self-replicating program in 1971 and the ANIMAL Trojan in 1975 are two examples. But the pace of development picked up considerably during the 1980s as personal computing and computer networking spread, and bad actors and other mischief-makers sought to profit from or simply break into (or break) devices and systems. In 1987, the aptly named Bernd Robert Fix, a German computer security expert, developed a software program to stop a virus known as Vienna. This virus destroyed random files on the computers it infected. Fix\'s program worked-and the antivirus software industry was born. However, while early antivirus tools were useful, they could only detect and remove known viruses from infected systems. The introduction of firewalls to monitor and control network traffic is another security advancement from the decade. Early “network layer” firewalls were designed to judge “packets” (small chunks of data) based on simple information like the source, destination and connection type. If the packets passed muster, they were sent to the system requesting the data; if not, they were discarded. The internet explosion-and the escalation of cybercrime The late 1990s and early 2000s witnessed the explosive growth of the internet as a key business platform, kicking off an era of tremendous change. It brought new opportunities but also many new security risks and threats. Cybercrime expanded and became a more formalized and global industry during this time. Bad actors focused on developing malware and other threats. Email with malicious attachments and crafty social engineering strategies quickly became favorite tools for adversaries looking to distribute their innovations and employ unsuspecting users in helping to activate their criminal campaigns. As cyberthreats became more sophisticated, defenders evolved traditional detective security tools to feature: Signature-based detection to identify known malware Heuristic analysis to detect previously difficult to detect threats based on suspicious behavioral patterns All of these methods were effective to a degree. But once again, they could not keep in step with cybercriminal innovation and tended to generate a lot of false positives and false negatives. Enter the SIEM Around 2005, security information and event management (SIEM) tools emerged to enhance | Ransomware Malware Tool Vulnerability Threat Studies Cloud | ★★★ | |
|
2023-12-08 05:05:57 | Kimsuky Group utilise AutOIT pour créer des logiciels malveillants (RFTRAT, AMADEY) Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey) (lien direct) |
Présentation de l'accès….2.1.Attaque de phishing de lance….2.2.LNK Malwareremote Control MALWWare….3.1.Xrat (chargeur)….3.2.Amadey….3.3.Derniers cas d'attaque …… ..3.3.1.Autoit Amadey …… .. 3.3.2.Rftratpost-infection….4.1.Keylogger….4.2.Infostaler….4.3.Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Cases ofLes attaques contre des pays autres que la Corée du Sud ont ...
OverviewInitial Access…. 2.1. Spear Phishing Attack…. 2.2. LNK MalwareRemote Control Malware…. 3.1. XRat (Loader)…. 3.2. Amadey…. 3.3. Latest Attack Cases…….. 3.3.1. AutoIt Amadey…….. 3.3.2. RftRATPost-infection…. 4.1. Keylogger…. 4.2. Infostealer…. 4.3. Other TypesConclusion 1. Overview The Kimsuky threat group, deemed to be supported by North Korea, has been active since 2013. At first, they attacked North Korea-related research institutes in South Korea before attacking a South Korean energy corporation in 2014. Cases of attacks against countries other than South Korea have... |
Malware Threat | ★★ | |
|
2023-12-07 18:53:00 | \\ 'Headcrab \\' Les variantes de logiciels malveillants réquisitionnent des milliers de serveurs \\'HeadCrab\\' Malware Variants Commandeer Thousands of Servers (lien direct) |
De nouvelles techniques dans une deuxième variante des logiciels malveillants améliorés fonctionnalités et commandes de communication.
New techniques in a second variant of the malware improved functionality and communication commands. |
Malware | ★★★ | |
|
2023-12-07 17:43:00 | Krasue Rat utilise le rootkit linux du serme pour attaquer les télécommunications Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms (lien direct) |
Un logiciel malveillant furtif infecte les systèmes de télécommunications et d'autres secteurs verticaux en Thaïlande, restant sous le radar pendant deux ans après que son code est apparu pour la première fois sur Virustotal.
A stealthy malware is infecting the systems of telecoms and other verticals in Thailand, remaining under the radar for two years after its code first appeared on VirusTotal. |
Malware | ★★★ | |
|
2023-12-07 11:45:00 | Nouveau furtif \\ 'Krasue \\' Linux Trojan ciblant les entreprises de télécommunications en Thaïlande New Stealthy \\'Krasue\\' Linux Trojan Targeting Telecom Firms in Thailand (lien direct) |
Un cheval de Troie à distance à distance auparavant inconnu appelé Krasue a été observé ciblant les sociétés de télécommunications en Thaïlande par des acteurs de menace de l'accès secret principal aux réseaux de victimes au bail depuis 2021.
