What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-01-11 18:05:33 | ForeScout publie une analyse critique des cyberattaques du secteur de l'énergie récentes au Danemark, Ukraine Forescout publishes critical analysis of recent energy sector cyberattacks in Denmark, Ukraine (lien direct) |
> ForeScout Technologies a publié un briefing de menace qui examine deux cyberattaques récemment publiées ciblant le secteur de l'énergie dans ...
>Forescout Technologies has released a threat briefing that examines two recently published cyberattacks targeting the energy sector in... |
Threat | ★★★★ | |
 |
2024-01-11 17:44:52 | NOABOT BOTNET basé à Mirai ciblant les systèmes Linux avec Cryptominer Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer (lien direct) |
> Par deeba ahmed
Un autre jour, une autre menace de logiciels malveillants contre les systèmes Linux!
Ceci est un article de HackRead.com Lire le post original: mirai-Botnet noabot basé ciblant les systèmes Linux avec cryptominer
>By Deeba Ahmed Another day, another malware threat against Linux systems! This is a post from HackRead.com Read the original post: Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer |
Malware Threat | ★★★ | |
 |
2024-01-11 17:10:00 | Atomic Stealer obtient une mise à niveau - ciblant les utilisateurs de Mac avec charge utile cryptée Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (lien direct) |
Les chercheurs en cybersécurité ont identifié une version mise à jour d'un voleur d'informations MacOS appelé & nbsp; atomic & nbsp; (ou amos), indiquant que les acteurs de la menace derrière les logiciels malveillants améliorent activement ses capacités.
"Il semble qu'Atomic Stealer a été mis à jour vers la mi-fin à la fin décembre 2023, où ses développeurs ont introduit le cryptage en charge utile dans le but de contourner les règles de détection", "
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic (or AMOS), indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its developers introduced payload encryption in an effort to bypass detection rules," |
Malware Threat | ★★ | |
 |
2024-01-11 15:24:12 | SecurityScoreCard Research: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days (lien direct) |
Recherche de menace de sécurité de sécurité: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours
-
mise à jour malveillant
SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update |
Vulnerability Threat Studies | Guam | ★★★★ |
 |
2024-01-11 14:18:14 | MiraclePtr: protéger les utilisateurs contre les vulnérabilités sans utilisation sans plateformes MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms (lien direct) |
Posted by Keishi Hattori, Sergei Glazunov, Bartek Nowierski on behalf of the MiraclePtr team
Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome. If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives.
More platforms
We are thrilled to announce that since our last update, we have successfully enabled MiraclePtr for more platforms and processes:
In June 2022, we enabled MiraclePtr for the browser process on Windows and Android.
In September 2022, we expanded its coverage to include all processes except renderer processes.
In June 2023, we enabled MiraclePtr for ChromeOS, macOS, and Linux.
Furthermore, we have changed security guidelines to downgrade MiraclePtr-protected issues by one severity level!
Evaluating Security Impact
First let\'s focus on its security impact. Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices. Let\'s take a closer look at each of these sources and how they inform our understanding of MiraclePtr\'s effectiveness.
Bug reports
Chrome vulnerability reports come from various sources, such as:
Chrome Vulnerability Reward Program participants,
our fuzzing infrastructure,
internal and external teams investigating security incidents.
For the purposes of this analysis, we focus on vulnerabilities that affect platforms where MiraclePtr was enabled at the time the issues were reported. We also exclude bugs that occur inside a sandboxed renderer process. Since the initial launch of MiraclePtr in 2022, we have received 168 use-after-free reports matching our criteria.
What does the data tell us? MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%. Reaching this level of effectiveness, however, required additional work. For instance, we not only rewrote class fields to use MiraclePtr, as discussed in the previous post, but also added MiraclePtr support for bound function arguments, such as Unretained pointers. These pointers have been a significant source of use-after-frees in Chrome, and the additional protection allowed us to mitigate 39 more issues.
Moreover, these vulnerability reports enable us to pinpoint areas needing improvement. We\'re actively working on adding support for select third-party libraries that have been a source of use-after-free bugs, as well as developing a more advanced rewriter tool that can handle transformations like converting std::vector into std::vector. We\'ve also made sever |
Tool Vulnerability Threat Mobile | ★★★ | |
 |
2024-01-11 13:55:59 | Explorer FBOT |Des logiciels malveillants basés sur Python ciblant les services de cloud et de paiement Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services (lien direct) |
Les acteurs de la menace des armes FBOT avec un outil d'attaque multifonction conçu pour détourner le cloud, le SaaS et les services Web.
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services. |
Malware Tool Threat Cloud | ★★ | |
 |
2024-01-11 12:56:08 | Les attaquants exploitent Ivanti Connectez des vulnérabilités sécurisées zéro-jours pour déployer des webshells (CVE-2023-46805, CVE-2024-21887) Attackers Exploit Ivanti Connect Secure Zero-Day Vulnerabilities to Deploy Webshells (CVE-2023-46805, CVE-2024-21887) (lien direct) |
à la mi-décembre 2023, les chercheurs de volexité ont identifié une activité suspecte au sein d'un réseau client.Leur enquête ...
In mid-December 2023, researchers at Volexity identified suspicious activity within a client’s network. Their investigation... |
Vulnerability Threat | ★★★ | |
|
2024-01-11 11:40:00 | Le compte mandiant \\ s a été piraté en utilisant une attaque de force brute Mandiant\\'s X Account Was Hacked Using Brute-Force Attack (lien direct) |
Le compromis du compte X mandiant \\ (anciennement Twitter) la semaine dernière était probablement le résultat d'une "attaque de mot de passe brute-force", attribuant le piratage à un groupe de drainage en tant que service (DAAS).
