What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-02 18:12:55 | Évolution distinctive de la campagne du malware Pikabot Distinctive Campaign Evolution of Pikabot Malware (lien direct) |
> 
Rendu par Anuradha et Preksha Introduction Pikabot est une porte dérobée malveillante qui est active depuis le début de 2023. Son modulaire ...
> 
Authored by Anuradha and Preksha Introduction PikaBot is a malicious backdoor that has been active since early 2023. Its modular...
|
Malware | ★★ | |
 |
2024-04-02 17:59:42 | Le nouvel outil Unapimon de Winnti \\ masque les logiciels malveillants à partir du logiciel de sécurité Winnti\\'s new UNAPIMON tool hides malware from security software (lien direct) |
Le groupe de piratage chinois \\ 'winnti \' a été trouvé en utilisant un logiciel malveillant précédemment sans papiers appelé Unapimon pour laisser les processus malicous s'exécuter sans être détectés.[...]
The Chinese \'Winnti\' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. [...] |
Malware Tool | ★★ | |
 |
2024-04-02 16:30:00 | Des pirates liés à la Chine déploient de nouveaux \\ 'Unapimon \\' malware pour les opérations furtives China-linked Hackers Deploy New \\'UNAPIMON\\' Malware for Stealthy Operations (lien direct) |
Un cluster d'activités de menace suivi comme & nbsp; Earth Freybug & nbsp; a été observé en utilisant un nouveau malware appelé Unapimon pour voler sous le radar.
"Earth Freybug est un groupe de cyber-startere qui est actif depuis au moins 2012 qui se concentre sur l'espionnage et les activités financièrement motivées", le chercheur à la sécurité des micro-micro Christopher SO & NBSP; Said & NBSP; dans un rapport publié aujourd'hui.
"Il a été observé
A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the radar. "Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities," Trend Micro security researcher Christopher So said in a report published today. "It has been observed to |
Threat Malware Prediction | ★★ | |
 |
2024-04-02 13:00:04 | Agent Tesla Targeting United States & Australia: Revealing the Attackers\' Identities (lien direct) |  Souleveillance La recherche sur le point de contrôle (RCR) a découvert trois campagnes malveillantes récentes de l'un des logiciels malveillants les plus répandus du marché & # 8211;Agent Tesla.These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating fromvictimes des entreprises, le groupe maintient un grand nombre de serveurs, qui sont utilisés pour la protection de leur identité malgré les efforts des acteurs de la menace pour maintenir leur anonymat, [& # 8230;]
 Highlights Check Point Research (CPR) uncovered three recent malicious campaigns of one of the most prevalent malware in the market – Agent Tesla. These operations were aimed against US and Australian organizations and exploited the topics of goods purchasing and order delivery as their lures Upon investigation, we discovered that these threat actors had a database of 62,000 emails, including individuals and organizations from different spheres Apart from campaigns originating from victims of companies, the group maintains a large number of servers, which are used for protection of their identity Despite the efforts of threat actors to keep their anonymity, […]
|
Threat Malware | ★★ | |
|
2024-04-02 11:37:08 | La Russie charge les suspects derrière le vol de 160 000 cartes de crédit Russia charges suspects behind theft of 160,000 credit cards (lien direct) |
Le bureau du procureur général de la Russie \\ a annoncé l'acte d'accusation de six membres présumés de "groupe de piratage" pour avoir utilisé des logiciels malveillants pour voler des informations de crédit et de paiement des magasins en ligne étrangers.[...]
Russia\'s Prosecutor General\'s Office has announced the indictment of six suspected "hacking group" members for using malware to steal credit card and payment information from foreign online stores. [...] |
Malware | ★★ | |
 |
2024-04-02 09:34:09 | ProofPoint en tête de KuppingerCole Leadership Compass pour la sécurité des e-mails Proofpoint Tops KuppingerCole Leadership Compass for Email Security (lien direct) |
Email is the primary threat vector for cybersecurity threats. And these days, many malware, phishing and social engineering schemes target your people. The 2023 Verizon Data Breach Investigations Report notes that 74% of all data breaches include a human element. Threats are constantly evolving, too. It doesn\'t matter how sophisticated or complex your business is, it is a daunting task to protect your people from modern threats. At Proofpoint, we understand how critical it is for any business to protect its people from today\'s email threats. That\'s why we innovate every day. Recently, the industry has once again recognized our efforts to help our customers protect their people and their businesses. This time, our email security was recognized by major industry analyst firm KuppingerCole. Here is what they said about Proofpoint Threat Protection-and what makes it stand out from the competition. Proofpoint named an Overall Leader KuppingerCole just named Proofpoint an Overall Leader in the KuppingerCole Leadership Compass for Email Security Report, 2023. This is the third time in the past year that our email security has been named a leader by a major industry analyst firm. This recognition “triple crown” is the direct result of our commitment to helping businesses protect their people from modern email threats and change user behavior for the better. It keeps us innovating year after year. In the report from KuppingerCole, Proofpoint Threat Protection received the highest “strong positive” rating in all categories, including: Security Functionality Deployment Interoperability Usability With its ratings, KuppingerCole positioned Proofpoint as a leader in all evaluation categories, including product, technology, innovation and market. KuppingerCole named Proofpoint a leader in the product, technology, innovation and market categories. What makes Proofpoint stand out Here is a closer look at how we can help you protect your people from advanced email threats. Stop the widest variety of threats with accuracy Proofpoint uses a multilayered detection stack to identify a wide array of email threats with accuracy. Because we have a broad set of detection technology, we can apply the right technique to the right threat. For example, we have robust sandbox technology to detect URL-based threats, like quick response codes (QR Codes) and behavioral analysis for business email compromise (BEC) and telephone-oriented attack delivery (TOAD) threats. Our machine learning (ML) and artificial intelligence (AI) models are trained by our experts using one of the richest sets of data in the industry. This ensures we provide superior accuracy. Every year, we analyze more than 3 trillion messages across our 230,000+ customer, global ecosystem. Our modular detection stack enables agility and speed to adapt to changes in the threat landscape. It allows us to quickly deploy new models to address new threats like BEC, TOAD and QR Codes. And it enables us to tune our existing detection models more frequently. Prevent email threats before they reach your people\'s inboxes Predelivery detection from Proofpoint stops known and emerging threats at the front door of your business-not after they are delivered. Proofpoint threat intelligence and research found that nearly 1 in 7 malicious URL clicks happen within one minute of an email\'s arrival. That\'s why predelivery protection is so critical. If a threat ends up in your users\' inboxes, it increases your risk of a cyberattack or data breach. We analyze all messages, links and attachments with our robust detection stack before they can reach an inbox. This analysis, combined with our predelivery sandboxing and behavioral analysis of suspicious QR codes, allows us to stop malicious messages before they become a risk to your business. Gain actionable insights into your human risks Proofpoint quantifies your people\'s risk so that you can prioritize budget and resources to focus o | Threat Data Breach Malware Mobile Commercial | ★★★ | |
 |
2024-04-02 09:30:00 | Des logiciels malveillants se cachent dans les photos?Plus probable que vous ne le pensez Malware hiding in pictures? More likely than you think (lien direct) |
Il y a plus dans certaines images qui rencontrent l'œil & # 8211;Leurs fa & ccedil apparemment innocents; Ade peut masquer une menace sinistre.
