本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
THREAT INTELLIGENCE/HUNTING
Adam Goss
Python Threat Hunting Tools: Part 5 — Command Line ArgumentsAdam Goss·Follow9 min read·4 days ago--ShareWelcome back to this series on building threat hunting tools!In this series, I will be showcasing a variety of threat hunting tools that you can use to hunt for threats, automate tedious processes, and extend to create your own toolkit! The majority of these tools will be simple with a focus on being easy to understand and implement. This is so that you, the…----FollowWritten by Adam Goss326 F...
Roman Lvovsky at Akamai
Amr Ashraf
4 minute read On this page Overview Technical Analysis Capabilities Kernel Debugging Shell Code Analysis Stage 2 Yara Rule hashes Ida Database Resources Overview Wintapix Driver is a malicious driver that was operating about three years ago but just caught the eyes of the hunters a little while ago. It’s primarily targeting saudi arabia as a large number of the samples found were there and also in the middle east. the operator behind it is not specifically known, but from the targets and TTPs, t...
2 minute read On this page OverView SIEM Setup Hunting Attack Timeline Resources OverView I Got throw a writeup for an Active Directory lab environment where the author started a lateral movement in the environment which was monitored in a Splunk SIEM solution (just Event logs collected), So I will go throw every step on the attack and the resulting logs. You can find the attack documentation and the Splunk VM in the resources. The following image explains the topology of the environment and the...
Anomali
by Anomali Threat Research The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, DLL Side-Loading, Living off the Land, Operational technology, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats...
Jeremy Fuchs at Avanan
The Picture in Picture Attack Posted by Jeremy Fuchs on June 1, 2023 Tweet Successful hacks rarely spell out what’s about to happen. Instead, hackers rely on deceptive social engineering tactics. The idea is to get you to think you’re doing something legitimate but is, in fact, not. One way to do that is through obfuscation. By hiding the true intent of the email, it may be more likely that a security scanner thinks it is clean and that an end-user engages with it. One way to do that is to use s...
Avast
118480342139 Security news Luis Corrons 2-06-2023 Skip to main content <Close For home For home Products for PC and mobile phone protection For business For business Protect your business with Avast For partners For partners Partner with Avast and boost your business About us About us Careers, investors, media, contact Blogs Academy, Blog, Decoded, Forum Worldwide (English) For home Security Free Antivirus Basic protection for all your devices Free Antivirus Basic protection for all your devices...
The rise and fall of ransomware: Insights from Avast's Q1/2023 Threat Report The rise and fall of ransomware: Insights from Avast's Q1/2023 Threat Report Emma McGowan 2 Jun 2023 Ransomware has been a prominent threat in cybersecurity for more than a decade, but the rates of incidents are showing slight decline. The Avast Q1/2023 Threat Report examines why. What’s on your computer right now? Let’s make a list. Start with every work-related document you’ve used or created in the last six months. A...
Avertium
May 31, 2023 Executive Summary Cuba ransomware first appeared in 2019 but remained relatively unnoticed until November 2021, when they reportedly targeted a minimum of 49 organizations across various sectors. The sectors included government, healthcare, information technology, manufacturing, and finance. During this time, Cuba ransomware operators were infiltrating networks by encrypting files using the “.cuba” extension. Over the years, the ransom demands from Cuba totals at least $145 million,...
BleepingComputer
Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Brad Duncan at Malware Traffic Analysis
2023-05-29 (MONDAY) - PCAP AND MALWARE FOR ISC DIARY (MODILOADER/REMCOS RAT) The ISC diary is for Tuesday 2023-05-30: Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT Zip files are password-protected. If you don't know the password, see the "about" page of this website. ASSOCIATED FILES: 2023-05-29-IOCs-for-ModiLoader-Remcos-RAT-infection.txt.zip 2.2 kB (2,224 bytes) 2023-05-29-ModiLoader-Remcos-RAT-malspam-0414-UTC.eml.zip 700.1 kB (700,650 bytes) 2023-05-29-ModiLoader-Remcos-RAT...
