Aggregator

Summary The Russian-speaking RTM threat group has launched a new campaign against Russian transport and finance organizations. Kaspersky reports on their usage of new techniques to include ransomware and extortion. Threat Type Malware, Ransomware Overview Kaspersky has published a blog post analyzing a recent campaign carried out by the RTM threat group against Russian transport and finance organizations. The campaign, as with previous ones, begins with the distribution of a the RTM banker via business-them

Summary One method of hiding malware from detection is to embed it in a less suspicious file format, such as images. ReversingLabs reports on a few observed examples of this technique being used in conjunction with PHP malware. Threat Type Malware Overview ReversingLabs published a blog post analyzing various PHP malware samples embedded in image files. This method becomes particularly in handy with placing webshells on servers that allow the upload of image files but not executables. Two specific technique

Summary Beginning on March 2, 360Netlab observed attacks that attempt to exploit vulnerabilities in QNAP NAS devices running firmware released prior to August 2020. If a device was successfully compromised, the attackers installed cryptomining software. Threat Type Vulnerability, Malware, Cryptomining Overview A report from 360Netlab provides details on attacks that attempt to exploit two vulnerabilities ( CVE-2020-2506 and CVE-2020-2507 ) in QNAP NAS devices. If successfully exploited, the vulnerabilities

Summary Two security advisories have been published for Xen. The most serious vulnerability addressed in the advisories could potentially allow an attacker to cause a denial of service condition on the host system. Threat Type Vulnerability Overview Two security advisories have been published for Xen. The most serious vulnerability addressed in the advisories could potentially allow an attacker to cause a denial of service condition on the host system. Further details are available from the advisories linke

Summary Ocelot, the Offensive Security research team of Metabase Q, identified a new variant of Ploutus ATM malware in Latin America. The variant, Ploutus-I operates on ATMs from the Brazilian vendor Itautec. It allows for a jack-potting style attack where the money is stolen directly from the ATM but not an individual's account. Threat Type Malware Overview There has been a new variant of the Ploutus ATM malware seen in Latin America. The variant, Ploutus-I operates on ATMs from the Brazilian vendor Itaute

A recent Akamai Security blog post, Massive Campaign Targeting UK Banks Bypassing 2FA, written by my colleague Or Katz, is a great insight into how attackers used very simple techniques to bypass two-factor (2FA) authentication security to obtain access to U.K. consumers' bank accounts.

Akamai, the intelligent edge platform for securing and delivering digital experiences, continues to focus on innovation by launching Cohort 2 of the Akamai Startup program.

Summary KAMACITE is an ICS threat activity group that obtains access to victim networks and enables other actors to carry out attacks. Dragos revealed their findings on this threat group in a recent blog post. Threat Type Malware Overview Dragos has published a blog post detailing a newly identified threat activity group targeting electric utilities, oil and gas operations, and various manufacturing organizations since as early as 2014. The group has been tied to the BLACKENERGY2 campaign and both the 2015

嘿...

Summary Alexander Popov, a security researcher from Positive Technologies, discovered and fixed five security vulnerabilities in the Linux kernel, now uniquely identified as CVE-2021-26708. Threat Type Vulnerability Overview Alexander Popov, a security researcher from Positive Technologies, discovered and fixed five security vulnerabilities in the Linux kernel's virtual socket implementation that could lead to a Denial of Service and other actions. They are noted together within CVE-2021-26708. Popov develo

Summary Reuters is reporting on attacks against Indian biotech companies making a COVID-19 vaccine. Chinese state-sponsored group APT 10, also known as Stone Panda, are thought to be behind the attacks. Threat Type Targeting Overview Indian vaccine makers SII and Bharat Biotech have recently come under attack from Chinese hackers. The Chinese state-sponsored group APT 10, or Stone Panda, are suspected of the attacks on the biochemical companies. The group was able to identify vulnerabilities in the IT infra

1.命令替换 实现方法 替换系统中常见的进程查看工具（比如ps、top、lsof）的二进制程序 对抗方法 使用stat命令查看文件状态并且使用md5sum命令查看文件hash，从干净的系统上拷贝这些工具的备份至当前系统，对比hash是否一致，不一致，则说明被替换了。 注：需要在bin目录下执行。 2

2021年2月23日，VMware发布了一份公告（VMSA-2021-0002），公布了影响VMware ESXi、VMware vCenterServer和VMware Cloud Foundation的三个威胁

2021年2月23日，VMware发布了一份公告（VMSA-2021-0002），公布了影响VMware ESXi、VMware vCenterServer和VMware Cloud Foundation的三个威胁

2021年2月23日，VMware发布了一份公告（VMSA-2021-0002），公布了影响VMware ESXi、VMware vCenterServer和VMware Cloud Foundation的三个威胁

TA551 (AKA Shathak) deploys the IcedID banking trojan using COVID-19 in Microsoft Word documents containing a malicious macro that drops an installer.

In the constant press of rolling out ever better products and services to our customers, it can be easy-- and often necessary-- to fall into a reactive mode around reliability.