There is more to some images than meets the eye – their seemingly innocent façade can mask a sinister threat. |
Threat Malware | ★★★ | |
 |
2024-04-02 02:56:58 | Oups, malware!Maintenant quoi?Faire face à l'exécution accidentelle des logiciels malveillants Oops, Malware! Now What? Dealing with Accidental Malware Execution (lien direct) |
Un jour ordinaire, vous surfez avec désinvolture sur le Web et téléchargez des fichiers PDF.Les icônes de document semblent assez légitimes, donc vous cliquez sans une deuxième réflexion.Mais, à votre grande surprise, rien ne se passe.Un examen plus approfondi révèle que ce que vous croyiez être un PDF inoffensif était, en fait, un fichier exécutable.La panique s'installe à mesure que vos paramètres se verrouillent, et même l'accès au gestionnaire de tâches devient impossible.Les fenêtres contextuelles inconnues envahissent votre écran, des signes révélateurs de l'exécution de logiciels malveillants.Le regret vous lave lorsque vous réalisez les conséquences de vos actions involontaires.Maintenant, la question se profile: que devrait être ...
On an ordinary day, you\'re casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and even accessing the task manager becomes impossible. Unknown pop-ups invade your screen, telltale signs of malware execution. Regret washes over you as you realize the consequences of your unintentional actions. Now, the question looms: What should be... |
Malware | ★★★ | |
 |
2024-04-02 00:00:00 | Earth Freybug utilise un désactivation pour décrocher les API critiques Earth Freybug Uses UNAPIMON for Unhooking Critical APIs (lien direct) |
Cet article fournit un aperçu approfondi des deux techniques utilisées par les acteurs de la bibliothèque de la bibliothèque dynamique de la bibliothèque de dynamique (DLL) Interface de programmation (API) pour empêcher les processus enfants d'être surveillés via un nouveau logiciel malveillant que nous avons découvert que nous avons découvertet surnommé Unapimon.
This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we\'ve discovered and dubbed UNAPIMON. |
Malware | ★★ | |
 |
2024-04-01 22:00:49 | "Hé, ce n'est pas le bon site!"Distribution des logiciels malveillants exploitant le suivi des annonces Google "Hey, This Isn\\'t the Right Site!" Distribution of Malware Exploiting Google Ads Tracking (lien direct) |
#### Description
Ahnlab Security Intelligence Center (ASEC) a découvert Rhadamanthys, un malware d'information de voleur, en utilisant le suivi des publicités Google pour se distribuer, se faisant passer pour des installateurs de groupware populaires comme la notion et le mou.Le malware télécharge des fichiers malveillants après l'installation, souvent distribués via Inno Configuration ou des installateurs NSIS.Les attaquants ont utilisé le suivi des publicités Google pour conduire les utilisateurs vers un site malveillant, profitant de la capacité de la plate-forme \\ à insérer des adresses de site Web analytique externes.En cliquant sur les annonces, les utilisateurs ont redirigé un site qui les a incité à télécharger le malware, injectant finalement les logiciels malveillants Rhadamanthys en fichiers Windows légitimes pour le vol de données.
> [Consultez la rédaction de Microsoft \\ sur les voleurs d'informations ici.] (Https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?)?)
> [Découvrez les rapports OSINT précédents sur Rhadamanthys ici.] (Https://sip.security.microsoft.com/intel-explorer/articles/463afcea)
#### URL de référence (s)
1. https://asec.ahnlab.com/en/63477/
#### Date de publication
31 mars 2024
#### Auteurs)
Ahnlab Security Intelligence Center
#### Description AhnLab Security Intelligence Center (ASEC) discovered Rhadamanthys, an information stealer malware, using Google Ads tracking to distribute itself, posing as installers for popular groupware like Notion and Slack. The malware downloads malicious files after installation, often distributed through Inno Setup or NSIS installers. The attackers utilized Google Ads tracking to lead users to a malicious site, taking advantage of the platform\'s ability to insert external analytic website addresses. Clicking on the ads redirected users to a site tricking them into downloading the malware, ultimately injecting the Rhadamanthys malware into legitimate Windows files for data theft. >[Check out Microsoft\'s write-up on Information Stealers here.](https://sip.security.microsoft.com/intel-profiles/2296d491ea381b532b24f2575f9418d4b6723c17b8a1f507d20c2140a75d16d6?) >[Check out previous OSINT reporting on Rhadamanthys here.](https://sip.security.microsoft.com/intel-explorer/articles/463afcea) #### Reference URL(s) 1. https://asec.ahnlab.com/en/63477/ #### Publication Date March 31, 2024 #### Author(s) AhnLab Security Intelligence Center |
Malware | ★★ | |
 |
2024-04-01 21:25:52 | XZ utilise la porte dérobée implantée dans une attaque de chaîne d'approvisionnement soigneusement exécutée et soigneusement exécutée XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack (lien direct) |
Si un développeur de Microsoft n'avait pas repéré les logiciels malveillants quand il l'a fait, le résultat aurait pu être bien pire.