Censys
CERT Ukraine
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 27 maggio â 01 giugno 2023 Sintesi riepilogativa delle campagne malevole nella settimana del 27 maggio â 01 giugno 2023 01/06/2023 riepilogo In questa settimana, il CERT-AgID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 40 campagne malevole, di cui 37 con obiettivi italiani e tre generiche che hanno comunque interessato lâItalia, mettendo a disposizione dei suoi enti accreditati i re...
Check Point Research
Cisco’s Talos
By Chetan Raghuprasad Thursday, June 1, 2023 08:06 Threat Spotlight SecureX Threats Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.The threat actor appears to be targeting Spanish-speaking users in the Americas and, based on our analysis, may be located in Brazil.Horabot enables the threat...
By William Largent Friday, June 2, 2023 17:06 Threat Roundup Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 26 and June 2. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.As a reminder, the information provi...
Cleafy
Published:31/5/23Download the PDF version Download your PDF⨠guide to TeaBotGet your free copy to your inbox nowDownload PDF VersionSum up and new discoveriesHere we are again with another chapter of our journey in the malware wonderland. In âChapter 1: Introduction and Malspamâ,  we have seen that TAs will spread malicious files through a quite classic method, malspam. These files, once downloaded, start monitoring the victimâs machine. Then, if the operator managing the attack chooses...
Cyble
May 30, 2023 Bl00dy Ransomware Group, after targeting several universities and colleges in the US with PaperCut NG critical vulnerability in April-May 2023, has claimed its first victim in India on May 28, 2023, and demanded a ransom of USD 90,000. Cyble Research & Intelligence Labs (CRIL) elaborately covered the criticality of this vulnerability and exposed worldwide assets in a blog on April 25, 2023. Details of the Incident On May 28, 2023, the Bl00dy ransomware group claimed to compromise an...
May 30, 2023 Android Banking Trojan Targets Users Holding Over R$500 Pix, the instant payment platform, has revolutionized the way payments and transfers are carried out, offering unparalleled convenience to users. An impressive statistic provided by Banco Central do Brasil reveals that over 138 million users have transacted using Pix as of April 2023; it’s clear that its popularity continues to soar. However, as this innovative technology empowers users, it has also captured the attention of Th...
May 31, 2023 Exposed OT devices being targeted alongside GhostSec selling zero-day exploit In the aftermath of the arrest of hacker “Org0n” by Colombian Authorities, various hacktivists showed their resentment by actively participating in #OpColombia and #FreeOrg0n propaganda campaigns. When law enforcement agencies apprehend a prominent hacker or hacktivist, it often serves as a rallying point for other hacktivists to react. Similarly, this arrest galvanized and inspired hacktivist groups like ...
June 1, 2023 Threat Actors Utilize Undetected Loaders for Stealthy Attacks SharpPanda, an APT group originating from China, has seen a rise in its cyber-attack operations starting from at least 2018. The APT group utilizes spear-phishing techniques to obtain initial access, employing a combination of outdated Microsoft Office document vulnerabilities, novel evasion techniques, and highly potent backdoor malware. This backdoor enables Threat Actors (TAs) to exfiltrate system information, files, a...
June 1, 2023 A Newly Established Triple-Extortion Affiliate Program Executive Summary Cyble Research & Intelligence Labs (CRIL) observed a newly established Ransomware-as-a-Service (Raas) program dubbed ‘NoEscape’ offered in a cybercrime forum at the end of May 2023 and was looking to hire affiliates. The C++-based ransomware is claimed to be developed indigenously without the use of any third-party resources and source codes. The technical specifications of the RaaS model apparently allow its o...
June 2, 2023 Cyble Global Sensor Intelligence (CGSI) observes Exploitation Attempts On May 31st, 2023, the official vendor Progress Software released a security advisory regarding SQL injection vulnerability in MOVEit Transfer. MOVEit Transfer is a secure Managed File Transfer (MFT) used by multiple organizations dealing with sensitive data. Lately, it was observed that the Clop Ransomware group exploited the file transfer service GoAnywhere to extort data from multiple organizations, which indi...
