Aggregator

Summary TeamTNT is known to attack cloud services with intent to steal credentials, perform cryptojacking, or install backdoors. Trend Micro reports on a specific script used by the group to steal AWS credentials. Threat Type Malware Overview Trend Micro has published an analysis of a shell script used by TeamTNT to steal AWS credentials. This script was found hardcoded in a malicious binary dropped onto compromised systems. It was likely dropped onto systems after the threat actor exploited a misconfigurat

Summary Dr. Web Virus Laboratory analyzed a backdoor they've named Spyder after it was discovered at a telecommunication company based in Central Asia in December 2020. The backdoor was loaded into the system using the DLL Hijacking method. It's a modular backdoor and can utilize plug-ins it receives from it's C&C server. Threat Type Malware, Backdoor Overview A new modular backdoor was analyzed by the Doctor Web virus laboratory. It was discovered by a telecommunications company based in Central Asia in De

隐私产品细节探究

Summary Microsoft and FireEye have identified new malware that is believed to be used by the same attackers who attacked SolarWinds. FireEye refers to them as UNC2452, Microsoft has named them NOBELIUM. One notable feature available in the backdoor is the option to use decoy network traffic mixed in with C2 queries. Threat Type Malware, Backdoor, RAT Overview FireEye has discovered a new sophisticated second-stage backdoor that is possibly connected to UNC2452, the same group believed to be behind the attac

We are pleased to announce the launch of EdgeKV, our distributed key-value store, into beta! EdgeKV is enabling technology for EdgeWorkers, our serverless computing platform that enables developers to create services using JavaScript and deploy them across our platform. When writing JavaScript, data persistence is often necessary to save data from a user interaction, or to retrieve contextual data to evaluate inside a function.

0x00 前言偶然间看到SnakeYaml的资料感觉挺有意思，发现SnakeYaml也存在反序列化利用的问题

Summary Adobe has released three security updates. The updates are for Framemaker, Creative Cloud Desktop Application, and Connect. Each of the updates address at least one vulnerability rated by Adobe as Critical. Threat Type Vulnerability Overview Adobe has released three security updates. The updates are for Framemaker, Creative Cloud Desktop Application, and Connect. Each of the updates address at least one vulnerability rated by Adobe as Critical. The potential impact of successful exploitation of the

Summary In their March 2021 security updates, Microsoft list eighty-three CVE numbered vulnerabilities. Of those, ten are rated as Critical with the remainder being rated as Important. Aside from the already well publicized exploitation of the Exchange server vulnerabilities, an Internet Explorer vulnerability is reported as being exploited in the wild. Threat Type Vulnerability Overview In their March 2021 security updates, Microsoft list eighty-three CVE numbered vulnerabilities. Of those, ten are rated a

Summary In the wake of a targeted attack against CD Projekt Red, SentinelOne has published a blog post analyzing the HelloKitty ransomware. Threat Type Ransomware Overview SentinelOne has published a blog post analyzing the HelloKitty ransomware family, which was recently leveraged in a targeted attack against CD Projekt Red. HelloKitty appeared in late 2020 and is relatively rudimentary compared to other ransomware families. For example, when processes are being killed a CMD window is spawned in the foregr

Summary Following up on ANSSI's research into recent Sandworm activity, DomainTools reports on their findings related to the infrastructure used by this threat actor. Threat Type Malware, APT Overview DomainTools has published a report identifying Sandworm infrastructure discovered during their investigation into ANSSI's recent report on the threat group. ANSSI's report discussed the exploitation of Centreon to deliver Exaramel, a known Sandworm tool. The report, however, did not detail any network indicato

Summary PAM update 4103.04161 contains 10 new events, 9 new moderate event responses, and 9 new aggressive event responses. Threat Type Vulnerability Overview PAM update 4103.03231 contains 4 new events, 0 new moderate event responses, and 0 new aggressive event responses. This content update is compatible with IBM QRadar Network Security Firmware version 5.4 or later, IBM QRadar Network Security for VMware firmware version 5.4 or later, IBM Security Network IPS GV-Series Virtual Appliances, IBM Security Ne

Summary New research reveals a connection between the Lazarus Group and TFlower; specifically, TFlower's usage of a MATA framework variant in a recent campaign. Threat Type Malware, Backdoor, Ransomware Overview A report from Sygnia indicates a connection or collaboration between Lazarus and TFlower. The TFlower ransomware is deployed using the MATA backdoor, which is a well-known Lazarus commodity. The latest variant has not previously been seen in campaigns to this point. In addition to the MATA backdoor,

Summary The U.S. tax season is often taken advantage of as a source of phishing material for threat actors. Cofense reports on one such case of a file share link purporting to come from the IRS in order to steal Microsoft credentials. Threat Type Phishing Overview Cofense published a blog post analyzing a phishing campaign attempting to steal Microsoft credentials while capitalizing on the U.S. tax season. The sender email address and name have been spoofed in order to match that of a legitimate IRS tax rep

分享RapidDNS.io网站在实践中的应用。

Previously, I introduced the field of sensor systems architecture and posed a real world example scenario of the unnecessary resource costs and hazards that can happen when the deployment of sensors isn't carefully thought out.

While Unicast defines a single destination endpoint for a given IP, Anycast is an addressing technique in which the same IP is advertised from multiple servers simultaneously.

Summary The Russian-speaking RTM threat group has launched a new campaign against Russian transport and finance organizations. Kaspersky reports on their usage of new techniques to include ransomware and extortion. Threat Type Malware, Ransomware Overview Kaspersky has published a blog post analyzing a recent campaign carried out by the RTM threat group against Russian transport and finance organizations. The campaign, as with previous ones, begins with the distribution of a the RTM banker via business-them

Summary One method of hiding malware from detection is to embed it in a less suspicious file format, such as images. ReversingLabs reports on a few observed examples of this technique being used in conjunction with PHP malware. Threat Type Malware Overview ReversingLabs published a blog post analyzing various PHP malware samples embedded in image files. This method becomes particularly in handy with placing webshells on servers that allow the upload of image files but not executables. Two specific technique

Summary Beginning on March 2, 360Netlab observed attacks that attempt to exploit vulnerabilities in QNAP NAS devices running firmware released prior to August 2020. If a device was successfully compromised, the attackers installed cryptomining software. Threat Type Vulnerability, Malware, Cryptomining Overview A report from 360Netlab provides details on attacks that attempt to exploit two vulnerabilities ( CVE-2020-2506 and CVE-2020-2507 ) in QNAP NAS devices. If successfully exploited, the vulnerabilities