Had a Microsoft developer not spotted the malware when he did, the outcome could have been much worse. |
Malware | ★★★ | |
|
2024-04-01 16:50:00 | Détecter les logiciels malveillants à base de fenêtres grâce à une meilleure visibilité Detecting Windows-based Malware Through Better Visibility (lien direct) |
Malgré une pléthore de solutions de sécurité disponibles, de plus en plus d'organisations sont victimes de ransomwares et d'autres menaces.Ces menaces continues ne sont pas juste un inconvénient qui nuise aux entreprises et aux utilisateurs finaux - ils endommagent l'économie, mettent en danger des vies, détruisent les entreprises et mettent en danger la sécurité nationale.Mais si ce n'était pas assez & # 8211;La Corée du Nord semble être & nbsp; en utilisant les revenus de Cyber
Despite a plethora of available security solutions, more and more organizations fall victim to Ransomware and other threats. These continued threats aren\'t just an inconvenience that hurt businesses and end users - they damage the economy, endanger lives, destroy businesses and put national security at risk. But if that wasn\'t enough – North Korea appears to be using revenue from cyber |
Ransomware Malware | ★★ | |
 |
2024-04-01 15:52:06 | \\ 'Vultur \\' malware Android obtient des capacités d'interaction approfondies \\'Vultur\\' Android Malware Gets Extensive Device Interaction Capabilities (lien direct) |
Les chercheurs du groupe NCC préviennent que le malware Android Banking \\ 'Vultur \' a été mis à jour avec les capacités d'interaction et de falsification des fichiers.
NCC Group researchers warn that the Android banking malware \'Vultur\' has been updated with device interaction and file tampering capabilities. |
Malware Mobile | ★★★ | |
|
2024-04-01 13:51:22 | Faits saillants hebdomadaires, 1er avril 2024 Weekly OSINT Highlights, 1 April 2024 (lien direct) |
Last week\'s OSINT reporting reveals an array of cyber threats marked by sophisticated attack tactics and diverse targets. From malvertising campaigns deploying stealers like Rhadamanthys to the first known attack campaign targeting AI workloads, threat actors exhibit a range of attack vectors targeting both individuals and organizations. Notably, the evolution of malware such as Vultur and StrelaStealer highlights a continual arms race between attackers and defenders, with adversaries demonstrating adaptability and persistence in their pursuit of data theft and system compromise. The targeting of specific platforms like WordPress sites and email clients underscores the threat to online ecosystems, while the widespread impact across industries emphasizes the need for robust cybersecurity measures and constant vigilance against evolving threats. 1. [Go Malvertising Campaign with Rhadamanthys Stealer](https://security.microsoft.com/intel-explorer/articles/e6d270fc): A malvertising campaign had utilized a Go language loader to deploy the Rhadamanthys stealer, targeting users through a fake PuTTY homepage ad at the top of Google search results. The loader, closely linked to the malvertising infrastructure, had retrieved the payload, Rhadamanthys, which had been executed by the parent process PuTTY.exe, indicating a coordinated attack by the same threat actor. 2. [Active Attack Campaign Exploiting Ray Framework Vulnerability](https://security.microsoft.com/intel-explorer/articles/e4cd5bc2): An ongoing active attack campaign had exploited a critical vulnerability in the Ray open-source AI framework, known as ShadowRay (CVE-2023-48022), impacting thousands of companies globally. Attackers had exploited this vulnerability to take control of computing resources, steal sensitive data, and conduct cryptocurrency mining operations, demonstrating the severity of the issue and its widespread impact across industries. 3. [Evolution of Android Banking Malware Vultur](https://security.microsoft.com/intel-explorer/articles/3f7c3599): Authors behind the Android banking malware Vultur had enhanced its capabilities, including remote interaction with victim devices and encryption of C2 communication, showcasing continual development to evade detection and carry out malicious actions with greater sophistication. 4. [Agent Tesla Phishing Email Infection Chain](https://security.microsoft.com/intel-explorer/articles/5ffaa8a4): SpiderLabs had identified a phishing email leading to an infection chain deploying Agent Tesla, utilizing obfuscation, packing techniques, and polymorphic behavior to evade detection and ensure stealthy execution, posing challenges for traditional antivirus systems. 5. [Sign1 Malware Campaign Exploiting WordPress Sites](https://security.microsoft.com/intel-explorer/articles/063f7fac): Sucuri and GoDaddy Infosec had discovered the Sign1 malware campaign infecting over 2,500 WordPress sites, injecting malicious code into custom HTML widgets to redirect visitors to scam sites, demonstrating the threat to website integrity and visitor security. 6. [StrelaStealer Email Client Targeting Malware](https://security.microsoft.com/intel-explorer/articles/82785858): StrelaStealer, a malware targeting email clients to steal login data, had launched large-scale email campaigns impacting over 100 organizations, particularly targeting high-tech industries. The malware\'s evolving infection chain and updated payloads had underscored its adaptability and the challenge it had posed to security analysts and products. ## Learn More For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: [https://aka.ms/threatintelblog](https://aka.ms/threatintelblog). Microsoft customers can use the following reports in Microsoft Defender Threat Intelligence to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this summa | Threat Ransomware Spam Malware Cloud Tool Mobile Vulnerability | ★★ | |
 |
2024-04-01 01:12:13 | "Hé, ce n'est pas le bon site!"Distribution des logiciels malveillants exploitant le suivi des annonces Google “Hey, This Isn\\'t the Right Site!” Distribution of Malware Exploiting Google Ads Tracking (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a récemment détecté une tension de logiciels malveillants distribuée en utilisant le suivi de Google ADS Googlefonctionnalité.Les cas confirmés montrent que les logiciels malveillants sont distribués en se déguisant comme un programme d'installation pour des groupes de groupes populaires tels que Notion et Slack.Une fois les logiciels malveillants installés et exécutés, il télécharge des fichiers malveillants et des charges utiles du serveur de l'attaquant.Vous trouverez ci-dessous la liste des noms de fichiers qui ont été découverts jusqu'à présent.Ce type de logiciels malveillants est ...