"Normalement, [l'authentification à deux facteurs] aurait atténué cela, mais en raison de certaines transitions d'équipe et d'un changement dans la politique de la 2FA de X \\, nous n'étions pas adéquatement protégés", la société de renseignement sur les menaces & nbsp; a dit & nbsp;
The compromise of Mandiant\'s X (formerly Twitter) account last week was likely the result of a "brute-force password attack," attributing the hack to a drainer-as-a-service (DaaS) group. "Normally, [two-factor authentication] would have mitigated this, but due to some team transitions and a change in X\'s 2FA policy, we were not adequately protected," the threat intelligence firm said |
Hack Threat | ★★★ | |
 |
2024-01-11 11:00:00 | Histoires du Soc: Blackcat sur le prouvoir Stories from the SOC: BlackCat on the prowl (lien direct) |
This blog was co-authored with Josue Gomez and Ofer Caspi.
Executive summary
BlackCat is and has been one of the more prolific malware strains in recent years. Believed to be the successor of REvil, which has links to operators in Russia, it first was observed in the wild back in 2021, according to researchers. BlackCat is written in the Rust language, which offers better performance and efficiencies than other languages previously used. BlackCat is indiscriminate in how it targets its victims, which range from healthcare to entertainment industries. This blog will cover a recent incident impacting one of the AT&T Managed Detection and Response (MDR) Security Operations Center SOC’s customers and discuss how in partnering with AT&T Alien Labs, the MDR SOC was able to detect and remediate the incident.
Building the investigation
On September 14th, 2023, the AT&T MDR SOC received multiple alarms indicating that lateral movement was occurring for one of our clients. The alarm detections were generated after activity in SentinelOne for multiple users attempting to perform network traversing through the clients’ environment.
Figure 1. Alarm Detection
The AT&T SOC immediately generated an investigation that included a call to the client to notify them of the activity as well as escalate the detection to the AT&T MDR Incident Response (IR) Team and the client\'s dedicated Threat Hunter. The IR team and Threat Hunter began the engagement by creating a timeline and searching through SentinelOne Deep Visibility tool. Within its events, they found a user was successfully logged into the client’s internal network on multiple endpoints using lsass.exe.. Additionally, multiple files were logged as being encrypted, which resulted in the team designating the incident a ransomware attack.
Figure 2. Lsass Activity in SentinelOne
During the review of the lsass.exe activity, a specific file was located with a suspicious process tree. A command line was recorded with the file execution that included an internal IP address and the user ADMIN$. The activity from the suspicious file prompted an immediate blocklist for the SHA 1 file hash to ensure that the file was unable to be executed within the client’s environment. Following the block of the file hash, multiple detections from SentinelOne populated, indicating that the file was successfully killed and quarantined and that the client’s devices were protected.
Figure 3. File execution command line
After initiating the blocklist, the Threat Hunter utilized the SentinelOne “file fetch” feature, which enabled them to download the malicious file and save a copy locally. The AT&T SOC then worked with the AT&T Alien Labs team to perform a deeper analysis of the file in order to more understand the true nature of the ransomware attack.
Technical analyses
As previously mentioned, BlackCat ransomware is developed in the Rust programming language, providing the attacker with the versatility to compile and run it on both Windows and Linux operating systems.The ransomware e |
Ransomware Malware Tool Threat | ★★★ | |
|
2024-01-11 10:59:00 | Les pirates chinois exploitent les défauts de jour zéro dans Ivanti Connect Secure and Policy Secure Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure (lien direct) |
Une paire de défauts zéro-jours identifiés dans Ivanti Connect Secure (ICS) et Policy Secure ont été enchaînés par des acteurs suspects de l'État-nation liés à la Chine pour violer moins de 10 clients.
La société de cybersécurité volexité, qui & nbsp; a identifié & nbsp; l'activité sur le réseau de l'un de ses clients au cours de la deuxième semaine de décembre 2023, l'a attribuée à un groupe de piratage qu'il suit sous le nom & NBSP; UTA0178
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178 |
Vulnerability Threat | ★★★ | |
|
2024-01-11 09:27:04 | Étude Netskope Threat Labs : les cybercriminels surfent sur l\'augmentation de 400 % de l\'utilisation d\'applications d\'IA générative par les employés (lien direct) | Étude Netskope Threat Labs : les cybercriminels surfent sur l'augmentation de 400 % de l'utilisation d'applications d'IA générative par les employés Une nouvelle étude détaille la forte croissance de l'adoption de l'intelligence artificielle générative, les risques liés aux applications en cloud, les principales menaces et les adversaires tout au long de l'année 2023. - Investigations | Threat Studies Cloud | ★★★★ | |
|
2024-01-11 08:12:28 | Fortinet annonce la disponibilité de Fortinet Advisor (lien direct) | Fortinet Advisor, un assistant basé sur l'IA générative pour accélérer les investigations sur les menaces et la remédiation Fortinet capitalise sur plus d'une décennie d'innovation en Intelligence Artificielle (IA) et sur son expertise sur les menaces pour offrir un outil d'IA générative qui renforce les compétences des équipes de cybersécurité - Produits | Threat | ★★ | |
|
2024-01-11 08:10:37 | IBOSS lance le module DNS de protection gouvernemental pour fortifier les cyber-défenses iboss Launches Government Protective DNS Module to Fortify Cyber Defenses (lien direct) |
iboss lance le module DNS de protection gouvernemental pour fortifier les cyber-défenses.
Le module révolutionnaire s'intègre de manière transparente au service DNS protecteur de CISA \\, fournissant aux agences gouvernementales de détection de menace avancée et à DNS cryptée sur tous les appareils
-
revues de produits
iboss Launches Government Protective DNS Module to Fortify Cyber Defenses. The Revolutionary Module Seamlessly Integrates with CISA\'s Protective DNS Service, Providing Government Agencies Advanced Threat Detection and Encrypted DNS Across All Devices - Product Reviews |
Threat | ★★★ | |
 |
2024-01-11 08:00:14 | Securonix Threat Labs Monthly Intelligence Insights & # 8211;Décembre 2023 Securonix Threat Labs Monthly Intelligence Insights – December 2023 (lien direct) |
Securonix Threat Labs Monthly Intelligence Insights décembre 2023 fournit un résumé des principales menaces organisées, surveillées et analysées par Securonix Threat Labs.