Nommé d'après A & NBSP; Esprit féminin nocturne & NBSP; du folklore d'Asie du Sud-Est, le malware est "capable de cacher sa propre présence pendant la phase d'initialisation", groupe-ib & nbsp; dit & nbsp; dans un rapport
A previously unknown Linux remote access trojan called Krasue has been observed targeting telecom companies in Thailand by threat actors to main covert access to victim networks at lease since 2021. Named after a nocturnal female spirit of Southeast Asian folklore, the malware is "able to conceal its own presence during the initialization phase," Group-IB said in a report |
Malware Threat | ★★ | |
|
2023-12-07 01:00:00 | Les logiciels malveillants de Krasue Rat se cachent sur des serveurs Linux à l'aide de rootkits embarqués Krasue RAT malware hides on Linux servers using embedded rootkits (lien direct) |
Les chercheurs en sécurité ont découvert un cheval de Troie à l'accès à distance qu'ils ont nommé Krasue qui cible les systèmes Linux des sociétés de télécommunications et a réussi à rester non détecté depuis 2021. [...]
Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. [...] |
Malware | ★★ | |
 |
2023-12-06 17:20:11 | Lorsqu'un botnet pleure: détecter les chaînes d'infection par botnet When a Botnet Cries: Detecting Botnet Infection Chains (lien direct) |
> Les chaînes d'infection utilisées par les logiciels malveillants de marchandises évoluent constamment et utilisent diverses astuces pour contourner les mesures de sécurité et / ou la sensibilisation des utilisateurs.Bumblebee, Qnapworm, IceDID et QAKBOT sont tous souvent utilisés comme code malveillant de première étape, permettant à d'autres charges utiles plus spécifiques d'être supprimées.Le document suivant a été soumis et présenté par Erwan Chevalier et Guillaume Couchard (menace [& # 8230;]
la publication Suivante Lorsqu'un botnet crie: détecter les chaînes d'infection par botnet est un article de blog Sekoia.io .
>Infection chains used by commodity malware are constantly evolving and use various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID and Qakbot are all often used as first-stage malicious code, allowing other more specific payloads to be dropped. The following paper was submitted and presented by Erwan Chevalier and Guillaume Couchard (Threat […] La publication suivante When a Botnet Cries: Detecting Botnet Infection Chains est un article de Sekoia.io Blog. |
Malware | ★★★ | |
 |
2023-12-06 14:36:06 | Rapport Cisco Talos: Nouvelles tendances des ransomwares, attaques d'infrastructure réseau, logiciels malveillants de chargeur de marchandises Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware (lien direct) |
Sur la base de l'analyse des chercheurs en sécurité du paysage de la cybernaste de 2023, nous mettons en évidence les risques nouveaux ou accrus.
Based on the security researchers\' analysis of the 2023 cyberthreat landscape, we highlight new or heightened risks. |
Ransomware Malware | ★★★ | |
|
2023-12-06 11:00:00 | 5 étapes critiques pour préparer les logiciels malveillants alimentés par l'IA dans votre écosystème d'actifs connectés 5 Critical Steps to Prepare for AI-Powered Malware in Your Connected Asset Ecosystem (lien direct) |
> Les attaques alimentées par l'IA deviendront progressivement plus courantes, et une approche de sécurité bien équilibrée implique plus que de simplement gérer efficacement les incidents.