AhnLab SEcurity intelligence Center (ASEC) has recently detected a malware strain being distributed by using the Google Ads tracking feature. The confirmed cases show that the malware is being distributed by disguising itself as an installer for popular groupware such as Notion and Slack. Once the malware is installed and executed, it downloads malicious files and payloads from the attacker’s server. Below is the list of the file names that have been discovered so far. This type of malware is... |
Malware | ★★ | |
|
2024-03-31 18:01:02 | Spotlight malware: linodas aka dinodasrat pour Linux Malware Spotlight: Linodas aka DinodasRAT for Linux (lien direct) |
> Introduction Au cours des derniers mois, Check Point Research (RCR) a surveillé de près l'activité d'un acteur de menace de cyber-espionnage chinois-nexus qui se concentre sur l'Asie du Sud-Est, l'Afrique et l'Amérique du Sud.Cette activité s'aligne considérablement sur les idées que les micro-chercheurs de tendance ont publiquement partagées dans leur analyse complète d'un acteur de menace appelé & # 160; Terre Krahang.Ce [& # 8230;]
>Introduction In recent months, Check Point Research (CPR) has been closely monitoring the activity of a Chinese-nexus cyber espionage threat actor who is focusing on Southeast Asia, Africa, and South America. This activity significantly aligns with the insights the Trend Micro researchers publicly shared in their comprehensive analysis of a threat actor called Earth Krahang. This […] |
Threat Malware Prediction | ★★ | |
|
2024-03-31 10:35:17 | Dinodasrat Malware cible les serveurs Linux dans la campagne d'espionnage DinodasRAT malware targets Linux servers in espionage campaign (lien direct) |
Les chercheurs en sécurité ont observé que les systèmes Red Hat et Ubuntu étaient attaqués par une version Linux du Dinodasrat (également connu sous le nom de XDealer) qui pourrait fonctionner depuis 2022. [...]
Security researchers have observed Red Hat and Ubuntu systems being attacked by a Linux version of the DinodasRAT (also known as XDealer) that may have been operating since 2022. [...] |
Malware | ★★ | |
|
2024-03-30 12:46:00 | Les pirates ciblent les utilisateurs de macOS avec des publicités malveillantes répartissant le malware du voleur Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (lien direct) |
Les annonces malveillantes et fausses sites Web agissent comme un conduit pour livrer deux logiciels malveillants de voleur différents, y compris le voleur atomique, ciblant les utilisateurs d'Apple MacOS.
Les attaques d'infostaler en cours ciblant les utilisateurs de MacOS peuvent avoir adopté différentes méthodes pour compromettre les victimes de Mac, mais fonctionnent dans l'objectif final de voler des données sensibles, Jamf Threat Labs & nbsp; dit & nbsp; dans un rapport publié vendredi.
Un
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims\' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One |
Threat Malware | ★★ | |
|
2024-03-30 11:56:28 | Les logiciels malveillants de Vultur Banking pour Android se présentent comme une application de sécurité McAfee Vultur banking malware for Android poses as McAfee Security app (lien direct) |
Les chercheurs en sécurité ont trouvé une nouvelle version du Troie bancaire Vultur pour Android qui comprend des capacités de télécommande plus avancées et un mécanisme d'évasion amélioré.[...]
Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. [...] |
Malware Mobile | ★★ | |
|
2024-03-29 19:49:35 | Theoon malware Retours: 6 000 routeurs Asus piratés en 72 heures TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours (lien direct) |
> Par waqas
Une nouvelle variante de "Theoon Malware" est apparue, ciblant spécifiquement les appareils IoT vulnérables, en particulier les routeurs Asus.
Ceci est un article de HackRead.com Lire la publication originale: Renvoie malveillant Theoon: 6 000 routeurs Asus piratés en 72 heures
>By Waqas A new variant of "TheMoon Malware" has emerged, specifically targeting vulnerable IoT devices, particularly Asus routers. This is a post from HackRead.com Read the original post: TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours |
Malware | ★★ | |
|
2024-03-29 18:06:20 | Les logiciels malveillants Theoon augmentent avec un botnet malveillant pour la location TheMoon Malware Rises Again with Malicious Botnet for Hire (lien direct) |
Des routeurs SoHO obsolètes et des appareils IoT étant détournés par Theyoon pour faire fonctionner un service de botnet hacker anonyme appelé Faceless.
Outdated SOHO routers and IoT devices being hijacked by TheMoon to operate an anonymous hacker botnet service called Faceless. |
Malware | ★★ | |
|
2024-03-29 16:25:09 | Activision: Activer 2FA pour sécuriser les comptes récemment volés par malware Activision: Enable 2FA to secure accounts recently stolen by malware (lien direct) |
Une campagne de logiciels malveillants d'infostealer aurait collecté des millions de connexions auprès des utilisateurs de divers sites Web de jeux, y compris des joueurs qui utilisent des tricheurs, des services de paiement.[...]
An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. [...] |
Malware | ★★ | |
 |
2024-03-29 15:06:12 | Le nouveau chargeur de logiciels malveillants offre à l'agent Tesla à l'accès à distance Trojan via le phishing New Malware Loader Delivers Agent Tesla Remote Access Trojan Via Phishing (lien direct) |
Malware | ★★ | ||
 |
2024-03-29 10:52:35 | Un malware cible les joueurs de Call of Duty qui veulent tricher et vole tous leurs Bitcoins (lien direct) | Des joueurs de Call of Duty cherchant des logiciels de triche ont été victimes d'une attaque d'hameçonnage ciblée installant un malware voleur de cryptomonnaies sur leurs ordinateurs, compromettant potentiellement des millions de comptes. | Malware | ★★★ | |
|
2024-03-28 22:32:00 | Version Linux de Dinodasrat repérée dans les cyberattaques dans plusieurs pays Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (lien direct) |
Une version Linux d'une porte dérobée multi-plateformes appelée & nbsp; dinodasrat & nbsp; a été détectée dans la nature ciblant la Chine, Taiwan, la Turquie et l'Ouzbékistan, & nbsp; Nouvelles conclusions & nbsp; de Kaspersky Reveal.
Dinodasrat, également connu sous le nom de XDealer, est un logiciel malveillant basé sur C ++ qui offre la possibilité de récolter un large éventail de données sensibles des hôtes compromis.
En octobre 2023, la société de cybersécurité slovaque ESET & NBSP
A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET |
Malware | ★★★ | |
|
2024-03-28 19:11:03 | Android Malware Vultur étend son envergure Android Malware Vultur Expands Its Wingspan (lien direct) |
#### Description
The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.