Securonix Threat Labs Monthly Intelligence Insights December 2023 provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs. |
Threat | ★★★ | |
 |
2024-01-11 02:00:00 | Cutting avant: cibles présumées APT Ivanti Connect Secure VPN dans une nouvelle exploitation zéro-jour Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation (lien direct) |
Remarque: Il s'agit d'une campagne de développement sous analyse active de Mandiant et Ivanti.Nous continuerons à ajouter plus d'indicateurs, de détections et d'informations à ce billet de blog au besoin. le 10 janvier 2024, ivanti divulgué Deux vulnérabilités, CVE-2023-46805 et CVE-2024-21887 , impactant Ivanti Connect Secure VPN (" CS ", anciennement Secure Secure) et Ivanti Secure (" PS") appareils électroménagers.Une exploitation réussie pourrait entraîner un contournement d'authentification et une injection de commandement, entraînant un autre compromis en aval d'un réseau de victimes.Mandiant a identifié l'exploitation zéro-jour de ces vulnérabilités
Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more indicators, detections, and information to this blog post as needed.On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting Ivanti Connect Secure VPN (“CS”, formerly Pulse Secure) and Ivanti Policy Secure (“PS”) appliances. Successful exploitation could result in authentication bypass and command injection, leading to further downstream compromise of a victim network. Mandiant has identified zero-day exploitation of these vulnerabilities |
Vulnerability Threat | ★★★ | |
 |
2024-01-11 00:00:00 | Trend Micro défend la Coupe du monde de la FIFA contre les cyber-menaces Trend Micro Defends FIFA World Cup from Cyber Threats (lien direct) |
Trend Micro collabore avec Interpol pour défendre la Coupe du monde de la FIFA en empêchant les attaques et en atténuant les risques de lutter contre la menace croissante de la cybercriminalité.
Trend Micro collaborates with INTERPOL to defend FIFA World Cup by preventing attacks & mitigating risks to fight against the rising threat of cybercrime. |
Threat Prediction | ★★★ | |
|
2024-01-10 20:45:00 | Noabot: le dernier botnet basé à Mirai ciblant les serveurs SSH pour l'exploitation cryptographique NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining (lien direct) |
Un nouveau botnet basé à Mirai appelé & nbsp; noabot & nbsp; est utilisé par les acteurs de la menace dans le cadre d'une campagne minière de crypto depuis le début de 2023.
"Les capacités du nouveau botnet, Noabot, incluent un auto-répartiteur verbalable et une porte dérobée clé SSH pour télécharger et exécuter des binaires supplémentaires ou se propager à de nouvelles victimes", a déclaré le chercheur en sécurité Akamai, Stiv Kupchik, dans un rapport partagé avec le
A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims,” Akamai security researcher Stiv Kupchik said in a report shared with The |
Threat | ★★★ | |
 |
2024-01-10 19:52:40 | Pikabot malware se propage par les campagnes de phishing Pikabot Malware Spreading Through Phishing Campaigns (lien direct) |
Malware Threat Prediction | ★★ | ||
 |
2024-01-10 19:00:06 | Exploitation active de deux vulnérabilités zéro-jours dans Ivanti Connect Secure VPN Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN (lien direct) |
> La volexité a découvert l'exploitation active dans la fenêtre de deux vulnérabilités permettant l'exécution de code distant non authentifié dans les périphériques VPN sécurisés Ivanti Connect.Un article officiel de conseil et de base de connaissances a été publié par Ivanti qui comprend une atténuation qui devrait être appliquée immédiatement.Cependant, une atténuation ne remédie pas à un compromis passé ou continu.Les systèmes devraient simultanément être analysés en profondeur par détails dans ce post pour rechercher des signes de violation.Au cours de la deuxième semaine de décembre 2023, la volexité a détecté un mouvement latéral suspect sur le réseau de l'un de ses clients de services de surveillance de la sécurité de réseau.Après une inspection plus approfondie, Volexity a constaté qu'un attaquant plaçait des coteaux sur plusieurs serveurs Web internes et orientés externes.Ces détections ont lancé une enquête sur la réponse aux incidents sur plusieurs systèmes que la volexité a finalement retrouvé à l'Ivanti Connect Secure (ICS) de l'organisation (anciennement connu sous le nom de Pulse Connect Secure, ou simplement Pulse Secure).Une inspection plus approfondie [& # 8230;]
>Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN devices. An official security advisory and knowledge base article have been released by Ivanti that includes mitigation that should be applied immediately. However, a mitigation does not remedy a past or ongoing compromise. Systems should simultaneously be thoroughly analyzed per details in this post to look for signs of a breach. During the second week of December 2023, Volexity detected suspicious lateral movement on the network of one of its Network Security Monitoring service customers. Upon closer inspection, Volexity found that an attacker was placing webshells on multiple internal and external-facing web servers. These detections kicked off an incident response investigation across multiple systems that Volexity ultimately tracked back to the organization\'s Internet-facing Ivanti Connect Secure (ICS) VPN appliance (formerly known as Pulse Connect Secure, or simply Pulse Secure). A closer inspection […] |
Vulnerability Threat | ★★★ | |
|
2024-01-10 17:14:32 | Python in Threat Intelligence: Analyser et atténuer les cyber-menaces Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats (lien direct) |
> Par waqas
Dans le monde des menaces de cybersécurité émergentes, la compréhension de l'importance de l'intelligence des menaces est cruciale et ne peut pas & # 8230;
Ceci est un article de HackRead.com Lire la publication originale: Python dans les menaces de l'intelligence: analyse et atténuation des cyber-menaces
>By Waqas In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not… This is a post from HackRead.com Read the original post: Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats |
Threat | ★★★ | |
 |
2024-01-10 16:29:00 | Pikabot Malware surface en remplacement de Qakbot pour les attaques Black Basta Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks (lien direct) |
Un acteur de menace émergente, Water Curupera, exerce un nouveau chargeur sophistiqué dans une série de campagnes de phishing en filetage qui précèdent les ransomwares.