>AI-powered attacks will become progressively more common, and a well-rounded security approach involves more than simply managing incidents effectively. |
Malware | ★★★ | |
 |
2023-12-06 11:00:00 | Les 29 meilleures pratiques de sécurité des données pour votre entreprise Top 29 data security best practices for your enterprise (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In this digital era, as data is produced and gathered more than ever before, the importance of data security has surged. Given the widespread use of social media, e-commerce, and other online services, individuals are sharing their personal details with numerous entities. In this blog, we\'ll explore the key concepts of data security and highlight the best practices across various sectors. Many of these safeguarding measures are also mandated by data security legislation and standards. Without any further ado, let\'s start discussing data security, its importance, benefits and steps to make your data more secure. What is data security? Data security refers to the practice of protecting digital data from unauthorized access, corruption, theft, or loss. It encompasses a wide range of techniques, tools, and measures that ensure data is safe from various threats. Data security is crucial for individuals, businesses, and governments, as it ensures the confidentiality, integrity, and availability of data. Benefits of data security Following are the key benefits of data security. Protect your data - Ensuring your information is safe from both inside and outside threats offers peace of mind. This means you can focus more on advancing your business plans and less on potential data breaches. Boost your credibility - Companies aiming for lasting collaborations often scrutinize the reputation of their prospective partners. Demonstrating solid data protection practices can also build trust with your clientele. Meet data security standards - Adopting stringent security protocols ensures you adhere to data protection standards, helping you steer clear of hefty non-compliance penalties. Minimize legal costs - Proactively securing data is far more cost-effective than addressing the aftermath of a breach. Investing in data security now can save significant expenses related to potential incidents later. Ensure operational consistency - Strong data security measures pave the way for smooth business operations, decreasing the chances of interruptions that could impact profitability. Top 29 data security best practices for your organization Data discovery: Begin by identifying the types and sensitivity of the data your organization holds. This helps determine which data is critical and which must adhere to specific security regulations. By doing this, you\'ll have a clear understanding of how to prioritize your data protection. Limit sensitive data access: All employees don\'t require access to all information. Broad access increases the risk of internal breaches and data theft. Embrace the principle of least privilege (PoLP): Minimize risks by ensuring new accounts start with minimal data access, which can be expanded based on roles, needs, and seniority. This way, sensitive data is less exposed, even if a cyber attacker breaches an account. Data encryption: With a surge in cyber threats, it\'s essential to shield personal data. Encrypting data transforms readable information into coded text, challenging unauthorized users. Equip with anti-malware: To guard against data breaches from malware, equip your devices with reliable anti-malware software. Regular vulnerability checks: Since data resides on computers, it\'s continuously exposed to potential threats. Keep data safe by routinely assessing and updating your software, mitigating risks of breaches. E | Malware Tool Vulnerability Legislation Cloud | ★★★ | |
|
2023-12-06 00:16:37 | Asyncrat distribué via le script WSF AsyncRAT Distributed via WSF Script (lien direct) |
L'équipe d'analyse du centre d'intervention d'urgence (ASEC) AHNLAB (ASEC) a précédemment publié sur l'asyncrat distribué via des fichiers avec leextension .chm.[1] Il a été récemment découvert que ce type de logiciel malveillant asyncrat est maintenant distribué au format de script WSF.Le fichier WSF s'est avéré être distribué dans un format de fichier compressé (.zip) via les URL contenues dans les e-mails.[Télécharger les URL] 1.https: //*****************.com.br/pay5baea1wp7.zip2.https: //**********.za.com/order_ed333c91f0fd.zip3.https: //*************.com/pay37846wp.zip4.https: //*****.****.co/ebills37890913.zip décompressant le premier fichier zip téléchargé donne un fichier avec une extension de fichier .wsf.Ce fichier se compose principalement de ...
The AhnLab Security Emergency response Center (ASEC) analysis team previously posted about AsyncRAT being distributed via files with the .chm extension. [1] It was recently discovered that this type of AsyncRAT malware is now being distributed in WSF script format. The WSF file was found to be distributed in a compressed file (.zip) format through URLs contained within emails. [Download URLs]1. https://*****************.com.br/Pay5baea1WP7.zip2. https://************.za.com/Order_ed333c91f0fd.zip3. https://*************.com/PAY37846wp.zip4. https://*****.****.co/eBills37890913.zip Decompressing the first downloaded zip file yields a file with a .wsf file extension. This file mostly consists of... |
Malware | ★★★ | |
 |