#### Reference URL(s)
1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/
#### Publication Date
March 28, 2024
#### Author(s)
Joshua Kamp
#### Description The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim\'s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions. #### Reference URL(s) 1. https://research.nccgroup.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ #### Publication Date March 28, 2024 #### Author(s) Joshua Kamp |
Malware Technical Mobile | ★★★ | |
 |
2024-03-28 19:10:50 | Site PYPI populaire pour les développeurs bloque temporairement les fonctions en raison de la campagne de logiciels malveillants Popular PyPI site for developers temporarily blocks functions due to malware campaign (lien direct) |
Les administrateurs d'un référentiel largement utilisé pour le langage de codage Python ont suspendu certaines fonctions temporairement du jour au lendemain en raison d'une «campagne de téléchargement de logiciels malveillants». & Nbsp;L'indice Python Package (PYPI) a déclaré qu'il avait restauré les services tôt jeudi après avoir bloqué la création de nouveaux projets et l'enregistrement des nouveaux utilisateurs pendant environ 10 heures.PYPI est un élément clé du
Administrators for a widely used repository for the Python coding language suspended some functions temporarily overnight because of a “malware upload campaign.” The Python Package Index (PyPI) said it had restored services early Thursday after blocking new project creation and new user registration for about 10 hours. PyPI is a key part of the |
Malware | ★★ | |
|
2024-03-28 17:45:03 | Malware téléchargement d'attaque frappe le référentiel PYPI Malware Upload Attack Hits PyPI Repository (lien direct) |
> Les responsables du référentiel Python Package Index (PYPI) ont été obligés de suspendre la création de nouveaux projets et l'enregistrement des nouveaux utilisateurs pour atténuer une campagne de téléchargement de logiciels malveillants.
>Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. |
Malware | ★★ | |
|
2024-03-28 16:00:20 | PYPI inondé par une campagne de typosquat malveillante PyPI Inundated by Malicious Typosquatting Campaign (lien direct) |
> Faits saillants: PIPI est l'un des plus grands index, avec plus de 800 000 utilisateurs, CloudGuard a identifié une campagne de typosquat sur PYPI, comprenant plus de 500 packages malveillants.L'installation de ces packages a exposé les utilisateurs au vol potentiel de leurs informations personnellement identifiables (PII) et à l'installation de logiciels malveillants sur leurs systèmes.Lors de la détection, nous avons rapidement informé PYPI de ces packages, conduisant à leur retrait rapide par l'équipe administrative du PYPI.Intro: avec plus de 800 000 utilisateurs, PYPI (Python Package Index) sert de référentiel officiel pour les packages logiciels adaptés au langage de programmation Python.En tant que centre centralisé, il facilite le [& # 8230;]
>Highlights: PiPI is one of the largest Indexes, with more than 800,000 users Check Point CloudGuard identified a typosquatting campaign on PyPI, comprising over 500 malicious packages. Installation of these packages exposed users to potential theft of their personally identifiable information (PII) and the installation of malware on their systems. Upon detection, we promptly notified PyPI about these packages, leading to their swift removal by the PyPI administrative team. Intro: With more than 800,000 users, PyPI (Python Package Index) serves as the official repository for software packages tailored to the Python programming language. As a centralized hub, it facilitates the […] |
Malware | ★★★ | |
|
2024-03-28 14:37:56 | La campagne de cyberespionnage cible le gouvernement, les entités énergétiques en Inde Cyberespionage Campaign Targets Government, Energy Entities in India (lien direct) |
> La société de renseignement sur les menaces Eclecticiq documente la livraison de leurres de phishing malware aux organisations énergétiques gouvernementales et privées en Inde.
>Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. |
Malware | ★★★ | |
|
2024-03-28 14:03:45 | PYPI suspend le nouvel enregistrement des utilisateurs pour bloquer la campagne de logiciels malveillants PyPI suspends new user registration to block malware campaign (lien direct) |
L'indice de package Python (PYPI) a temporairement suspendu l'enregistrement des utilisateurs et la création de nouveaux projets pour gérer une campagne de logiciels malveillants en cours.[...]
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...] |
Malware | ★★★ | |
|
2024-03-28 13:06:10 | Les chercheurs russes disent que l'opération d'espionnage utilisant Winrar Bug est liée à l'Ukraine Russian researchers say espionage operation using WinRAR bug is linked to Ukraine (lien direct) |
Des chercheurs en sécurité russe ont déclaré avoir découvert un nouveau groupe de cyber-espionnage avec des liens avec l'Ukraine qui fonctionnait depuis au moins janvier de cette année.Ils ont nommé le groupe Phantomcore et ont étiqueté les attaquants \\ 'non décrits auparavant malveillants à distance comme Phantomrat.Lors des attaques contre des entreprises russes sans nom, les pirates ont exploité un connu
Russian security researchers said they have discovered a new cyber-espionage group with links to Ukraine that has been operating since at least January of this year. They named the group PhantomCore and labeled the attackers\' previously undescribed remote access malware as PhantomRAT. During the attacks on unnamed Russian companies, the hackers exploited a known |
Malware | ★★★ | |
 |
2024-03-28 10:27:12 | Inc Ransom revendique la responsabilité de l'attaque contre le NHS en Écosse INC Ransom claims responsibility for attack on NHS Scotland (lien direct) |
Documents sensibles vidés sur le site de fuite au milieu des allégations de 3 To de données volées au total NHS Scotland dit qu'elle a réussi à contenir un logiciel malveillant de Ransomware \\ à une branche régionale, empêchant la propagation de la propagation deinfection dans toute l'institution.…
Sensitive documents dumped on leak site amid claims of 3 TB of data stolen in total NHS Scotland says it managed to contain a ransomware group\'s malware to a regional branch, preventing the spread of infection across the entire institution.… |
Ransomware Malware | ★★ | |
|
2024-03-28 07:01:12 | AI Hallucine les packages logiciels et les développeurs les téléchargement & # 8211;même s'il est potentiellement empoisonné avec des logiciels malveillants AI hallucinates software packages and devs download them – even if potentially poisoned with malware (lien direct) |
Recherchez simplement les bibliothèques imaginées par ML et faites-les réelles, avec un code malveillant réel.Pas d'attente, ne faites pas cela en profondeur Plusieurs grandes entreprises ont publié le code source qui intègre un package logiciel précédemment halluciné par Generative Ai.…
Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don\'t do that In-depth Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI.… |
Malware | ★★★ | |
|
2024-03-27 20:54:00 | Les pirates ont frappé la défense indienne, les secteurs de l'énergie avec des logiciels malveillants se faisant passer pour l'invitation de l'Air Force Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (lien direct) |
Les entités gouvernementales indiennes et les sociétés énergétiques ont été ciblées par des acteurs de menace inconnus dans le but de livrer une version modifiée d'un malware d'informations open source, un voleur malveillant appelé Hackbrowserdata et des informations sensibles exfiltrates dans certains cas en utilisant Slack comme commandement et contrainte (C2).