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware. |
Ransomware Malware Threat | ★★★ | |
|
2024-01-10 16:01:00 | Decryptor gratuit publié pour les victimes de ransomwares de tortilla de Black Basta et Babuk \\ Free Decryptor Released for Black Basta and Babuk\\'s Tortilla Ransomware Victims (lien direct) |
Un décrypteur pour la variante Tortilla du ransomware Babuk a été & nbsp; libéré & nbsp; par Cisco Talos, permettant aux victimes ciblées par le malware de retrouver l'accès à leurs fichiers.
Le cabinet de cybersécurité a déclaré que les renseignements sur les menaces qu'il partageaient avec les autorités néerlandaises de l'application des lois avaient permis d'arrêter l'acteur de menace derrière les opérations.
La clé de chiffrement a également été partagée avec Avast,
A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest the threat actor behind the operations. The encryption key has also been shared with Avast, |
Ransomware Malware Threat | ★★ | |
|
2024-01-10 15:24:35 | Cyber Threat Intelligence, un programme qui s\'adapte aux besoins des organisations (lien direct) | Cyber Threat Intelligence, un programme qui s'adapte aux besoins des organisations par Mickaël Walter, Threat Intelligence Officer au CERT (Computer Emergency Response Team) I-TRACING - Risk Management | Threat | ★★★ | |
 |
2024-01-10 15:00:00 | \\ 'Encore un autre botnet basé à Mirai \\' propose un cryptominer illicite \\'Yet another Mirai-based botnet\\' is spreading an illicit cryptominer (lien direct) |
Une opération bien conçue utilise une version du fameux Mirai Malware pour distribuer secrètement le logiciel d'extraction de crypto-monnaie, ont annoncé mercredi des chercheurs.L'appelant Noabot, des chercheurs d'Akamai ont déclaré que la campagne était active depuis environ un an, et elle a diverses bizarreries qui compliquent l'analyse des logiciels malveillants et pointent vers des acteurs de menace hautement qualifiés.Le
A well-designed operation is using a version of the infamous Mirai malware to secretly distribute cryptocurrency mining software, researchers said Wednesday. Calling it NoaBot, researchers at Akamai said the campaign has been active for about a year, and it has various quirks that complicate analysis of the malware and point to highly-skilled threat actors. The |
Malware Threat | ★★★ | |
 |
2024-01-10 14:45:00 | Cyber-insécurité et désinformation TOP WEF Global Risk List Cyber Insecurity and Misinformation Top WEF Global Risk List (lien direct) |
Les cyberattaques et la désinformation de la liste des risques mondiaux de WEF \\, avec une cybercriminalité, en raison de l'exploitation des progrès technologiques et de la domination de l'IA, des préoccupations concernant la vulnérabilité
Cyber-attacks and misinformation top WEF\'s list of global risks, with cybercrime poised to exploit tech advancements and AI dominance raising concerns about vulnerability |
Vulnerability Threat | ★★★ | |
 |
2024-01-10 12:27:04 | De nouvelles escroqueries financières représentent une menace croissante en 2024 New financial scams pose a growing threat in 2024 (lien direct) |
Pas de details / No more details | Threat | ★★★ | |
|
2024-01-10 11:00:00 | Attaques d'ingénierie sociale: exemples réels et comment les éviter Social engineering attacks: Real-life examples and how to avoid them (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. In the ever-evolving landscape of cybersecurity threats, social engineering remains a potent and insidious method employed by cybercriminals. Unlike traditional hacking techniques that exploit software vulnerabilities, social engineering manipulates human psychology to gain unauthorized access to sensitive information. In this article, we will delve into various social engineering tactics, highlighting real-life examples, and offering guidance on how to recognize and avoid falling victim to these deceptive schemes. Understanding social engineering Social engineering is an umbrella term encompassing a range of techniques used to exploit human behaviour. Attackers leverage psychological manipulation to trick individuals into divulging confidential information, clicking on malicious links, or performing actions that compromise security. The following are common social engineering tactics: 1. Phishing attacks: Real-life example: An employee receives an email purportedly from their company\'s IT department, requesting login credentials for a system upgrade. Guidance: Verify the legitimacy of such emails by contacting the IT department through official channels. 2. Pretexting: Real-life example: A scammer poses as a co-worker, claiming to need sensitive information urgently for a project. Guidance: Always verify requests for sensitive information directly with the person involved using trusted communication channels. 3. Baiting: Real-life example: Malicious software disguised as a free software download is offered, enticing users to compromise their systems. Guidance: Avoid downloading files or clicking on links from untrusted sources, and use reputable security software. 4. Quizzes and surveys: Real-life example: Individuals are tricked into taking quizzes that ask for personal information, which is then used for malicious purposes. Guidance: Be cautious about sharing personal details online, especially in response to unsolicited quizzes or surveys. 5. Impersonation: Real-life example: A fraudster poses as a tech support agent, convincing the victim to provide remote access to their computer. Guidance: Verify the identity of anyone claiming to represent a legitimate organization, especially if unsolicited. Recognizing social engineering attacks Recognizing social engineering attacks is crucial for thwarting cyber threats. Here are key indicators that can help individuals identify potential scams: Urgency and pressure: Attackers often create a sense of urgency to prompt impulsive actions. Be skeptical of requests that demand immediate responses. Unsolicited communications: Be wary of unexpected emails, messages, or calls, especially if they request sensitive information or prompt you to click on links. Unusual requests: Any request for sensitive information, such as passwords or financial details, should be treated with suspicion, especially if it deviates from normal procedures. Mismatched URLs: Hover over links to reveal the actual destination. Verify that the URL matches the purported source, and look for subtle misspellings or variations. How to avoid falling victim Protecting oneself from social engineering requires a combination of vigilance, skepticism, and proactive measures: Employee training programs: Conduct regular training sessions to educate employees about social engineering tactics, emphasizing the importance of verifying requests for sensitive information. Multi-factor authentication (MFA): Implement MFA to add an ext | Vulnerability Threat | ★★★ | |
|
2024-01-10 08:11:18 | La menace persistante des ransomwares: un aperçu de 2023 The Persistent Threat of Ransomware: A 2023 Overview (lien direct) |
> Alors que nous entrons dans une autre année, la menace persistante de ransomware reste une préoccupation critique pour ...