Cyfirma
Share : Weekly Attack Type and Trends Key Intelligence Signals: Attack Type: Malware Implants, Spear Phishing, Ransomware Attacks, Vulnerabilities & Exploits, DDoS, Data Leak. Objective: Unauthorized Access, Data Theft, Data Encryption, Financial Gains, Payload Delivery, and Espionage. Business Impact: Data Loss, Financial Loss, Reputational Damage, Loss of Intellectual Property, Operational Disruption. Ransomware – BlackCat Ransomware | Malware – DogeRAT BlackCat Ransomware – One of the ransomw...
EclecticIQ
In this issue of the Analyst Prompt, EclecticIQ researchers look at the MSI breach that leaked Intel BootGuard & OEM image signing keys. Additionally, the U.S. government announced it has dismantled Russia’s “most sophisticated" malware network, and Iranian state-backed threat actor Muddywater exploited (CVE-2023-27350) vulnerable PaperCut servers. Arda Büyükkaya – May 30, 2023 MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys In early April 2023, the Money Message ransomware gang attack...
- Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure
EclecticIQ researchers identified a malicious web server very likely operated by a Chinese threat actor used to target Taiwanese government entities, including critical infrastructure. Arda Büyükkaya – June 2, 2023 Executive Summary EclecticIQ researchers identified a malicious web server very likely operated by a Chinese threat actor used to target Taiwanese government entities, including critical infrastructure.The command-and-control infrastructure was publicly exposed to the internet. Based ...
Esentire
Read more BatLoader Impersonates Midjourney, ChatGPT in Drive-by Cyberattacks Read more PaperCut Vulnerability Exploited to Deliver Cryptocurrency Miner to… Read more Visit the eSentire Blog → RESOURCES Case Studies Customer testimonials and case studies. Videos Stories on cyberattacks, customers, employees, and more. Reports Cyber incident, analyst, and thought leadership reports. Webinars Demonstrations, seminars and presentations on cybersecurity topics. Data Sheets Information and solution b...
Jon Hencinski and Ben Brigida at Expel
Security operations · 2 MIN READ · JON HENCINSKI AND BEN BRIGIDA · MAY 31, 2023 · TAGS: MDR Identity-based attacks remain the top threat; session cookie theft on the rise; hackers continue to exploit known software vulnerabilities. Attention citizens of Troy: The Greek invaders may attempt to infiltrate our city by building a great phish and hiding men inside it. If you see a giant wooden phish: Report it to the nearest city guard immediately Do not, under any circumstances, open the gates and b...
Flashpoint
SEO Poisoning: How Threat Actors Are Using Search Engines Search Engine Optimization (SEO) is a common marketing practice used by nearly every successful organization. However, threat actors are using black-hat techniques to support their illegal campaigns SHARE THIS: Flashpoint Intel Team May 30, 2023 Table Of ContentsTable of ContentsManipulating search enginesThe perpetual cycle of cybercrimeHow to protect against SEO poisoningProtect against digital threats with Flashpoint Manipulating searc...
Shane Huntley at Google Threat Analysis Group
Share Twitter Facebook LinkedIn Mail Copy link Press corner RSS feed Threat Analysis Group TAG Bulletin: Q2 2023 May 30, 2023 min read Share Twitter Facebook LinkedIn Mail Copy link Shane Huntley Senior Director, Threat Analysis Group Share Twitter Facebook LinkedIn Mail Copy link This bulletin includes coordinated influence operation campaigns terminated on our platforms in Q2 2023. It was last updated on May 30, 2023. AprilWe terminated 13 YouTube channels and 2 Ads accounts as part of our inv...
Matthew Remacle at GreyNoise
PricingBlogDocumentationLog InProductGreyNoise identifies internet scanners and common business activity in your security events so you can make confident decisions, faster!Product OverviewExploreSearchIP SimilarityTrendsInvestigateIP TimelineIP DetailsTag DetailsActBlocklistsAlertsIntegrateIntegrationsAPISolutionsGreyNoise deploys solutions tailored to the needs of specific industries and use cases.VerticalsHealthcareFinancial ServicesGovernmentUse CasesMaximize SOC EfficiencyMass Exploitation ...
Huntress
Previous Post Next Post Share on Twitter Share on LinkedIn Share on Facebook Share on Reddit At the end of May 2023, Huntress ThreatOps Center (TOC) analysts responded to an alert on an endpoint, indicating the presence of a cryptocurrency miner (XMRig). As part of validating the infection itself, the Huntress TOC analyst located the miner config file to get the site associated with the miner, and the wallet address. Accessing the miner’s website (illustrated in Figure 1), the analyst could see ...
MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response Previous Post Share on Twitter Share on LinkedIn Share on Facebook Share on Reddit UPDATED: 1 June 2023 @ 1733 ET - Added shareable Huntress YARA rule for assistance in detection effortUPDATED: 1 June 2023 @ 2023 ET - Added Kostas community Sigma rule to assist in detection effortsUPDATED: 1 June 2023 @ 2029 ET - Added screenshots for the DLL that creates the human2.aspx fileUPDATED: 2 June 2023 @ 1210 ET - Added CVE identifica...
Paritosh at InfoSec Write-ups
Paritosh·FollowPublished inInfoSec Write-ups·3 min read·6 days ago--ListenShareCybersecurity threats continue to evolve at an alarming rate, and defenders must employ various strategies to stay ahead. One critical aspect of this defense is identifying and neutralizing Command and Control (C2) infrastructure, which plays a crucial role in cyber attacks. Shodan, a search engine for internet-connected devices, has emerged as a valuable tool for cybersecurity professionals to hunt down C2 IPs and co...
Jeffrey Appel
0 Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint 6 How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid 0 Block C2 communication with Defender for Endpoint 0 Microsoft Defender for Cloud– The ultimate blog series (Intro) – P0 2 Block “vulnerable/unwanted” applications with Defender for Endpoint and Vulnerability Management 0 This website uses cookies to provide an optimal user experience. Got it! 0 Home...
KELA
24 May 2023 An Executive’s Guide To The Cybercrime Underground David Carmiel, KELA’s CEO In recent years, the cybercrime underground has become increasingly sophisticated and profitable by preying on vulnerable organizations. As a result, security leaders must gain visibility into what happens in this underground network of illegal activity to protect their organizations from emerging threats and accurately assess their risks. In this article, I will explore the current state of the cybercrime u...
9 November 2022 Proact, Don’t React: How CISOs Should View Cybercrime Threat Intelligence David Carmiel, KELA’s CEO Anyone involved in cybersecurity knows that the threat landscape is constantly evolving. Attackers are always looking for new ways to exploit systems and data, while defenders are working hard to stay ahead of them. In this constant cat-and-mouse game, it’s essential for security professionals to have up-to-date information on the latest threats. When defending your organization ag...
31 May 2023 RaidForums leaked database – insights and intelligence by KELA On May 29, 2023, a database containing the information of nearly 479,000 members of the RaidForums hacking forum was leaked online on a new forum named Exposed. RaidForums was known for hosting, leaking, and selling stolen data from breached organizations. Following the seizure by law enforcement and its subsequent closure, users migrated to a new forum called Breached (BreachForums). Breached was just recently seized by ...
Lumen
Black Lotus Labs Posted On June 1, 2023 0 0 Shares Share On Facebook Tweet It Executive Summary Qakbot (aka Pinkslipbot, Qbot) has persisted as a banking trojan – then a potent malware/ransomware distribution network – for well over a decade, its origins going back as far as 2007. As a ransomware botnet, Qakbot is usually spread through email hijacking and social engineering, dropping malicious files that infect Windows hosts. This botnet has adapted techniques to conceal its infrastructure in r...
Magnet Forensics
This is a post authored by Matt Suiche (Director, Memory, IR & R&D), and Ivan King (Security Research Engineer). The Cybersecurity and Infrastructure Security Agency (CISA) & partners recently released a “#StopRansomware Guide” Cybersecurity Information Sheet (CSI) which aims at providing guidance to organizations to reduce the impact of ransomware incidents and a checklist of best practices for responding to these threats. Among the recommendations, we noted several points regarding memory acqu...
This is a post authored by Matt Suiche (Director, Memory, IR & R&D). The Cybersecurity and Infrastructure Security Agency (CISA) & partners recently released a joint cybersecurity advisory uncovering a new attack by a nation-state sponsored attacker dubbed as “Volt Typhoon” (also called BRONZE SILHOUETTE) where the threat actor leverages fileless techniques also known as “Living-Off-The-Land” (LOTL) techniques. Several networks of critical infrastructures in the U.S. were targeted by Volt Typhoo...