"Le voleur d'informations a été livré via un e-mail de phishing, se faisant passer pour une lettre d'invitation
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). "The information stealer was delivered via a phishing email, masquerading as an invitation letter |
Threat Malware | ★★★ | |
|
2024-03-27 17:03:56 | Le nombre de nouveaux logiciels malveillants par minute a quadruplé en seulement un an The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year (lien direct) |
|
Malware | ★★★ | |
|
2024-03-27 17:03:46 | Un paiement simple \\ 'est en cours \\' PHIGHISS Télécharge les rats à partir d'AWS, GitHub A Simple \\'Payment is Underway\\' Phishing Email Downloads RATs from AWS, GitHub (lien direct) |
Malware | ★★★ | ||
|
2024-03-27 16:57:55 | \\ 'Tycoon \\' Kit malware contourne Microsoft, Google MFA \\'Tycoon\\' Malware Kit Bypasses Microsoft, Google MFA (lien direct) |
Les acteurs de la menace adoptent largement la plate-forme de phishing à faible coût à faible coût (PHAAS), qui est vendu via Telegram.
Threat actors are widely adopting the fast-growing, low-cost phishing-as-a-service (PhaaS) platform, which is sold via Telegram. |
Threat Malware | ★★ | |
 |
2024-03-27 16:21:33 | Protégez votre entreprise avec ce pare-feu transparent - maintenant 150 $ de rabais Protect Your Business With This Seamless Firewall - Now $150 Off (lien direct) |
Le pare-feu DNS est une application de sécurité intuitive conçue pour vous protéger, vous et votre entreprise, contre les logiciels malveillants, le phishing, les botnets et plus de menaces de sécurité.
DNS FireWall is an intuitive security app built to protect you and your business from malware, phishing, botnets and more security threats. |
Malware | ★★ | |
|
2024-03-27 13:26:00 | Alerte: une nouvelle attaque de phishing fournit des keylogger déguisés en avis de paiement bancaire Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (lien direct) |
Une nouvelle campagne de phishing a été observée en tirant parti d'un nouveau logiciel malveillant de chargeur pour fournir un voleur d'informations et un keylogger appelé & nbsp; agent Tesla.
Trustwave SpiderLabs a déclaré avoir identifié un e-mail de phishing portant cette chaîne d'attaque le 8 mars 2024. Le message se fait passer pour une notification de paiement bancaire, exhortant l'utilisateur à ouvrir une pièce jointe d'archive.
The Archive ("Bank Handlowy W Warszawie
A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024. The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie |
Malware | ★★ | |
|
2024-03-27 12:56:19 | APTS chinois ciblé ASEAN pendant le sommet avec des logiciels malveillants d'espionnage Chinese APTs Targeted ASEAN During Summit with Espionage Malware (lien direct) |
> Par waqas
La cyberattaque a eu lieu dans la première semaine de mars 2024 lors du sommet spécial de l'Asean-Australia à Melbourne.
Ceci est un article de HackRead.com Lire le post original: APTS chinois a ciblé l'ASEAN pendant le sommet avec des logiciels malveillants d'espionnage
>By Waqas The cyberattack occurred in the first week of March 2024 during the ASEAN-Australia Special Summit in Melbourne. This is a post from HackRead.com Read the original post: Chinese APTs Targeted ASEAN During Summit with Espionage Malware |
Malware | ★★★ | |
 |
2024-03-27 10:02:56 | L'analyse du laboratoire de menace de WatchGuard montre une augmentation des logiciels malveillants évasifs WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware (lien direct) |
WatchGuard & Reg;Technologies, une entreprise unifiée de cybersécurité, a annoncé les conclusions de son dernier rapport de sécurité Internet, détaillant les principales tendances des logiciels malveillants et les menaces de sécurité du réseau et des points finaux analysées par les chercheurs WatchGuard Threat Lab.Les principales résultats des données montrent une augmentation spectaculaire des logiciels malveillants évasifs qui ont alimenté une forte augmentation des logiciels malveillants totaux, les acteurs de menace [& # 8230;]
Le post Watchguard Threat Lab Lab Lab Analysis AnalysisMontre une augmentation des logiciels malveillants évasifs apparu pour la première fois sur gourou de la sécurité informatique .
WatchGuard® Technologies, a unified cybersecurity company, has announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analysed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors […] The post WatchGuard Threat Lab Analysis Shows Surge in Evasive Malware first appeared on IT Security Guru. |
Threat Malware | ★★ | |
|
2024-03-26 21:14:26 | Agenda mondial Ransomware cible des serveurs VMware ESXi Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (lien direct) |
Une nouvelle variante améliorée sur les logiciels malveillants du groupe \\ combine une infection sans fidèle, BYOVD, et plus pour provoquer des ravages dans des environnements virtuels.
A new, improved variant on the group\'s malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. |
Ransomware Malware | ★★★ | |
|
2024-03-26 19:39:28 | MALWORE SIGN1: analyse, historique de la campagne et indicateurs de compromis Sign1 Malware: Analysis, Campaign History & Indicators of Compromise (lien direct) |
#### Description
Une nouvelle campagne de logiciels malveillants appelée Sign1 a été découverte par Sucuri et Godaddy Infosec.Le malware a été trouvé sur plus de 2 500 sites au cours des deux derniers mois.Le malware est injecté dans des widgets HTML personnalisés WordPress que les attaquants ajoutent aux sites Web compromis.Le malware est injecté à l'aide d'un plugin CSS et JS personnalisé légitime.Le malware est conçu pour rediriger les visiteurs vers des sites d'escroquerie.Le malware est basé sur le temps et utilise du code JavaScript dynamique pour générer des URL qui changent toutes les 10 minutes.Le logiciel malveillant cherche spécifiquement à voir si le visiteur provient de sites Web majeurs tels que Google, Facebook, Yahoo, Instagram, etc. Si le référent ne correspond pas à ces principaux sites, alors le malware ne s'exécutera pas.
