Aggregator

Summary A new Linux backdoor has been discovered by Intezer and has been named RedXOR. It's likely to have been developed by Chinese nation-state actors. Threat Type Malware, Backdoor, RAT, APT Overview Intezer discovered a new, sophisticated backdoor targeting Linux systems. It's likely to have been developed by Chinese nation-state actors based on the TTPs observed. Intezer has named the backdoor RedXOR due to it's encoding scheme based on XOR. RedXOR masquerades itself as polkit daemon. Intezer compares

Summary SideWinder is an APT that targets South Asian government and military organizations with espionage campaigns, likely acting in Indian interests. DeepEnd Research reports on the most recent wave of activity from this threat group. Threat Type Malware, Phishing, Spyware, APT Overview DeepEnd Research published a blog post analyzing the most recent wave of SideWinder APT activity. This specific campaign appears to target government entities in Nepal. Their research began with the discovery of a server

Summary On March 8, 2021, all GitHub authenticated sessions were invalidated due to a rare security vulnerability. Microsoft-owned GitHub released a security update on its blog with information about the vulnerability and their subsequent actions taken. Threat Type Vulnerability Overview An extremely rare but serious vulnerability was found by GitHub on March 8 affected a small number of GitHub sessions. This comes on the heels of a March 2 incident in which anomalous traffic was observed for an authenticat

Summary Clast82 is a Android dropper spreading via the Google Play store and distributing the AlienBot banker and MRAT. Check Point reports on their analysis of this new dropper in a recent blog post. Threat Type Malware, Dropper, Banker, RAT Overview Check Point published a blog post analyzing a new dropper dubbed "Clast82." This dropper is bypassing the Google Play store defenses by ensuring that it does not drop any malicious payloads until after the Google Play Protect evaluation period is complete. Fir

黑客都有一个共同的梦，那便是自己写的木马能够永远不会被杀毒软件查杀，而达成这个方法最粗暴的就是让杀毒软件厂商

Summary A report from CyberArk looks at Kinsing and NSPPS which were thought to be two different families of malware. CyberArk's research concludes they are both from the same, single family. Threat Type Malware Overview The Kinsing and NSPPS malwares were thought to be from two different families of malware. A report from CyberArk concludes they are both variants of the same family of malware. CyberArk believes the first version of the malware was compiled prior to November 2019, was used as a RAT and was

2021年度司法鉴定能力验证报名即将截止

2021年度司法鉴定能力验证报名即将截止

2021年度司法鉴定能力验证报名即将截止

How malware works on Operational Technology (OT) and how to stop it.

In March 2020, Akamai saw a dramatic 30% rise in internet traffic -- equivalent to an entire year of growth. Post-pandemic, we believe there will be a return to normal internet traffic growth, but many things will never be the same.

According to the description, the service is a virtual private network (VPN) desktop application and proxy browser extension that helps viewers mask their physical location, circumvent censorship, and restore access to blocked content.

Summary Adobe has released security updates for Photoshop and Animate. Both of the updates address at least one vulnerability rated by Adobe as Critical. Threat Type Vulnerability Overview Adobe has released security updates for Photoshop and Animate. Both of the updates address at least one vulnerability rated by Adobe as Critical. The potential impact of successful exploitation of the most serious vulnerabilities is the remote execution of arbitrary code. Further details are available from the links below

Summary The ICS-CERT has published an advisory that affects Schneider Electric IGSS SCADA Software. Threat Type Vulnerability Overview The ICS-CERT has published an advisory that affects Schneider Electric IGSS SCADA Software. Further information is available from the advisory which is summarized below. ICS Advisory ICSA-21-070-01 - Schneider Electric IGSS SCADA Software CVE-2021-22709 - This vulnerability could result in loss of data or remote code execution when a malicious CGF (configuration group file)

Summary Forcepoint reports on a new ZLoader invoicing scheme that uses new techniques in order to infiltrate victim machines. The new techniques show adeptness on the part of the code writers in the form of Microsoft product knowledge. Threat Type Malware, Phishing Overview One of the most common phishing lures is the invoice email. Whether from a known company, the IRS, or a random entity, the invoice is attractive to victims as it preys upon their fears of money issues. The latest scam uses new and innova

Summary Cofense reports on yet another Zoom-themed phishing campaign using the video conferencing software as a ruse to steal Microsoft credentials. Threat Type Phishing Overview Cofense has published a blog post detailing the most recent in an extensive list of Zoom-themed phishing campaigns. This one uses a highly customized email to create a sense of legitimacy. The sender is spoofed to match the company domain, and mentions of both the recipient's first and last name and the company name are found throu

Summary A phishing campaign detected by Bitdefender is targeting Coinbase users in order to empty cryptocurrency wallets. Threat Type Phishing Overview Bitdefender published a brief blog post on a recent phishing campaign targeting Coinbase users. The source and destination of the emails varies, but the majority originated from India with the largest destination being South Korea. The body and subject of the email claim that the recipient's Coinbase account was suspended due to suspicious activity and that

Summary IBM Security Guardium Insights is affected by a denial of service vulnerability that exists in the underlying version of Golang Go used by Guardium Insights. Threat Type Vulnerability Overview IBM Security Guardium Insights is affected by a denial of service vulnerability (CVE-2020-7919) that exists in the underlying version of Golang Go used by Guardium Insights. A remote attacker could potentially exploit the vulnerability using a specially-crafted x.509 certificate, possibly leading to a denial o

Summary An article from the DFIR Report looks at an intrusion where Bazar was used to drop Anchor. Both of the malwares are thought to be related to related to the group behind Trickbot. Threat Type Malware Overview The DFIR Report observed an intrusion that began with a malicious Excel file. Bazar was installed, and then around an hour later, a Cobalt Strike beacon was installed followed by Anchor. Anchor and Bazar are thought to be related to related to the group behind Trickbot. The attackers then began

Summary While investigating active botnet mining attacks, 360 Netlab discovered a change in the vulnerabilities exploited by z0Miner for spreading. Threat Type Malware, Botnet, Cryptomining Overview 360 Netlab published a blog post about recent development in z0Miner, a malicious mining family that appeared on the scene last year. When it was initially discovered, the botnet was spreading by exploiting a WebLogic unauthorized remote command execution vulnerability. The most recent attacks, however, exploit