2023-12-06 00:00:00 | Le rapport du Threat Lab de WatchGuard révèle une augmentation du nombre d\'acteurs malveillants exploitant les logiciels d\'accès à distance (lien direct) | PARIS – 6 décembre 2023 – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, publie les conclusions de son dernier rapport sur la sécurité Internet, détaillant les principales tendances en matière de malwares et de menaces pour la sécurité des réseaux et des endpoints, analysées par les chercheurs du Threat Lab de WatchGuard. Les principales conclusions tirées des données révèlent une augmentation des cas d'utilisation abusive des logiciels d'accès à distance, la montée en puissance des cyberattaquants qui utilisent des voleurs de mots de passe et de données pour s'emparer d'informations d'identification précieuses, et le recours par les acteurs malveillants non plus à des scripts, mais à des techniques de type " living off the land " pour lancer une attaque sur les endpoints. " Les acteurs malveillants emploient sans cesse de nouveaux outils et méthodes pour mener leurs campagnes d'attaque. Il est donc essentiel que les entreprises se tiennent au courant des dernières tactiques afin de renforcer leur stratégie de sécurité ", souligne Corey Nachreiner, Chief Security Officer chez WatchGuard. " Les plateformes de sécurité modernes, qui intègrent des pare-feux et des logiciels de protection des endpoints, peuvent renforcer la protection des réseaux et des appareils. En revanche, lorsque les attaques font appel à des tactiques d'ingénierie sociale, l'utilisateur final représente la dernière ligne de défense pour empêcher les acteurs malveillants de s'infiltrer dans les entreprises. Il est important que celles-ci dispensent une formation sur l'ingénierie sociale et adoptent une approche de sécurité unifiée mettant en place des couches de défense pouvant être administrées efficacement par des fournisseurs de services managés. " Parmi les principales conclusions, le dernier rapport sur la sécurité Internet basé sur des données du troisième trimestre 2023 révèle les éléments suivants : Les acteurs malveillants utilisent de plus en plus d'outils et de logiciels de gestion à distance pour contourner la détection des malwares, ce que le FBI et la CISA ont tous deux reconnu. En étudiant les principaux domaines du phishing, le Threat Lab a par exemple observé une escroquerie à l'assistance technique qui conduisait la victime à télécharger une version préconfigurée et non autorisée de TeamViewer, ce qui permettait au pirate d'accéder à distance à l'intégralité de son ordinateur. Une variante du ransomware Medusa fait son apparition au troisième trimestre, entraînant une augmentation de 89 % du nombre d'attaques de ransomwares sur les endpoints. De prime abord, les détections de ransomwares sur les endpoints semblent avoir diminué au cours du troisième trimestre. Pourtant, la variante du ransomware Medusa, qui figure pour la première fois dans le Top 10 des menaces liées aux malwares, a été détectée à l'aide d'une signature générique provenant du moteur de signatures automatisé du Threat Lab. Si l'on tient compte des détections de Medusa, les attaques par ransomware ont augmenté de 89 % d'un trimestre par rapport à l'autre. Les acteurs malveillants cessent d'utiliser des attaques basées sur des scripts et recourent de plus en plus à d'autres techniques de type " living off the land ". Le vecteur d'attaque que constituent les scripts malveillants a connu une baisse de 11 % au troisième trimestre, après avoir chut&eacut | Ransomware Malware Tool Threat | ★★ | |
|
2023-12-05 20:00:00 | Microsoft met en garde contre les acteurs du ransomware de cactus utilisant la malvertising pour infecter les victimes Microsoft warns of Cactus ransomware actors using malvertising to infect victims (lien direct) |
Les pirates utilisent des logiciels malveillants distribués via des publicités en ligne pour infecter les victimes de ransomwares de cactus, selon de nouvelles recherches.Dans un avertissement publié vendredi, des chercheurs de Microsoft ont déclaré que l'acteur de ransomware derrière la campagne - que Microsoft appelle Storm-0216, mais d'autres appellent Twisted Spider et UNC2198 - avait «reçu des transferts de Qakbot
Hackers are using malware distributed through online advertisements to infect victims with Cactus ransomware, according to new research. In a warning published on Friday, researchers at Microsoft said that the ransomware actor behind the campaign - which Microsoft calls Storm-0216 but others refer to as Twisted Spider and UNC2198 - had “received handoffs from Qakbot |
Ransomware Malware | ★★★ | |
|
2023-12-05 16:10:45 | Le faux mode de verrouillage expose les utilisateurs iOS aux attaques de logiciels malveillants Fake Lockdown Mode Exposes iOS Users to Malware Attacks (lien direct) |
> Par waqas
Flaw de sécurité iOS: le faux mode de verrouillage peut être utilisé pour tromper les utilisateurs, les laissant exposés.
Ceci est un article de HackRead.com Lire la publication originale: Le faux mode de verrouillage expose les utilisateurs iOS aux attaques de logiciels malveillants
>By Waqas iOS Security Flaw: Fake Lockdown Mode Can Be Used to Trick Users, Leaving Them Exposed. This is a post from HackRead.com Read the original post: Fake Lockdown Mode Exposes iOS Users to Malware Attacks |
Malware Mobile | ★★★ | |
 |
2023-12-05 10:00:34 | Bluenoroff: Nouveaux utilisateurs de MacOS attaquants BlueNoroff: new Trojan attacking macOS users (lien direct) |
Bluenoroff a attaqué les utilisateurs de MacOS avec un nouveau chargeur qui fournit des logiciels malveillants inconnus au système.
BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. |
Malware | ★★★ | |
|
2023-12-05 09:27:23 | Spyloan Android Malware sur Google Play a téléchargé 12 millions de fois SpyLoan Android malware on Google Play downloaded 12 million times (lien direct) |
Plus d'une douzaine d'applications de prêts malveillants, qui sont génériques nommées Spyloan, ont été téléchargées plus de 12 millions de fois cette année à partir de Google Play, mais le décompte est beaucoup plus important car ils sont également disponibles dans des magasins tiers et des sites Web suspects.[...]