Nextron Systems
Jun 3, 2023 | Newsletter, Nextron, THOR Cloud, THOR Lite, Tutorial On June 1st, the vendor of MOVEit Transfer, previously known as Ipswitch but now called Progress, announced the discovery of a critical security vulnerability that has been exploited. MOVEit is an enterprise software utilized by numerous organizations globally for secure managed file transfer. According to Shodan, an internet search engine, there are currently over 2,500 servers publicly accessible on the open Internet running MO...
Nik Alleyne at ‘Security Nik’
Why this series?When teaching the SANS SEC595: Applied Data Science and Machine Learning for Cybersecurity Professionals //www.sans.org/cyber-security-courses/applied-data-science-machine-learning/ I am always asked,"Will you be sharing your demo notebooks?" or "Can we get a copy of your demo notebooks?" or ... well you get the point.My answer is always no. Not that I do not want to share, (sharing is caring :-D) , but the demo notebooks by themselves, would not make sense or add real value. Hen...
Nikolaos Samartzopoulos at NVISO Labs
Nikolaos Samartzopoulos Tools, Elasticsearch, SIEM, AI May 30, 2023May 31, 2023 7 Minutes (In the Blog Post, we will demonstrate a Proof-of-Concept on how to use a OpenAI’s Large Language Model to craft Elastic SIEM queries in an automated way. Be mindful of issues with accuracy and privacy before trying to replicate this Proof-of-Concept. More info in our discussion at the bottom of this article.) IntroductionThe primary task of a security analyst or threat hunter is to ask the right questions ...
Brad Duncan at Palo Alto Networks
8,528 people reacted 4 13 min. read Share By Brad Duncan May 30, 2023 at 6:00 AM Category: Tutorial Tags: Advanced Threat Prevention, Advanced URL Filtering, banking trojans, BokBot, Cloud-Delivered Security Services, Cortex XDR, IcedID, next-generation firewall, pcap, WildFire, Wireshark, Wireshark Tutorial This post is also available in: 日本語 (Japanese)Executive Summary Our introductory blog Cold as Ice: Unit 42 Wireshark Quiz for IcedID provides a packet capture (pcap) from an IcedID infection...
PrimeHarbor Technologies
Documenting their mistakes so you don't make them. Home Incidents News About Search Ubiquiti (2020) Last Updated: 2023-05-27 Author: Mark Gaddy AWS | Insider Threat | Data Exfiltration In December of 2020, Ubiquiti suffered a breach at the hands of an employee. This employee masked his presence via a VPN and was able to clone the company’s GitHub repository and alter logs in AWS to hide their presence and evidence of the breach. After the attacker leaked false details of the attack to a well-kno...
Recorded Future
Posted: 1st June 2023By: Insikt Group® The People’s Liberation Army (PLA) is using new collection, processing, and analysis technologies to exploit the massive amount of open-source information available from the internet and other sources for military intelligence purposes. A growing ecosystem of private companies, state-owned enterprises, state-run research organizations, and universities is supporting the PLA’s push to leverage open-source intelligence (OSINT) by providing research services, ...
Miles Arkwright and James Tytler at S-RM Insights
Miles Arkwright, James Tytler 2 June 2023 2 June 2023 Miles Arkwright, James Tytler Tags cyber security ransomware cyber incident response data breach threat intelligence CYBER SECURITY INSIGHTS REPORT 2022 We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance. The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intell...
SANS Internet Storm Center
Analyzing Office Documents Embedded Inside PPT (PowerPoint) Files, (Mon, May 29th)
We Can no Longer Ignore the Cost of Cybersecurity, (Sun, May 28th)
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT, (Tue, May 30th)
After 28 years, SSLv2 is still not gone from the internet… but we’re getting there, (Thu, Jun 1st)
Security Intelligence
This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates’ more recent attacks include targeting organizations in the hea...
Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to comp...
SOCRadar
Mutation Effect of Babuk Code Leakage: New Ransomware Variants
How is Threat Intelligence Used to Monitor Criminal Activity on the Dark Web?
