This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-30T04:59:23+00:00 www.secnews.physaphae.fr Minerva - Minerva Security researcher Blog 2023-01-19T14:22:50+00:00 https://minerva-labs.com/blog/new-version-of-remcos-rat-uses-direct-syscalls-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8302548 False Tool None 5.0000000000000000 Minerva - Minerva Security researcher Blog We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora […] ]]> 2022-12-29T12:30:23+00:00 https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8296136 False Ransomware None 3.0000000000000000 Minerva - Minerva Security researcher Blog Windows Services are the OS mechanism used to initiate processes at system startup which provide services not tied to user interaction. Windows services consist of three components: a service application, a service control program (SCP), and the service control manager (SCM).    Characteristics of a service application.   Service applications consist of at least one […] ]]> 2022-11-24T14:24:10+00:00 https://minerva-labs.com/blog/windows-service-failure-recovery-easily-exploitable-for-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8296137 False Ransomware None 2.0000000000000000 Minerva - Minerva Security researcher Blog IceXLoader was discovered last June by FortiGuard Labs. It is a commercial malware used to download and deploy additional malware on infected machines. While the version discovered in June (v3.0) looked like a work-in-progress, we recently observed a newer v3.3.3 loader which looks to be fully functionable and includes a multi-stage delivery chain.  Figure 1. […] ]]> 2022-11-08T14:18:48+00:00 https://minerva-labs.com/blog/new-updated-icexloader-claims-thousands-of-victims-around-the-world/ www.secnews.physaphae.fr/article.php?IdArticle=8296138 False Malware None 3.0000000000000000 Minerva - Minerva Security researcher Blog Google recently announced that as of February 2023, it will be dropping support for Windows 7 and 8.1, focusing on Windows 10, 11 and beyond. Even though older Google Chrome versions will still continue to work after support is dropped on Windows 7 / 8.1, the impact of this announcement is that browsers on these […] ]]> 2022-11-03T13:46:14+00:00 https://minerva-labs.com/blog/how-you-can-keep-chrome-browser-secure-on-windows-7-and-8-1/ www.secnews.physaphae.fr/article.php?IdArticle=8296139 False None None 3.0000000000000000 Minerva - Minerva Security researcher Blog STOP/DJVU ransomware has been with us since 2019. New versions are released periodically; however, the new STOP/DJVU ransomware versions usually focus on adding new encrypted file extensions. There were almost 200 different encryption extensions observed in the wild through 2019 alone.    This ransomware contains a lot of unused code, probably inserted to delay malware […] ]]> 2022-08-25T10:23:06+00:00 https://minerva-labs.com/blog/stop-djvu-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8296140 False Ransomware,Malware None 3.0000000000000000 Minerva - Minerva Security researcher Blog This is the third part of our malware evasion techniques series. If you'd like, you can also review our other articles on sandbox evasion and Living off the Land. This article introduces a set of evasion techniques wherein malware takes advantage of running processes. These techniques fall under the broad category of malware evasion techniques known as ]]> 2022-08-16T14:24:32+00:00 https://minerva-labs.com/blog/malware-evasion-memory-injection/ www.secnews.physaphae.fr/article.php?IdArticle=8296141 False Malware None 3.0000000000000000 Minerva - Minerva Security researcher Blog This month the Lockbit ransomware gang announced their first Bug Bounty program as part of their evolution into Lockbit 3.0.  A first sample of the new version was published by Arda Büyükkaya. According to theirnew ransomware wallpaper that appears after encryption, this specific version has been named 'Lockbit Black', which interestingly followstheir new execution method which is pretty similar tothe BlackCat ransomware execution method. There are actually even more similarities between the two ransomwares. ]]> 2022-07-10T18:03:54+00:00 https://blog.minerva-labs.com/lockbit-3.0-aka-lockbit-black-is-here-with-a-new-icon-new-ransom-note-new-wallpaper-but-less-evasiveness www.secnews.physaphae.fr/article.php?IdArticle=5667594 False Ransomware None None Minerva - Minerva Security researcher Blog ]]> 2022-06-20T13:00:00+00:00 https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products www.secnews.physaphae.fr/article.php?IdArticle=5667595 False None None None Minerva - Minerva Security researcher Blog The new zero-day MS Word vulnerability recently discovered by Nao_Sec on May 27, 2022, titled 'Follina' (CVE-2022-30190) targeting Microsoft Office is being actively