More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. [...] |
Malware Mobile | ★★ | |
|
2023-12-05 06:30:06 | Le gouvernement britannique nie la réclamation de hack de plante Nuke China / Russia UK government denies China/Russia nuke plant hack claim (lien direct) |
Le rapport suggère que Sellafield compromis depuis 2015, la réponse semble ignorante inquiétante de Stuxnet Le gouvernement du Royaume-Uni a émis un déni fortement formulé d'un rapport selon lequel le complexe nucléaire de Sellafield a été compromis par des logiciels malveillants pendant des années.…
Report suggests Sellafield compromised since 2015, response seems worryingly ignorant of Stuxnet The government of the United Kingdom has issued a strongly worded denial of a report that the Sellafield nuclear complex has been compromised by malware for years.… |
Malware Hack | ★★★ | |
|
2023-12-05 05:00:40 | TA422 \\ Soule d'exploitation dédiée - la même semaine après semaine TA422\\'s Dedicated Exploitation Loop-the Same Week After Week (lien direct) |
Key takeaways Since March 2023, Proofpoint researchers have observed regular TA422 (APT28) phishing activity, in which the threat actor leveraged patched vulnerabilities to send, at times, high-volume campaigns to targets in Europe and North America. TA422 used the vulnerabilities as initial access against government, aerospace, education, finance, manufacturing, and technology sector targets likely to either disclose user credentials or initiate follow-on activity. The vulnerabilities included CVE-2023-23397-a Microsoft Outlook elevation of privilege flaw that allows a threat actor to exploit TNEF files and initiate NTLM negotiation, obtaining a hash of a target\'s NTLM password-and CVE-2023-38831-a WinRAR remote code execution flaw that allows execution of “arbitrary code when a user attempts to view a benign file within a ZIP archive,” according to the NIST disclosure. Overview Starting in March 2023, Proofpoint researchers have observed the Russian advanced persistent threat (APT) TA422 readily use patched vulnerabilities to target a variety of organizations in Europe and North America. TA422 overlaps with the aliases APT28, Forest Blizzard, Pawn Storm, Fancy Bear, and BlueDelta, and is attributed by the United States Intelligence Community to the Russian General Staff Main Intelligence Directorate (GRU). While TA422 conducted traditional targeted activity during this period, leveraging Mockbin and InfinityFree for URL redirection, Proofpoint observed a significant deviation from expected volumes of emails sent in campaigns exploiting CVE-2023-23397-a Microsoft Outlook elevation of privilege vulnerability. This included over 10,000 emails sent from the adversary, from a single email provider, to defense, aerospace, technology, government, and manufacturing entities, and, occasionally, included smaller volumes at higher education, construction, and consulting entities. Proofpoint researchers also identified TA422 campaigns leveraging a WinRAR remote execution vulnerability, CVE-2023-38831. Bar chart showing the breakdown of TA422 phishing activity from March 2023 to November 2023. Please attend: CVE-2023-23397-test meeting In late March 2023, TA422 started to launch high volume campaigns exploiting CVE-2023-23397 targeting higher education, government, manufacturing, and aerospace technology entities in Europe and North America. TA422 previously used an exploit for CVE-2023-23397 to target Ukrainian entities as early as April 2022, according to open-source reporting by CERT-EU. In the Proofpoint-identified campaigns, our researchers initially observed small numbers of emails attempting to exploit this vulnerability. The first surge in activity caught our attention partly due to all the emails pointing to the same listener server, but mostly due to the volume. This campaign was very large compared to typical state-aligned espionage campaign activity Proofpoint tracks. Proofpoint observed over 10,000 repeated attempts to exploit the Microsoft Outlook vulnerability, targeting the same accounts daily during the late summer of 2023. It is unclear if this was operator error or an informed effort to collect target credentials. TA422 re-targeted many of the higher education and manufacturing users previously targeted in March 2023. It is unclear why TA422 re-targeted these entities with the same exploit. Based upon the available campaign data, Proofpoint suspects that these entities are priority targets and as a result, the threat actor attempted broad, lower effort campaigns regularly to try and gain access. Like the high-volume TA422 campaign Proofpoint researchers identified in March 2023, the late summer 2023 messages contained an appointment attachment, using the Transport Neutral Encapsulation Format (TNEF) file. The TNEF file used a fake file extension to masquerade as a CSV, Excel file, or Word document, and contained an UNC path directing traffic to an SMB listener being hosted on a likely compromised Ubiquiti router. TA422 has previously used compromised routers to host the gr | Malware Vulnerability Threat | APT 28 | ★★★ |
|
2023-12-04 16:10:20 | Version plus furtive des logiciels malveillants P2Pinfect cible les appareils MIPS Stealthier version of P2Pinfect malware targets MIPS devices (lien direct) |
Les dernières variantes du botnet p2pinfect se concentrent désormais sur l'infection des périphériques avec des processeurs MIP 32 bits (microprocesseur sans étapes pipelinés entrelacées), tels que les routeurs et les appareils IoT.[...]