#### URL de référence (s)
1. https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-odi-cocompromis.html
#### Date de publication
20 mars 2024
#### Auteurs)
Ben Martin
#### Description A new malware campaign called Sign1 has been discovered by Sucuri and GoDaddy Infosec. The malware has been found on over 2,500 sites in the past two months. The malware is injected into WordPress custom HTML widgets that the attackers add to compromised websites. The malware is injected using a legitimate Simple Custom CSS and JS plugin. The malware is designed to redirect visitors to scam sites. The malware is time-based and uses dynamic JavaScript code to generate URLs that change every 10 minutes. The malware is specifically looking to see if the visitor has come from any major websites such as Google, Facebook, Yahoo, Instagram etc. If the referrer does not match to these major sites, then the malware will not execute. #### Reference URL(s) 1. https://blog.sucuri.net/2024/03/sign1-malware-analysis-campaign-history-indicators-of-compromise.html #### Publication Date March 20, 2024 #### Author(s) Ben Martin |
Malware | Yahoo | ★★ |
|
2024-03-26 17:11:47 | Campagne à grande échelle de Strelaslateal au début de 2024 Large-Scale StrelaStealer Campaign in Early 2024 (lien direct) |
#### Description
Strelastealer est un logiciel malveillant qui cible les clients de messagerie pour voler des données de connexion, en l'envoyant au serveur de l'attaquant \\ pour des attaques potentielles supplémentaires.Depuis l'émergence de Strelaslealer \\ en 2022, l'acteur de menace a lancé plusieurs campagnes de messagerie à grande échelle, ses dernières campagnes ayant un impact sur 100 organisations à travers l'UE et les attaquants américains ont ciblé des organisations dans une variété d'industries, mais des organisations dans laL'industrie de la haute technologie a été la plus grande cible.L'analyse technique de Strelaslaster révèle une chaîne d'infection en évolution utilisant des pièces jointes ZIP, des fichiers JScript et des charges utiles de DLL mises à jour, démontrant l'adaptabilité du malware \\ et le défi qu'il pose aux analystes et produits de sécurité.
#### URL de référence (s)
1. https: // Unit42.paloaltonetworks.com/strelastealer-campage/
#### Date de publication
22 mars 2024
#### Auteurs)
Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhapurwal, Anmol Maurya et Vishwa Thothathri
#### Description StrelaStealer is a malware that targets email clients to steal login data, sending it to the attacker\'s server for potential further attacks. Since StrelaStealer\'s emergence in 2022, the threat actor has launched multiple large-scale email campaigns, with its most recent campaigns impacting over 100 organizations across the EU and U.S. Attackers have targeted organizations in a variety of industries, but organizations in the high tech industry have been the biggest target. Technical analysis of StrelaStealer reveals an evolving infection chain using ZIP attachments, JScript files, and updated DLL payloads, demonstrating the malware\'s adaptability and the challenge it poses to security analysts and products. #### Reference URL(s) 1. https://unit42.paloaltonetworks.com/strelastealer-campaign/ #### Publication Date March 22, 2024 #### Author(s) Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya, and Vishwa Thothathri |
Threat Malware Technical | ★★ | |
 |
2024-03-26 16:47:40 | Catégories de sites Web Les employeurs américains ne veulent pas que vous visitiez Website categories American employers don\\'t want you to visit (lien direct) |
Catégories de sites Web Les employeurs américains ne veulent pas que vous visitiez
Les experts en cybersécurité disent que le blocage de certains sites Web réduit le risque de cyberattaques et supprime les distractions
Jusqu'à 72% des employeurs bloquent les logiciels malveillants et les sites Web pour adultes. Les sites Web de phishing sont bloqués par 70% des employeurs, tout en jeu & # 8211;par 43%. Les gestionnaires informatiques en Amérique du Nord limitent en moyenne leurs employés de huit catégories de sites Web.
-
rapports spéciaux
Website categories American employers don\'t want you to visit Cybersecurity experts say that blocking certain websites lowers the risk of cyberattacks and removes distractions Up to 72% of employers block malware and adult websites. Phishing websites are blocked by 70% of employers, while gambling ones – by 43%. IT managers in North America restrict their employees from eight website categories on average. - Special Reports |
Malware | ★★ | |
|
2024-03-26 11:00:00 | Theoon malware infecte 6 000 routeurs ASUS en 72 heures pour le service proxy TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service (lien direct) |
Une nouvelle variante de botnet malveillant "Theoon" a été repérée en infectant des milliers de routeurs de petits bureaux et de bureaux (SOHO) obsolètes (SOHO) dans 88 pays.[...]