Jared Atkinson at SpecterOps
Jared Atkinson·FollowPublished inPosts By SpecterOps Team Members·13 min read·3 days ago--ListenShareIn his 1931 paper “A Non-Aristotelian System and Its Necessity for Rigour in Mathematics and Physics,” Mathematician Alfred Korzybski introduced an idea that many today find helpful when dealing with complex systems. The idea is commonly referred to as “The map is not the territory,” and Korzybski lays it out according to the following points:A.) A map may have a structure similar or dissimilar t...
Splunk
Do Not Cross The 'RedLine' Stealer: Detections and Analysis Share: By Splunk Threat Research Team June 01, 2023 RedLine Stealer is a malware strain designed to steal sensitive information from compromised systems. It is typically distributed through phishing emails, social engineering tactics, and malicious URL links. Since it was released, threat actors and adversaries have leveraged RedLine Stealer because of its availability and flexibility for stealing credentials that can cause financial lo...
Stairwell
Tanium
Todyl
Detection & Response Team | 2023-05-31 | 5 min read Summary: Spyboy is a threat actor who claims to be able to terminate multiple top AV/EDR/XDR solutions. Their software, “Terminator,” is being sold over a Russian hacker forum for $300 USD for a single bypass or up to $3,000 for an all-in-one bypass of up to 23 endpoint solutions. The software leverages a BYOVD (bring your own vulnerable driver) approach to take over and terminate the endpoint solution using kernel-level privileges. Todyl’s MXD...
Trend Micro
Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu's motives seem to have changed since at least October 2022. By: Feike Hacquebord, Stephen Hilt, Fernando Merces, Lord Alfred Remorin May 30, 2023 Read time: ( words) Save to Folio Subscribe With contributions from Veronica Chierz...
In this blog entry, we analyze BlackSuit ransomware and how it compares to Royal Ransomware. By: Katherine Casona, Ivan Nicole Chavez, Ieriz Nicolle Gonzalez, Jeffrey Francis Bonaobra May 31, 2023 Read time: ( words) Save to Folio Subscribe Royal ransomware, which is already one of the most notable ransomware families of 2022, has gained additional notoriety in early May 2023 after it was used to attack IT systems in Dallas, Texas. Around the same period, several researchers on Twitter came acro...
Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2022. By: Trend Micro May 31, 2023 Read time: ( words) Save to Folio Subscribe Remote and hybrid work environments have become the new norm. The fact that email become increasingly integral to your business operations, has led malicious actors to favor email as an attack vector. In 2022, Trend Micro™ Cloud App Security discovered nearly 40 million high-risk email threats, in...
TrustedSec
PPID Spoofing: It’s Really this Easy to Fake Your Parent May 30, 2023 By Scott Nusbaum in Incident Response & Forensics, Malware Analysis 1 New Blog Series on Common Malware Tactics and Tricks This will be the first post in a series of blogs covering some common malware tactics and tricks. The following list is of topics that will be discussed in these blogs. However, feel free to reach out if there is topic that is not on the list that you would like to read about. PPID Spoofing Process Hollowi...
Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations June 1, 2023 By Tyler Hudak in Incident Response, Incident Response & Forensics On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. According to Shodan, over 2500 servers running this software are on the Internet. TrustedSec has performed analysis on the vulnerability and post-exploitation act...
Wladimir Palant at ‘Almost Secure’
2023-05-31 security/privacy/add-ons/google 5 mins 5 comments Two weeks ago I wrote about the PDF Toolbox extension containing obfuscated malicious code. Despite reporting the issue to Google via two different channels, the extension remains online. It even gained a considerable number of users after I published my article. A reader tipped me off however that the Zoom Plus extension also makes a request to serasearchtop[.]com. I checked it out and found two other versions of the same malicious co...
2023-06-02 security/privacy/add-ons/google 7 mins 4 comments Two days ago I wrote about the malicious extensions I discovered in Chrome Web Store. At some point this article got noticed by Avast. Once their team confirmed my findings, Google finally reacted and started removing these extensions. Out of the 34 extensions I reported, only 8 extensions remain. These eight were all part of an update where I added 16 extensions to my list, an update that came too late for Avast to notice. Note: Even ...