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices. [...] |
Malware | ★★★ | |
|
2023-12-04 13:55:49 | Le russe plaide coupable de rôle dans le développement du malware Trickbot Russian Pleads Guilty to Role in Developing TrickBot Malware (lien direct) |
> Le National Russe Vladimir Dunaev a plaidé coupable à la participation au développement et à l'utilisation du malware Trickbot qui a causé des dizaines de millions de dollars en pertes.
>Russian national Vladimir Dunaev pleaded guilty to involvement in the development and use of the TrickBot malware that caused tens of millions of dollars in losses. |
Malware | ★★ | |
|
2023-12-04 12:23:00 | Logofail: les vulnérabilités UEFI exposent des appareils aux attaques de logiciels malveillants furtifs LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks (lien direct) |
Le code d'interface de firmware extensible unifié (UEFI) de divers fournisseurs de micrologiciels / bios indépendants (IBV) s'est révélé vulnérable aux attaques potentielles par des défauts à fort impact dans les bibliothèques d'analyse d'image intégrées dans le firmware.
Les lacunes, collectivement étiquetées & nbsp; Logofail & nbsp; par binarly, «peuvent être utilisées par les acteurs de la menace pour livrer une charge utile malveillante et contourner le coffre sécurisé, Intel
The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel |
Malware Vulnerability Threat | ★★★ | |
|
2023-12-04 11:00:17 | Kaspersky Security Bulletin 2023. Statistiques Kaspersky Security Bulletin 2023. Statistics (lien direct) |
Statistiques clés pour 2023: ransomware, banquiers de Troie, mineurs et autres logiciels malveillants financiers, vulnérabilités et exploits zéro jour, attaques Web, menaces pour MacOS et IoT.
Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. |
Ransomware Malware Vulnerability Threat Studies | ★★ | |
|
2023-12-04 11:00:00 | Comment les outils de collaboration d'équipe et la cybersécurité peuvent protéger les effectifs hybrides How team collaboration tools and Cybersecurity can safeguard hybrid workforces (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Hybrid operations are becoming an increasingly prevalent part of the business landscape. Certainly, this offers some fantastic opportunities for companies to reduce overhead costs and gain access to international talent. Yet, there are some distinct challenges hybrid workforces face, too. Key among these is the potential for cybersecurity issues to arise. When you have some employees working from the office and others operating remotely, a range of vulnerabilities may arise — not to mention that there may be hurdles to staff interacting effectively. So, let’s take a look at how team collaboration tools and cybersecurity measures can safeguard your hybrid workforce. Identifying and addressing relevant threats There are few businesses today that aren’t vulnerable to some form of cyber threat. However, the risks tend to depend on the specific business model. As a result, it’s important to first gain an understanding of the prevalent risks related to hybrid workplaces. This enables you to more effectively collaborate and develop safeguards. For hybrid businesses, a range of network security threats have the potential to disrupt operations and cause data breaches. These include: Malware. These malicious software or firmware programs usually enter a network when a person unintentionally downloads them after clicking a link or attachment. Depending on the type of malware, this can give hackers remote access to networks or capture data about network activity, alongside infecting other devices on the network. It’s important to ensure hybrid staff have malware detection software on both business and personal devices that they use to connect to company networks. In addition, you must give them training on how to avoid triggering malware downloads. Phishing. Social engineering attacks, like phishing, can be a challenging issue. These tactics are designed to skirt your security software by getting information or network access directly from your human workers. This may involve criminals posing as legitimate businesses or official entities and directing workers to cloned websites where they’ll be requested to enter sensitive information. You can mitigate this type of issue by monitoring network traffic to spot unusual activity, as well as educating staff on the details of these methods. Even if criminals gain passwords by these methods, setting up multi-factor authentication can limit how useful they are to hackers. That said, alongside the common threats, it’s important to get to know and address the issues with your specific hybrid business. Talk to your staff about their day-to-day working practices and the potential points of vulnerability. Discuss remote workers’ home network setups to establish whether there are end-to-end safeguards in place to prevent unauthorized access to networks. You can then collaborate on arranging additional equipment or protocols — such as access to an encrypted virtual private network (VPN) — that protect both the business and workers’ home equipment. Utilizing collaborative tools Effective collaboration is essential for all hybrid businesses. This isn’t just a matter of maintaining productivity. When employees have the right tools in place to wo | Malware Tool Vulnerability Threat Cloud | ★★ | |
|
2023-12-03 10:12:06 | Un nouveau logiciel malveillant proxy cible les utilisateurs de Mac via un logiciel piraté New proxy malware targets Mac users through pirated software (lien direct) |
Les cybercriminels ciblent les utilisateurs de Mac avec un nouveau logiciel malveillant de Troie proxy avec un logiciel MacOS populaire et protégé par le droit d'auteur offert sur les sites Warez.[...]
Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites. [...] |
Malware | ★★ | |
 |
2023-12-03 05:21:16 | Détecté: vente présumée de CC Sniffer Detected: Alleged sale of CC Sniffer (lien direct) |
Catégorie: Contenu malveillant: la menace acteur prétend avoir un renifleur CC multifonctionnel et également fournir un accès complet au panel et aux statistiques.Source: OpenWeb Source Link: https://forum.exploit.in/topic/234382/ ACTOR DE MONACE: MARSHALL VICTIVINE UNDEFINE
Category: Malware Content: Threat actor claims to have a multifunctional CC sniffer and also provide full access to the panel and statistics. Source: openweb Source Link: https://forum.exploit.in/topic/234382/ Threat Actor: Marshall Victimology undefined : undefined undefined : undefined undefined : undefined |
Malware Threat | ★ | |
|
2023-12-02 13:59:00 | Agent Racoon Backdoor cible les organisations au Moyen-Orient, en Afrique et aux États-Unis Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S. (lien direct) |
Les organisations au Moyen-Orient, en Afrique et aux États-Unis ont été ciblées par un acteur de menace inconnu pour distribuer une nouvelle porte dérobée appelée & nbsp; agent Raconon.
"Cette famille de logiciels malveillants est écrite à l'aide du .NET Framework et exploite le protocole de service de noms de domaine (DNS) pour créer un canal secret et fournir différentes fonctionnalités de porte dérobée", Palo Alto Networks Unit 42 Researcher Chema Garcia & Nbsp;
Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. "This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities," Palo Alto Networks Unit 42 researcher Chema Garcia |
Malware Threat | ★★★ | |
|
2023-12-02 13:22:00 | Hacker russe Vladimir Dunaev condamné pour avoir créé un malware Trickbot Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware (lien direct) |
Un ressortissant russe a été reconnu coupable dans le cadre de son rôle dans le développement et le déploiement d'un logiciel malveillant connu sous le nom de Trickbot, a annoncé le ministère américain de la Justice (DOJ).
Vladimir Dunaev, 40 ans, a été & nbsp; arrêté & nbsp; en Corée du Sud en septembre 2021 et extradé aux États-Unis un mois plus tard.
"Dunaev a développé des modifications du navigateur et des outils malveillants qui ont aidé à la récolte et aux données des informations d'identification
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice (DoJ) announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev developed browser modifications and malicious tools that aided in credential harvesting and data |
Malware Tool | ★★★ | |
|
2023-12-01 21:32:00 | Des pirates nord-coréens attaquant des macos en utilisant des documents armées North Korean Hackers Attacking macOS Using Weaponized Documents (lien direct) |
#### Description
En 2023, les acteurs de la menace nord-coréenne ont intensifié leur concentration sur MacOS par le biais de deux campagnes majeures nommées Rustbucket et Kandykorn.
RustBucket a utilisé \\ 'swiftloader, \' se faire passer pour une visionneuse PDF, pour déployer un malware de deuxième étape écrit de la rouille.Pendant ce temps, la campagne de Kandykorn a utilisé des scripts Python ciblant les ingénieurs de la blockchain, livrant un rat de porte dérobée C ++ appelé \\ 'Kandykorn \' en détournant l'application Discord sur les hôtes.L'attaque en cinq étapes contre les utilisateurs de discorde impliquait l'ingénierie sociale pour les inciter à télécharger une application Python malveillante déguisée en bot d'arbitrage crypto, distribué sous le nom de \\ 'ponts multiplateaux.zip. \' l'application, contenant des scripts de python apparemment inoffensifs, a progressé à travers des étapes impliquant l'exécution de Findertools, Sugarloader, Hloader et, finalement, exécuter Kandykorn.
La campagne Rustbucket a présenté des techniques évolutives, en utilisant une application basée sur Swift nommée SecurePDF Viewer.App, signée par "BBQ Bazaar Private Limited".Une autre variante, Crypto-Assets App.zip, signée par "Northwest Tech-Con Systems Ltd", a indiqué une infrastructure partagée, des objectifs et des tactiques avec Kandykorn Rat, soulignant la sophistication des campagnes malveillantes du macos nord-coréen.