>As we enter another year, the persistent threat of ransomware remains a critical concern for... |
Ransomware Threat | ★★★ | |
|
2024-01-09 21:31:00 | Alerte: les pirates de curupera d'eau distribuant activement les logiciels malveillants du chargeur de pikabot Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware (lien direct) |
Un acteur de menace appelé Water Curupera a été observé en distribuant activement le & nbsp; pikabot & nbsp; chargeur malware dans le cadre des campagnes de spam en 2023.
«Les opérateurs de Pikabot \\ ont mené des campagnes de phishing, ciblant les victimes via ses deux composants - un chargeur et un module de base - ce qui a permis un accès à distance non autorisé et a permis l'exécution de commandes arbitraires via une connexion établie avec
A threat actor called Water Curupira has been observed actively distributing the PikaBot loader malware as part of spam campaigns in 2023. “PikaBot\'s operators ran phishing campaigns, targeting victims via its two components - a loader and a core module - which enabled unauthorized remote access and allowed the execution of arbitrary commands through an established connection with |
Spam Malware Threat | ★★ | |
 |
2024-01-09 19:43:17 | Emu-Lation: valider les détections pour Socgholish avec une équipe rouge atomique Emu-lation: Validating detections for SocGholish with Atomic Red Team (lien direct) |
Testez vos défenses contre les comportements communément associés à Socgholish, l'une de nos principales menaces du rapport de détection des menaces de l'année dernière.
Test your defenses against behaviors commonly associated with SocGholish, one of our top threats from last year\'s Threat Detection Report. |
Threat | ★★ | |
|
2024-01-09 19:15:00 | Des pirates turcs exploitant des serveurs MS SQL mal sécurisés à travers le monde Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe (lien direct) |
Les serveurs Microsoft SQL (MS SQL) mal sécurisés sont ciblés aux États-Unis, l'Union européenne et les régions latino-américaines (LATAM) dans le cadre d'une campagne en cours de motivation financière pour obtenir un accès initial.
"La campagne de menace analysée semble se terminer de deux manières, soit la vente de \\ 'Access \' à l'hôte compromis, soit la livraison ultime de charges utiles de ransomware", chercheurs de Securonix
Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain initial access. “The analyzed threat campaign appears to end in one of two ways, either the selling of \'access\' to the compromised host, or the ultimate delivery of ransomware payloads,” Securonix researchers |
Ransomware Threat | ★★★ | |
|
2024-01-09 18:36:00 | Turkish Cyber Threat cible les serveurs MSSQL avec des ransomwares Mimic Turkish Cyber Threat Targets MSSQL Servers With Mimic Ransomware (lien direct) |
La base de données de Microsoft \\ continue d'attirer l'attention cybercriminale;La nature de ce groupe de menaces de cette vague est inconnue, les attaques n'ayant été exposées qu'après un décalage opsec.
Microsoft\'s database continues to attract cybercriminal attention; the nature of this wave\'s threat group is unknown, with the attacks having been exposed only after a happenstance OpSec lag. |
Ransomware Threat | ★★ | |
|
2024-01-09 16:15:00 | Des pirates turcs ciblant les serveurs de base de données avec des ransomwares Mimic Turkish hackers targeting database servers with Mimic ransomware (lien direct) |
Les pirates turcs visent des bases de données aux États-Unis, à l'Union européenne et en Amérique latine avec le Ransomware Mimic, selon de nouvelles recherches de la société de cybersécurité Securonix.Oleg Kolesnikov, vice-président de la recherche sur les menaces, a déclaré à enregistrer Future News que ce qui s'est le plus démarqué dans la campagne, c'est que les pirates ont personnalisé leurs attaques pour chaque victime
Turkish hackers are targeting databases in the United States, European Union and Latin America with the Mimic ransomware, according to new research from cybersecurity company Securonix. Oleg Kolesnikov, vice president of threat research, told Recorded Future News that what stood out most about the campaign was that the hackers customized their attacks for each victim |
Ransomware Threat | ★★ | |
 |
2024-01-09 16:09:01 | Victimes de ransomwares ciblées par de fausses offres de hack-back Ransomware victims targeted by fake hack-back offers (lien direct) |
Certaines organisations victimes des gangs royaux et ransomwares d'Akira ont été ciblées par un acteur de menace se faisant passer pour un chercheur en sécurité qui a promis de pirater l'attaquant d'origine et de supprimer les données de victime volées.[...]
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [...] |
Ransomware Hack Threat | ★★★ | |
 |
2024-01-09 14:24:00 | Alerte Vert Threat: Janvier 2024 Patch mardi Analyse VERT Threat Alert: January 2024 Patch Tuesday Analysis (lien direct) |
Aujourd'hui, les adresses d'alerte VERT de \\ sont des mises à jour de sécurité de Janvier 2024 de Microsoft \\.Vert travaille activement sur la couverture de ces vulnérabilités et prévoit d'expédier ASPL-1088 dès la fin de la couverture.CVE dans la volonté et divulgués, il n'y avait pas de CVE in-wild ou divulgué inclus dans la goutte de mardi de patch de janvier.La ventilation de CVE par TAG tandis que les groupes historiques de Bulletin de sécurité Microsoft ont disparu, les vulnérabilités Microsoft sont taguées avec un identifiant.Cette liste fournit une ventilation des CVE sur une base par étiquette.Les vulnérabilités sont également codées par couleur pour aider à identifier les problèmes clés ...
