#maldoc targeting Indonesia government file: 9ef96a2ca17ba3371fb5480b3e9083f9 Undangan KPU.docm dl-url: http://13.211.167[.]218/Update.exe payload #meterpreter d8e61c36fd3d2d31ff0ef02dd5112122 48.125.170[.]13:4444

The DPRK was so excited about Halloween, they got a head start on passing out candy. Check out REF7001, AKA KANDYKORN – a malware distributed in cryptocurrency servers on Discord: go.es.io/46Q4Lm3 #malware #threatdiscovery #cryptocurrency #discord #ElasticSecurityLabs

#POVERTYSTEALER #GOVUA #VBS #SSU DOC: d12934-0202334.doc MD5: eac138b49c6f90896c9af5cbc8fe38b8 DNS: npddocs[.]com IP: 194[.]31.109.82 RTI: hxxps://npddocs[.]com/ssu.gov.ua/docs/file/util/0/d12934-0202334[.]doc Next-Stage: \\89.23.98[.]22\LN\Konstantin.exe Mikhail Kasimov

#AeroBlade on the Hunt Targeting the U.S. #Aerospace #Industry blogs.blackberry.com/en/2023/11/aer… #commercial #cyberespionage

#ESETResearch has observed an alarming growth of deceptive Android loan apps offering personal loans designed to defraud users and gain their personal information. Many of these apps found their way to official marketplaces. Lukas Stefanko welivesecurity.com/en/eset-resear… 1/8

#YaraDbg is now open-source (under Apache license v2)! Frontend: github.com/DissectMalware… Backend: github.com/DissectMalware… Live: yaradbg.dev #Yara grammar: github.com/DissectMalware…

#APT28 #FancyBear #FightingUrsa 🔥Compromised Ubiquiti EdgeOS in da house!

If you are a threat intelligence/security researcher and you are looking for the fully translated: github.com/I-S00N/I-S00N dump. @lys and I translated it all here: drive.proton.me/urls/C7GAHF5YB…

#ESETresearch has discovered a new campaign by 🇨🇳China-aligned #APT #EvasivePanda, leveraging the Monlam Festival to target Tibetans. The campaign included a targeted watering hole, compromised news website, and an additional supply-chain attack ... welivesecurity.com/en/eset-resear… 1/7

#ESETresearch has released its latest APT Activity Report covering October 2023 to March 2024 (Q4 2023 - Q1 2024). During this period, we observed a sharp increase in activity of 🇮🇷 Iran-aligned threat groups, which shifted their focus to more disruptive operations. 1/2

Look Out for Common Email #Phishing Subjects! 🚨 Our recent analysis of #phishingemails reveals the most commonly used subjects by #threatactors: 💰 Invoices and Payments ⚠️ Urgent Requests 📦 Logistics and Shipping 🔒 Password Resets and Account Security #SecureYourEmail

#ESETresearch discovered a signed, vulnerable, ad-injecting driver from a mysterious Chinese company. This threat, which we dubbed HotPage, comes self-contained in an executable that installs its main driver and injects libraries into Chromium-based browsers. 1/7

ESETresearch discovered a zero-day exploit of #Telegram for Android allowing attackers to share malicious payloads that appear as video files via chat. We named the vulnerability being exploited #EvilVideo. welivesecurity.com/en/eset-resear… @lukasstefanko 1/4

#ESETresearch has analyzed a single-click exploit for WPS Office for Windows being used in the wild by threat actor #APT-C-60. Analysis of the vendor’s silently released patch led to the discovery of another #vulnerability. 1/8 welivesecurity.com/en/eset-resear…

#ESETresearch’s Jean-Ian Boutin  and __mat__  will be presenting at  LABScon 2025 this Friday. Join them on site to hear about #Ebury - see the the full scale of a sophisticated Linux threat & about DigitalRecyclers, another member of the APT15 galaxy. events.sentinelone.com/event/LABScon2…

#ESETresearch investigated two previously undocumented toolsets used by the #GoldenJackal APT group, both of which target air-gapped systems. welivesecurity.com/en/eset-resear… 1/6

🚨 Warning: A critical #vulnerability (CVE-2024-9680) in Firefox is being actively exploited. Don’t wait—ensure your browsers are updated now to protect against potential remote code execution. Learn more: thehackernews.com/2024/10/mozill… #cybersecurity #hacking

📣 Oops!... They did it again!!! 61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks. 🔥 #PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out ➡️ link below in second post #CTI #ThreatIntel 1/19

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom 🏴‍☠️ Anton Cherepanov welivesecurity.com/en/eset-resear… 1/7