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries. [...] |
Malware | ★★★ | |
|
2024-03-26 06:00:09 | Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM (lien direct) | Proofpoint was the first to uncover a concerning new development in the world of cyberthreats that involves a group known as TA577. These cybercriminals, which typically act as initial access brokers (IAB), have pivoted to attacking an old, but widely deployed Windows service to steal sensitive information. Specifically, they aim to steal at scale the hash of the NT LAN Manager (NTLM) authentication session details. Then it is expected that they either sell the data, or they exploit it for various downstream activities like stealing sensitive data and ransoming systems. The planned end result is the same, a significant business-impacting breach of the targeted organizations. How did the new attack happen? Proofpoint detected two distinct email-based campaigns that TA577 carried out on February 26 and 27, 2024. The campaigns targeted hundreds of businesses globally via tens of thousands of emails. The attackers cleverly disguised the emails as replies to previous emails. This is an effective social engineering tactic known as thread hijacking. The emails contained HTML attachments compressed into zip files. Each malicious attachment had its own unique identifier. And the HTML files contained within the attachment were customized for each recipient. Because all the hashes were unique, a simple signature-based detection system could not consistently detect and block these emails. When the email recipient opened the files, it triggered a connection to a Server Message Block (SMB) server that the threat actor controlled. No malware was directly delivered through these connections. However, the attackers\' objective was clear-to capture the details of the challenge/response transaction and the NTLM hashes of the user\'s Windows machine, which include the user\'s password authentication data. The attackers can use this data in the next stage of the attack either in hash form or by cracking the hash first to retrieve the password. Note: In this case, the use of multifactor authentication (MFA) would not stop the attack, as TA577 targeted previously authenticated users on active Windows machines. If targeted businesses used MFA, that authentication step would have already occurred; thus, it would not significantly hinder this attack. What was the attackers\' intent? As noted earlier, TA577 usually acts as an IAB. So, the group likely aimed to exploit the data that they collected by cracking password hashes or facilitating “pass-the-hash” attacks. They could sell access to other threat actors who seek to penetrate targeted companies\' networks more deeply. As part of our investigation, Proofpoint identified the use of a well-known toolkit, Impacket, on the SMB servers involved in the attack. This discovery further confirmed that the malicious intent behind TA577\'s activities is to go well beyond the initial account or system compromise. What is especially concerning about this attack approach is that any connection to the SMB servers would compromise sensitive information that includes: Usernames Passwords Session hashes Domain names Computer names More troubling is the fact that the attackers delivered the malicious HTML files within zip archives. That means they bypassed measures in Outlook mail clients last patched before July 2023. If your email security provider did not block the inbound email and a user engaged with the message, your last hope to avoid the compromise is the timeliness of your software patching program. The impacts on businesses This attack is based on an old protocol (NTLM) from the 1990s. But this new twist by TA577 is noteworthy because it represents a departure from the group\'s usual tactics of delivering malware and bots directly. It suggests that the group is adapting and evolving. They are seeking new ways to bypass security measures and monetize their campaigns. This cyberthreat poses a significant risk to businesses that run Microsoft Windows. Through the theft of NTLM authenti | Threat Malware Patching | ★★★ | |
|
2024-03-26 06:00:09 | ProofPoint révèle la technique PIVOT par un groupe d'attaquant TA577: Cibler Windows NTLM Proofpoint Discloses Technique Pivot by Attacker Group TA577: Targeting Windows NTLM (lien direct) |
Proofpoint was the first to uncover a concerning new development in the world of cyberthreats that involves a group known as TA577. These cybercriminals, which typically act as initial access brokers (IAB), have pivoted to attacking an old, but widely deployed Windows service to steal sensitive information. Specifically, they aim to steal at scale the hash of the NT LAN Manager (NTLM) authentication session details. Then it is expected that they either sell the data, or they exploit it for various downstream activities like stealing sensitive data and ransoming systems. The planned end result is the same, a significant business-impacting breach of the targeted organizations. How did the new attack happen? Proofpoint detected two distinct email-based campaigns that TA577 carried out on February 26 and 27, 2024. The campaigns targeted hundreds of businesses globally via tens of thousands of emails. The attackers cleverly disguised the emails as replies to previous emails. This is an effective social engineering tactic known as thread hijacking. The emails contained HTML attachments compressed into zip files. Each malicious attachment had its own unique identifier. And the HTML files contained within the attachment were customized for each recipient. Because all the hashes were unique, a simple signature-based detection system could not consistently detect and block these emails. When the email recipient opened the files, it triggered a connection to a Server Message Block (SMB) server that the threat actor controlled. No malware was directly delivered through these connections. However, the attackers\' objective was clear-to capture the details of the challenge/response transaction and the NTLM hashes of the user\'s Windows machine, which include the user\'s password authentication data. The attackers can use this data in the next stage of the attack either in hash form or by cracking the hash first to retrieve the password. Note: In this case, the use of multifactor authentication (MFA) would not stop the attack, as TA577 targeted previously authenticated users on active Windows machines. If targeted businesses used MFA, that authentication step would have already occurred; thus, it would not significantly hinder this attack. What was the attackers\' intent? As noted earlier, TA577 usually acts as an IAB. So, the group likely aimed to exploit the data that they collected by cracking password hashes or facilitating “pass-the-hash” attacks. They could sell access to other threat actors who seek to penetrate targeted companies\' networks more deeply. As part of our investigation, Proofpoint identified the use of a well-known toolkit, Impacket, on the SMB servers involved in the attack. This discovery further confirmed that the malicious intent behind TA577\'s activities is to go well beyond the initial account or system compromise. What is especially concerning about this attack approach is that any connection to the SMB servers would compromise sensitive information that includes: Usernames Passwords Session hashes Domain names Computer names More troubling is the fact that the attackers delivered the malicious HTML files within zip archives. That means they bypassed measures in Outlook mail clients last patched before July 2023. If your email security provider did not block the inbound email and a user engaged with the message, your last hope to avoid the compromise is the timeliness of your software patching program. The impacts on businesses This attack is based on an old protocol (NTLM) from the 1990s. But this new twist by TA577 is noteworthy because it represents a departure from the group\'s usual tactics of delivering malware and bots directly. It suggests that the group is adapting and evolving. They are seeking new ways to bypass security measures and monetize their campaigns. This cyberthreat poses a significant risk to businesses that run Microsoft Windows. Through the theft of NTLM authenti | Threat Malware Patching | ★★★ | |
|
2024-03-26 03:49:14 | Sécurité du navigateur en 2024: technologies et tendances Browser Security in 2024: Technologies and Trends (lien direct) |
Qu'est-ce que la sécurité du navigateur?La sécurité du navigateur est un ensemble de mesures et de processus destinés à protéger les utilisateurs et leurs données lors de l'utilisation de navigateurs Web.Cela comprend des mécanismes pour prévenir l'accès non autorisé, sauvegarder contre les logiciels malveillants et autres menaces de sécurité du navigateur, et les moyens de protéger la vie privée des activités en ligne.Les composants essentiels de la sécurité du navigateur comprennent des protocoles de communication sécurisés comme HTTPS, qui chiffre les données en transit;fonctionnalités du navigateur qui détectent et bloquent les sites Web malveillants, les tentatives de phishing et les logiciels malveillants;et des mesures techniques pour isoler le ...
What Is Browser Security? Browser security is a set of measures and processes intended to protect users and their data when using web browsers. This includes mechanisms to prevent unauthorized access, safeguard against malicious software and other browser security threats , and ways to protect the privacy of online activities. Essential components of browser security include secure communication protocols like HTTPS, which encrypts data in transit; features within the browser that detect and block malicious websites, phishing attempts, and malware; and technical measures for isolating the... |
Malware Technical | ★★ |
To see everything:
Our RSS (filtrered)