Today\'s VERT Alert addresses Microsoft\'s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues... |
Vulnerability Threat | ★★ | |
|
2024-01-09 13:47:00 | Méfiez-vous!Les vidéos YouTube faisant la promotion du logiciel Cracked Distribuent Lummma Stealer Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer (lien direct) |
Les acteurs de la menace recourent à des vidéos YouTube avec du contenu lié à des logiciels fissurés afin d'atteindre les utilisateurs dans le téléchargement d'un malware d'information sur le voleur appelé Lumma.
«Ces vidéos YouTube présentent généralement du contenu lié aux applications fissurées, présentant les utilisateurs avec des guides d'installation similaires et incorporant des URL malveillantes souvent raccourcis à l'aide de services comme Tinyurl et Cuttly,
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. “These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly, |
Malware Threat | ★★★ | |
 |
2024-01-09 13:00:53 | Décembre 2023 \\'s Mostware le plus recherché: la résurgence de QBOT et FakeUpdates December 2023\\'s Most Wanted Malware: The Resurgence of Qbot and FakeUpdates (lien direct) |
> Les chercheurs ont découvert un renouveau du logiciel malveillant QBOT, qui a été détecté dans les tentatives de phishing destinées à l'industrie hôtelière.Pendant ce temps, le téléchargeur FakeUpdates a sauté à la première place de notre dernier indice mondial de menaces pour décembre 2023, les chercheurs ont vu la résurrection de QBOT, quatre mois après les États-Unis et les forces de l'ordre internationales démantelées son infrastructure dans l'opération Duck Hunt en août 2023. En attendant, le téléchargeur Javascript FakeUpdates a sauté dansLe premier lieu et l'éducation sont restés l'industrie la plus touchée dans le monde.Le mois dernier, le malware QBOT a été utilisé par les cybercriminels dans le cadre d'une attaque de phishing à échelle limitée des organisations de ciblage dans le secteur de l'hôtellerie.Dans la campagne, les chercheurs [& # 8230;]
>Researchers discovered a revival of the Qbot malware, which was detected in phishing attempts directed at the hospitality industry. Meanwhile, downloader FakeUpdates jumped into first place Our latest Global Threat Index for December 2023 saw researchers identify the resurrection of Qbot, four months after US and International law enforcement dismantled its infrastructure in Operation Duck Hunt in August 2023. Meanwhile, JavaScript downloader FakeUpdates jumped into first place and Education remained the most impacted industry worldwide. Last month, Qbot malware was employed by cybercriminals as part of a limited-scale phishing attack targeting organizations in the hospitality sector. In the campaign, researchers […] |
Malware Threat | ★★ | |
|
2024-01-09 11:57:12 | L'augmentation préoccupante des attaques centrées sur l'identité: tendances et faits The Concerning Rise in Identity-Centric Attacks: Trends and Facts (lien direct) |
Identity threats are by no means a new type of crime. But in today\'s increasingly digitized world, there are more opportunities for bad actors to steal identities and engage in identity-centric attacks than ever before. Unfortunately, user identities are tough for businesses to protect. The fact that these types of attacks are skyrocketing is evidence of that-in the past year alone the Identity Defined Security Alliance reports that a whopping 84% of companies experienced an identity-related security breach. In this post, we\'ll take a look at identity attack statistics and trends and provide some recent case studies to illustrate how some attacks work. We\'ll also highlight one of the most important identity threat facts-that the human element plays a crucial role in the success of these attacks. Understanding identity-centric attacks There are many types of identity attacks. When most people think of these types of crimes, they often imagine traditional identity theft scenarios: Financial identity theft, where a criminal gains access to a victim\'s financial data, like their credit card details, bank account numbers or Social Security number, to make unauthorized purchases, withdraw funds or open new accounts. Tax identity theft, where a bad actor uses a victim\'s personal information to file false tax returns and claim refunds, diverting the money to their own accounts. Employment identity theft, where a fraudster uses a victim\'s identity to get a job, potentially causing issues for that person when discrepancies arise in their employment and tax records. But identity-based attacks also target enterprises and their online users. The cybercriminals behind these attacks might aim to steal sensitive data, siphon off funds, damage or disrupt systems, deploy ransomware or worse. Those are the types of identity attacks we\'re covering here. Identity threat trends and tactics In short, identity-centric attacks are a practical calculation by bad actors: Why would they invest their time and resources to build exploits to help them get in through a virtual back door when they can just walk through the front door? But before they reap the rewards, they still have some legwork to do. Here are a few techniques that cybercriminals use to progress identity-based attacks against businesses and their users: MFA bypass attacks. Many businesses today use multifactor authentication (MFA) to protect the account of their users. It\'s more secure than using passwords alone. But of course, bad actors have found new ways to bypass commonly used MFA methods. MFA fatigue attacks are one example. People-activated malware. People often give life to malware when they fall for a phishing scam or other social engineering tactics. Malware can appear in the form of a .zip file, QR code, .html link, MS Office file and more-there are at least 60 known techniques to plant people-activated malware on corporate networks. Active Directory (AD) attacks. Most enterprises today use AD as a primary method for directory services like user authentication and authorization. Cybercriminals are keen to target AD, which touches almost every place, person and device on a network. This approach works very well, too-more than half of identity-related breaches can be traced back to AD. Cached credentials harvesting. Cached credentials are commonly stored on endpoints, in memory, in the registry, in a browser or on disk. Attackers use various tools and techniques to collect these credentials and gain access to more privileged identities. Once they have harvested these credentials, they can use them to move laterally and log into different applications. Adversaries are likely to find a good “crop” when they are harvesting cached credentials. Recent research from Proofpoint found that more than one in 10 endpoints have exposed privileged account passwords, making it one of the most common identity risks. Keep in mind that cybercriminals are always innovating, and they are quick to build or adopt tools that | Ransomware Malware Tool Threat Studies | Uber | ★★ |
|
2024-01-09 11:00:00 | Histoires du SOC: quelque chose sent Phishy Stories from the SOC: Something smells phishy (lien direct) |
Executive summary
In the current cyber landscape, adversaries commonly employ phishing as the leading technique to compromise enterprise security. The susceptibility of human behavior makes individuals the weakest link in the security chain. Consequently, there is an urgent need for robust cybersecurity measures. Phishing, which capitalizes on exploiting human behavior and vulnerabilities, remains the adversary\'s top choice. To counter this threat effectively, ongoing education and awareness initiatives are essential. Organizations must recognize and address the pivotal role of human vulnerability in cybersecurity.