utilised, Minerva researchers found. The exploit targets a vulnerability in Microsoft's Windows Support Diagnostic Tool (MSDT) that occurs due to the ms-msdt MSProtocol URI scheme which could load code and execute via PowerShell despite macros being disabled. Successful exploitation of the CVE enables an attacker to execute arbitrary code on the targeted host. However, the attacker must socially engineer the victim into opening a specially crafted file to exploit this issue which requires a targeted effort to succeed making the vulnerability less prominent to unskilled actors but highly relevant to ransomware gangs such as CONTI, CL0P and ALPHV. To combat this new threat businesses must focus on threat prevention-an approach in which Minerva excels.]]> 2022-05-31T16:33:34+00:00 https://blog.minerva-labs.com/new-microsoft-office-follina-zero-day-already-shared-on-ransomware-forums www.secnews.physaphae.fr/article.php?IdArticle=5667596 False Threat,Ransomware,Tool,Vulnerability None None Minerva - Minerva Security researcher Blog ]]> 2022-05-19T16:53:56+00:00 https://blog.minerva-labs.com/what-makes-ransomware-so-different-from-other-malware-and-cyber-threats www.secnews.physaphae.fr/article.php?IdArticle=5667597 False Ransomware,Malware None None Minerva - Minerva Security researcher Blog Obfuscation is one the many techniques used by malware to evade static analysis methods and traditional anti-malware solutions which rely on hashes and strings for malware detection and analysis. This post is part of our series on malware evasion techniques. Feel free to read the other posts in this series which discussed Living off the Land, Sandbox Evasion, and detecting security and forensic tools.]]> 2022-05-09T14:40:29+00:00 https://blog.minerva-labs.com/malware-evasion-techniques-obfuscated-files-and-information www.secnews.physaphae.fr/article.php?IdArticle=5667598 True Malware None None Minerva - Minerva Security researcher Blog BluStealer malware was first detected in May 2021 by James_inthe_box. Back then, it was delivered through a phishing mail, either as an attachment or a Discord link leading to the malware download URL. According to Avast 2021 analysis, it “consists of a core written in Visual Basic and the C# .NET inner payload(s). The VB core reuses a large amount of code from a 2004 SpyEx project. Its capabilities to steal crypto wallet data, swap crypto addresses present in the clipboard, find and upload document files, exfiltrate data through SMTP and the Telegram Bot API, as well as anti-analysis/anti-VM tactics” ]]> 2022-05-03T15:37:31+00:00 https://blog.minerva-labs.com/a-new-blustealer-loader-uses-direct-syscalls-to-evade-edrs www.secnews.physaphae.fr/article.php?IdArticle=5667599 False Malware,Guideline None None Minerva - Minerva Security researcher Blog ]]> 2022-05-02T09:54:14+00:00 https://blog.minerva-labs.com/new-black-basta-ransomware-hijacks-windows-fax-service www.secnews.physaphae.fr/article.php?IdArticle=5667600 False Ransomware None None Minerva - Minerva Security researcher Blog This is the third post in our evasion techniques blog series. Feel free to view the other posts which discussed Sandbox Evasion and Living Off the Land techniques.]]> 2022-04-11T10:28:22+00:00 https://blog.minerva-labs.com/malware-evasion-detecting-security-and-forensic-tools www.secnews.physaphae.fr/article.php?IdArticle=5667601 False Tool None None Minerva - Minerva Security researcher Blog A new report by Splunk recently revealed that some ransomware variants encrypt files at a staggering rate of 25,000 files per minute. This means that now might be a good time to revisit your threat detection and response strategy. It's pretty clear that the moment a ransomware starts encrypting files, it's a losing race against time to minimize (not stop) the damage.   ]]> 2022-03-31T11:45:00+00:00 https://blog.minerva-labs.com/what-does-it-take-to-beat-the-worlds-fastest-encrypting-ransomware www.secnews.physaphae.fr/article.php?IdArticle=5667602 False Threat,Ransomware None None Minerva - Minerva Security researcher Blog SunCrypt is a RaaS (Ransomware as a Service) group that was first seen in October 2019, and was one of the first groups to apply triple extortion* tactics to their attacks. Unlike other RaaS groups, SunCrypt runs a small and closed affiliate program. The first version of this ransomware was written in GO, but after C and C++ versions were released in mid-2020, the group became much more active. SunCrypt mostly affects the Services, Technology, and Retail industries. Our researchers recently identified an updated version of this ransomware which includes additional capabilities. ]]> 2022-03-30T10:15:00+00:00 https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022 www.secnews.physaphae.fr/article.php?IdArticle=5667603 False Ransomware None None