#### URL de référence (s)
1. https://gbhackers.com/korean-macos-weaponized-ocuments/
#### Date de publication
30 novembre 2023
#### Auteurs)
Tushar Subhra Dutta
#### Description In 2023, North Korean threat actors intensified their focus on macOS through two major campaigns named RustBucket and KandyKorn. RustBucket utilized \'SwiftLoader,\' masquerading as a PDF Viewer, to deploy a Rust-written second-stage malware. Meanwhile, the KandyKorn campaign employed Python scripts targeting blockchain engineers, delivering a C++ backdoor RAT called \'KandyKorn\' by hijacking the Discord app on hosts. The five-stage attack on Discord users involved social engineering to trick them into downloading a malicious Python app disguised as a crypto arbitrage bot, distributed as \'Cross-Platform Bridges.zip.\' The app, containing seemingly harmless Python scripts, progressed through stages involving the execution of FinderTools, SUGARLOADER, HLOADER, and ultimately running KANDYKORN. he RustBucket campaign showcased evolving techniques, using a Swift-based app named SecurePDF Viewer.app, signed by "BBQ BAZAAR PRIVATE LIMITED." Another variant, Crypto-assets app.zip, signed by "Northwest Tech-Con Systems Ltd," indicated shared infrastructure, objectives, and tactics with KandyKorn RAT, underscoring the sophistication of North Korean macOS malware campaigns. #### Reference URL(s) 1. https://gbhackers.com/korean-macos-weaponized-documents/ #### Publication Date November 30, 2023 #### Author(s) Tushar Subhra Dutta |
Malware Threat | ★★ | |
|
2023-12-01 18:10:00 | Nouveau Fjordphantom Android Malware cible les applications bancaires en Asie du Sud-Est New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia (lien direct) |
Les chercheurs en cybersécurité ont révélé un nouveau logiciel malveillant Android sophistiqué appelé & nbsp; fjordphantom & nbsp; qui a été observé ciblant les utilisateurs dans des pays d'Asie du Sud-Est comme l'Indonésie, la Thaïlande et le Vietnam depuis début septembre 2023.
"Spreading principalement via des services de messagerie, il combine des logiciels malveillants basés sur des applications avec l'ingénierie sociale pour frauder les clients bancaires", application mobile basée à Oslo
Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app |
Malware Mobile | ★★ | |
|
2023-12-01 18:00:00 | Le promoteur russe de Trickbot Malware plaide coupable, risque de 35 ans de peine Russian developer of Trickbot malware pleads guilty, faces 35-year sentence (lien direct) |
Un ressortissant russe a plaidé coupable à la cour fédérale de Cleveland jeudi à des accusations liées à son implication dans le développement et le déploiement du logiciel malveillant connu sous le nom de TrickBot.Il est confronté à une pénalité maximale de 35 ans, les U.S.Le ministère de la Justice a dit .Selon des documents judiciaires, Vladimir Dunaev, 40 ans, était membre d'un cybercrimiral
A Russian national pleaded guilty in federal court in Cleveland on Thursday to charges related to his involvement in developing and deploying the malicious software known as Trickbot. He faces a maximum penalty of 35 years, the U.S. Department of Justice said. According to court documents, Vladimir Dunaev, 40, was a member of a cybercriminal |
Malware | ★★ | |
|
2023-12-01 16:51:23 | Trickbot Malware Dev plaide coupable, risque 35 ans de prison TrickBot malware dev pleads guilty, faces 35 years in prison (lien direct) |
Jeudi, un ressortissant russe a plaidé coupable à des accusations liées à son implication dans le développement et le déploiement du malware Trickbot, qui a été utilisé dans les attaques contre les hôpitaux, les entreprises et les particuliers aux États-Unis et dans le monde.[...]
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide. [...] |
Malware Legislation | ★★★ | |
|
2023-12-01 16:20:00 | Aftermath de Qakbot Takedown: atténuations et protection contre les menaces futures Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats (lien direct) |
Le département américain de la Justice (DOJ) et le FBI ont récemment collaboré dans une opération multinationale pour démanteler le malware et le botnet de Qakbot notoires.Alors que l'opération a réussi à perturber cette menace de longue date, des préoccupations se sont produites car il semble que Qakbot puisse encore poser un danger sous une forme réduite.Cet article traite des conséquences du retrait, fournit une atténuation
The U.S. Department of Justice (DOJ) and the FBI recently collaborated in a multinational operation to dismantle the notorious Qakbot malware and botnet. While the operation was successful in disrupting this long-running threat, concerns have arisen as it appears that Qakbot may still pose a danger in a reduced form. This article discusses the aftermath of the takedown, provides mitigation |
Malware Threat | ★★★ |
To see everything:
Our RSS (filtrered)
