What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-19 14:22:50 | New version of Remcos RAT uses direct syscalls to evade detection. (lien direct) | Remcos is a legitimate commercial Remote Access Tool (RAT) created by the security company Breaking Security. It was first released in 2016 but started being used for malicious purposes during 2017. This is a powerful tool that grants the capability of comprehensive remote surveillance including keylogging, activating cameras, taking screenshots, capturing audio, and monitoring clipboard […] | Tool | ★★★★★ | |
|
2022-12-29 12:30:23 | New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection (lien direct) | >We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora […] | Ransomware | ★★★ | |
|
2022-11-24 14:24:10 | Windows Service Failure Recovery Easily Exploitable for Ransomware (lien direct) | >Windows Services are the OS mechanism used to initiate processes at system startup which provide services not tied to user interaction. Windows services consist of three components: a service application, a service control program (SCP), and the service control manager (SCM). Characteristics of a service application. Service applications consist of at least one […] | Ransomware | ★★ | |
|
2022-11-08 14:18:48 | New updated IceXLoader claims thousands of victims around the world (lien direct) | >IceXLoader was discovered last June by FortiGuard Labs. It is a commercial malware used to download and deploy additional malware on infected machines. While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain. Figure 1. […] | Malware | ★★★ | |
|
2022-11-03 13:46:14 | How You Can Keep Chrome Browser Secure on Windows 7 and 8.1 (lien direct) | >Google recently announced that as of February 2023, it will be dropping support for Windows 7 and 8.1, focusing on Windows 10, 11 and beyond. Even though older Google Chrome versions will still continue to work after support is dropped on Windows 7 / 8.1, the impact of this announcement is that browsers on these […] | ★★★ | ||
|
2022-08-25 10:23:06 | STOP/DJVU Ransomware (lien direct) | >STOP/DJVU ransomware has been with us since 2019. New versions are released periodically; however, the new STOP/DJVU ransomware versions usually focus on adding new encrypted file extensions. There were almost 200 different encryption extensions observed in the wild through 2019 alone. This ransomware contains a lot of unused code, probably inserted to delay malware […] | Ransomware Malware | ★★★ | |
|
2022-08-16 14:24:32 | Malware Evasion – Memory Injection (lien direct) | >This is the third part of our malware evasion techniques series. If you'd like, you can also review our other articles on sandbox evasion and Living off the Land. This article introduces a set of evasion techniques wherein malware takes advantage of running processes. These techniques fall under the broad category of malware evasion techniques known as | Malware | ★★★ | |
|
2022-07-10 18:03:54 | Lockbit 3.0 AKA Lockbit Black is here, with a new icon, new ransom note, new wallpaper, but less evasiveness? (lien direct) |
This month the Lockbit ransomware gang announced their first Bug Bounty program as part of their evolution into Lockbit 3.0. A first sample of the new version was published by Arda Büyükkaya. According to theirnew ransomware wallpaper that appears after encryption, this specific version has been named 'Lockbit Black', which interestingly followstheir new execution method which is pretty similar tothe BlackCat ransomware execution method. There are actually even more similarities between the two ransomwares. |
Ransomware | ||
|
2022-06-20 13:00:00 | Does Acrobat Reader Unload Injection of Security Products? (lien direct) |
|
|||
|
2022-05-31 16:33:34 | New Microsoft Office “Follina” zero-day Already Shared on Ransomware Forums (lien direct) |
The new zero-day MS Word vulnerability recently discovered by Nao_Sec on May 27, 2022, titled 'Follina' (CVE-2022-30190) targeting Microsoft Office is being actively utilised, Minerva researchers found. The exploit targets a vulnerability in Microsoft's Windows Support Diagnostic Tool (MSDT) that occurs due to the ms-msdt MSProtocol URI scheme which could load code and execute via PowerShell despite macros being disabled. Successful exploitation of the CVE enables an attacker to execute arbitrary code on the targeted host. However, the attacker must socially engineer the victim into opening a specially crafted file to exploit this issue which requires a targeted effort to succeed making the vulnerability less prominent to unskilled actors but highly relevant to ransomware gangs such as CONTI, CL0P and ALPHV. To combat this new threat businesses must focus on threat prevention-an approach in which Minerva excels. |
Ransomware Tool Vulnerability Threat | ||
|
2022-05-19 16:53:56 | What makes Ransomware so different from other malware and cyber threats? (lien direct) |
|
Ransomware Malware | ||
|
2022-05-09 14:40:29 | (Déjà vu) Malware evasion techniques - Obfuscated Files and Information (lien direct) |
Obfuscation is one the many techniques used by malware to evade static analysis methods and traditional anti-malware solutions which rely on hashes and strings for malware detection and analysis. This post is part of our series on malware evasion techniques. Feel free to read the other posts in this series which discussed Living off the Land, Sandbox Evasion, and detecting security and forensic tools. |
Malware | ||
|
2022-05-03 15:37:31 | A new BluStealer Loader Uses Direct Syscalls to Evade EDRs (lien direct) |
BluStealer malware was first detected in May 2021 by James_inthe_box. Back then, it was delivered through a phishing mail, either as an attachment or a Discord link leading to the malware download URL. According to Avast 2021 analysis, it “consists of a core written in Visual Basic and the C# .NET inner payload(s). The VB core reuses a large amount of code from a 2004 SpyEx project. Its capabilities to steal crypto wallet data, swap crypto addresses present in the clipboard, find and upload document files, exfiltrate data through SMTP and the Telegram Bot API, as well as anti-analysis/anti-VM tactics” |
Malware Guideline | ||
|
2022-05-02 09:54:14 | New Black Basta Ransomware Hijacks Windows Fax Service (lien direct) |
|
Ransomware | ||
|
2022-04-11 10:28:22 | Malware Evasion - Detecting Security and Forensic Tools (lien direct) |
This is the third post in our evasion techniques blog series. Feel free to view the other posts which discussed Sandbox Evasion and Living Off the Land techniques. |
Tool | ||
|
2022-03-31 11:45:00 | What Does it take To Beat the World\'s Fastest-Encrypting Ransomware? (lien direct) |
A new report by Splunk recently revealed that some ransomware variants encrypt files at a staggering rate of 25,000 files per minute. This means that now might be a good time to revisit your threat detection and response strategy. It's pretty clear that the moment a ransomware starts encrypting files, it's a losing race against time to minimize (not stop) the damage. |
Ransomware Threat | ||
|
2022-03-30 10:15:00 | SunCrypt Ransomware Gains New Capabilities in 2022 (lien direct) |
SunCrypt is a RaaS (Ransomware as a Service) group that was first seen in October 2019, and was one of the first groups to apply triple extortion* tactics to their attacks. Unlike other RaaS groups, SunCrypt runs a small and closed affiliate program. The first version of this ransomware was written in GO, but after C and C++ versions were released in mid-2020, the group became much more active. SunCrypt mostly affects the Services, Technology, and Retail industries. Our researchers recently identified an updated version of this ransomware which includes additional capabilities. |
Ransomware |
1
We have: 17 articles.
We have: 17 articles.
To see everything:
Our RSS (filtrered)