During regular business hours, an alarm was generated due to a customer’s user that had interacted with a potentially malicious phishing link. This prompted a thorough investigation conducted by analysts that involved leveraging multiple Open-Source Intelligence (OSINT) tools such as VirusTotal and URLscan.io. Through a meticulous examination, analysts were able to unveil suspicious scripts within the phishing webpage’s Document Object Model (DOM) that pinpointed an attempt to exfiltrate user credentials. This detailed analysis emphasizes the importance of proactive cybersecurity measures and showcases the effectiveness of analysts leveraging OSINT tools along with their expertise to accurately assess threats within customer’s environments.
Investigation
The alarm
The Managed Detection and Response (MDR) Security Operations Center (SOC) initially received an alarm triggered by a potentially malicious URL that a user received in their inbox. Office 365\'s threat intelligence feed flagged this URL as potentially malicious. The initial steps in addressing this alarm involve two key actions.
First, it is crucial to determine the scope of impact on the customer\'s environment by assessing how many other users received the same URL. Second, a thorough validation process is essential to confirm whether the URL is indeed malicious. These initial steps lay the foundation for a comprehensive response to safeguard the security of the environment.
To determine how many users received the same URL, a comprehensive search within the customer\'s environment revealed that no other users received the same URL. As a result, only one user is affected, suggesting that this is an isolated incident and does not appear to be part of a targeted attack on the customer\'s environment. With this understanding, the focus can now shift to the second step: Validating the reputation of the URL.
By employing the OSINT tool VirusTotal and inputting the URL received by the user, we aim to assess its potential threat level. VirusTotal aggregates results from various security vendors to provide a comprehensive analysis. In the current evaluation, 13 out of 90 security vendors classify this URL as malicious. It\'s important to note that while the number of vendors flagging the URL is a key factor, a conclusive determination of malicious intent typically considers a consensus among a significant portion of these vendors. A higher number of detections by diverse security platforms strengthens the confidence in labeling the URL as malicious.
With a potentially malicious URL identified, it is imperative to delve deeper to ascertain the underlying reasons for its malicious reputation. Analysts will utilize a tool such as URLscan.io for this purpose. URLscan.io serves as a sandbox, providing a risk-free environment for visiting websites. This tool is instrumental in conducting a thorough examination to uncover the nuances contributing to the URL\'s malicious classification.
After entering our identified malicious URL into URLscan.io, |
Data Breach Tool Vulnerability Threat | ★★ | |
|
2024-01-09 10:02:04 | IP criminel et partenaire tenable pour la détection de vulnérabilité rapide Criminal IP and Tenable Partner for Swift Vulnerability Detection (lien direct) |
Le moteur de recherche Cyber Threat Intelligence (CTI) Criminal IP a établi un partenariat technique avec Tenable.En savoir plus sur Criminal IP sur la façon dont ce partenariat peut aider à la vulnérabilité en temps réel et aux analyses de malveillance.[...]
Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans. [...] |
Vulnerability Threat Technical | ★★ | |
|
2024-01-09 05:30:27 | Securonix Threat Research Security Advisory: New Re # Turncence Attack Campaign: les pirates turcs ciblent les serveurs MSSQL pour fournir un ransomware de mimique à l'échelle du domaine Securonix Threat Research Security Advisory: New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware (lien direct) |
Securonix Threat Research Security Advisory: New Re # Turncence Attack Campaign: les pirates turcs ciblent les serveurs MSSQL pour fournir un ransomware de mimique à l'échelle du domaine
Securonix Threat Research Security Advisory: New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware |
Ransomware Threat | ★★★ | |
|
2024-01-09 05:14:39 | Vol de comptes de compte dans les environnements de domaine détectés par EDR Account Credentials Theft in Domain Environments Detected by EDR (lien direct) |
«Reconnaissance interne dans les environnements de domaine détecté par EDR» [1] Couvrait des cas où l'EDR a été utiliséDétecter le processus d'un acteur de menace qui reprend un système dans un environnement Active Directory avant de mener une reconnaissance interne pour collecter des informations.Si l'infrastructure d'une organisation est un environnement qui utilise Active Directory, l'acteur de menace peut effectuer une reconnaissance interne pour collecter des informations sur l'environnement du domaine, voler des informations d'identification, les utiliser pour un mouvement latéral et, finalement, prendre le contrôle du ...
The “Internal Reconnaissance in Domain Environments Detected by EDR” [1] post covered cases where EDR was used to detect the process of a threat actor taking over a system in an Active Directory environment before conducting internal reconnaissance to collect information. If an organization\'s infrastructure is an environment that uses Active Directory, the threat actor can perform internal reconnaissance to collect information on the domain environment, steal account credentials, use these for lateral movement, and ultimately seize control over the... |
Threat | ★★ | |
 |
2024-01-09 00:00:00 | Exigences de cyber-assurance: ce qui est en magasin pour 2024 Cyber insurance requirements: What\\'s in store for 2024 (lien direct) |
À mesure que le paysage de la menace évolue et que le coût des violations de données augmente, les exigences de cyber-assurance des transporteurs seront également.Le spécialiste du cyber-risque Vince Kearns partage ses 4 prédictions pour 2024.
As the threat landscape evolves and the cost of data breaches increase, so will cyber insurance requirements from carriers. Cyber Risk Specialist Vince Kearns shares his 4 predictions for 2024. |
Threat | ★★ | |
|
2024-01-08 23:00:00 | Outil de surveillance des cactus enrichi par une vulnérabilité critique d'injection SQL Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability (lien direct) |
Les attaquants peuvent exploiter le problème pour accéder à toutes les données dans la base de données CACTI;Et, il permet RCE lorsqu'il est enchaîné avec une vulnérabilité précédente.
Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability. |
Tool Vulnerability Threat | ★★★ | |
 |
2024-01-08 22:00:59 | Problèmes séculaires au partage d'informations sur la cyber-menace demeure, Age-old problems to sharing cyber threat info remain, IG report finds (lien direct) |
> Sur-classification, un déluge de données et des ressources humaines et technologiques insuffisantes entravent toutes le partage des données de menace.
>Over-classification, a deluge of data and insufficient human and technological resources all hinder the sharing of threat data. |
Threat Studies | ★★★ | |
|
2024-01-08 21:49:00 | Turkish Apt \\ 'Turtle de la mer \\' refait surface pour espionner l'opposition kurde Turkish APT \\'Sea Turtle\\' Resurfaces to Spy on Kurdish Opposition (lien direct) |
Un ancien acteur de menace aligné par l'État est de retour sur le radar, grâce aux récentes campagnes d'espionnage EMEA contre un groupe ethnique minoritaire.
An old state-aligned threat actor is back on the radar, thanks to recent EMEA espionage campaigns against a minority ethnic group. |
Threat | ★★★ | |
|
2024-01-08 21:45:00 | Turkish \\ 'Sea Turtle \\' Les pirates ciblent les entreprises néerlandaises dans la campagne d'espionnage Turkish \\'Sea Turtle\\' hackers target Dutch companies in espionage campaign (lien direct) |
Selon un récent rapport, des pirates turcs parrainés par l'État ciblant les télécommunications, les médias et les entreprises technologiques aux Pays-Bas dans une campagne d'espionnage, selon un récent rapport.La campagne a été lancée par l'acteur de menace connu sous le nom de Sea Turtle, qui opère dans l'alignement avec les intérêts turcs, des chercheurs de la société néerlandaise de cybersécurité Hunt & AMP;Dit Hackett.Le groupe \\ est multiple
Turkish state-sponsored hackers have been observed targeting telecom, media, and tech companies in the Netherlands in an espionage campaign, according to a recent report. The campaign was launched by the threat actor known as Sea Turtle, which operates in alignment with Turkish interests, researchers at Dutch cybersecurity firm Hunt & Hackett said. The group\'s multiple |
Threat | ★★★ | |
 |
2024-01-08 21:44:27 | Un joueur devenu développeur de logiciels malveillants: plongée en silverrat A Gamer Turned Malware Developer: Diving Into SilverRAT (lien direct) |
#### Description
Le Silver Rat V1.0 est un cheval de Troie (RAT) à accès à distance basé sur Windows qui a été observé pour la première fois en novembre 2023. Les développeurs de Silver Rat fonctionnent sur plusieurs forums de pirate et plateformes de médias sociaux, présentant une présence active et sophistiquée.
Le rat a des capacités de contourner les anti-virus et de lancer secrètement des applications cachées, des navigateurs, des keyloggers et d'autres activités malveillantes.Lors de la génération d'une charge utile à l'aide du constructeur de Silver Rat \\, les acteurs de la menace peuvent sélectionner diverses options avec une taille de charge utile jusqu'à un maximum de 50 Ko.Une fois connecté, la victime apparaît sur le panneau Silver Rat contrôlé par l'attaquant, qui affiche les journaux de la victime en fonction des fonctionnalités choisies.L'acteur de menace peut masquer les processus sous faux titres, et la charge utile finale peut être générée dans un fichier exécutable Windows, livré par diverses méthodes d'ingénierie sociale.
#### URL de référence (s)
1. https://www.cyfirma.com/outofband/a-gamer-turned-malware-developer-diving-into-silverrat-and-its-tyrian-roots/
#### Date de publication
8 janvier 2024
#### Auteurs)
Cyfirma
#### Description The Silver RAT v1.0 is a Windows-based Remote Access Trojan (RAT) that was first observed in November 2023. The developers of Silver RAT operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence. The RAT has capabilities to bypass anti-viruses and covertly launch hidden applications, browsers, keyloggers, and other malicious activities. While generating a payload using Silver RAT\'s builder, threat actors can select various options with a payload size up to a maximum of 50kb. Once connected, the victim appears on the attacker controlled Silver RAT panel, which displays the logs from the victim based on the functionalities chosen. The threat actor can hide processes under false headings, and the final payload can be generated in a Windows executable file, delivered through various social engineering methods. #### Reference URL(s) 1. https://www.cyfirma.com/outofband/a-gamer-turned-malware-developer-diving-into-silverrat-and-its-syrian-roots/ #### Publication Date January 8, 2024 #### Author(s) Cyfirma |
Malware Threat | ★★★ | |
|
2024-01-08 21:05:24 | Channes YouTube piratées pour répandre Lummma Stealer via un logiciel Cracked YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software (lien direct) |
> Par waqas
Lumma Stealer, une menace bien connue pour les informations d'identification des utilisateurs, a été activement promue sur les canaux Web et télégrammes Dark depuis 2022.
Ceci est un article de HackRead.com Lire le post original: Les chaînes YouTube piratées pour répandre Lumma Stealer via un logiciel Cracked
>By Waqas Lumma Stealer, a well-known threat to user credentials, has been actively promoted on the dark web and Telegram channels since 2022. This is a post from HackRead.com Read the original post: YouTube Channels Hacked to Spread Lumma Stealer via Cracked Software |
Threat | ★★★ | |
|
2024-01-08 19:34:00 | Hackers syriens distribuant un rat argent furtif en C # aux cybercriminels Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals (lien direct) |
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that\'s equipped to bypass security software and stealthily launch hidden applications.
“The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said in a report
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called Silver RAT that\'s equipped to bypass security software and stealthily launch hidden applications. “The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence,” cybersecurity firm Cyfirma said in a report |
Threat | ★★ |
To see everything:
Our RSS (filtrered)
