New blog post: Sysrv Infection (Linux Edition)
dfir.ch/posts/sysrv/

This blog post explores the Sysrv malware family, analyzing its tactics and propagation methods. Through dynamic analysis and reverse engineering, we uncover how Sysrv uses exploits and hardcoded credentials…

Trend Micro's Cyris Tseng & Pierre Lee look into the Earth Hundun espionage-motivated threat actor targeting the technology and government sectors with Waterbear and Deuterbear malware. trendmicro.com/en_us/research…

We observed cyber gangs impersonating LockBit and exploiting the group’s leaked Black builder. We also saw LockBit itself partially restore its infrastructure after Operation Cronos. Jambul Tologonov and John Fokker share the details. bit.ly/3Wd6fo7

👋 Today we have a guest post from alex on the malicious Python over #WebDAV

(T1059.006) Adversaries may abuse Python commands and scripts for execution.

⛓The delivery sequence:

1️⃣ Embed Malicious JavaScript: A website contains malicious JavaScript that tricks users into…

Malwarebytes' Jérôme Segura describes an ongoing Nitrogen campaign delivered via malicious Google ads for PuTTY & FileZilla. Nitrogen is usually used to gain initial access to private networks, followed by data theft & ransomware deployment. malwarebytes.com/blog/threat-in…

HP researchers look into recent Raspberry Robin campaigns spread via obfuscated Windows Script Files (WSF). threatresearch.ext.hp.com/raspberry-robi…

Rapid7’s MDR team show how an MSIX installer from typo squatted URLs led to the download and execution of the IDAT Loader. rapid7.com/blog/post/2024…

ESET researchers have discovered an active espionage campaign targeting Android users mainly in India & Pakistan with apps primarily posing as messaging services. While these apps offer functional services as bait, they are bundled with XploitSPY malware. welivesecurity.com/en/eset-resear…

In a new report, Threat Insight details new techniques from threat actor TA547, who appeared to use a PowerShell script that researchers suspect was generated by a large language model ( #LLM ) such as #ChatGPT , #Gemini , #CoPilot , or other.

Full blog: ow.ly/xrTt50RaTga

We don't let cyberthreat actors hide in the dark. See this week's latest cybersecurity threats below and at the link. bit.ly/46JIoxB

.Cyber Threat Alliance is sponsoring 2024 Virus Bulletin Threat Intelligence Practitioners' Summit (TIPS) Track again. CFP is now open. The TIPS theme is 'Resilience Through Collaboration'
Submit abstract here: [email protected]
virusbulletin.com/conference/vb2…
#cybersecurity #VB2024

IBM X-Force's Golo Mühr, Claire Zaboeva & Joe Fasulo look into new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity focusing on regional military, police and civil government training centres across Ukraine. securityintelligence.com/x-force/hive00…

Cisco Talos presents information about a new threat actor targeting mostly human rights activists in North Africa with a novel mobile malware. Starry Addax conducts phishing attacks that trick targets into installing malicious Android applications. blog.talosintelligence.com/starry-addax/

In December 2023, we received a report of a false positive detection on an executable signed by a valid Microsoft Hardware Publisher Certificate. However, the file looked suspicious:

Do you enjoy solving programming puzzles? Want to uncover what a malicious attacker is actually trying to do with their code?

Check out my latest video, where we manually deobfuscate and Reverse Engineer an obfuscated JavaScript file!

youtu.be/2iBqqPmUYfE

Five stages of preparing a talk - do you relate? 😅 Or is it a breeze to you?

🚨 I've put together my first #cheat #sheet around #maldocs , you can download a PDF version from 👇

✅ thecyberyeti.com/quick-referenc…

Covers the tools, common commands, and other information you need to know when analyzing malicious documents, such as Word, OneNote and PDF.

AhnLab researchers warn that there are a growing number of cases where threat actors use YouTube to distribute malware from well-known channels that have been hacked. Vidar and LummaC2 were used in recently discovered cases. asec.ahnlab.com/en/63980/

Fortinet researchers provide detailed insights into how a threat actor distributes VenomRAT and other plugins using the BatCloak tool and ScrubCrypt to load the final payload. fortinet.com/blog/threat-re…

Raspberry Robin malware innovates once again using a 'new' trick to evade Windows Defender antivirus by importing specific functions to check whether its running in the Windows Defender emulator.
Find out more w/ this post by Alice Climent-Pommeret harfanglab.io/en/insidethela…
#Cybersecurity