#MalwareDefense

Detecting Windows-based Malware Through Better Visibility

by

April 1, 2024 at 08:21AM Despite the wide range of security solutions available, organizations struggle with increasing Ransomware and cyber threats, creating economic, security, and operational risks. EventSentry offers a comprehensive, single-solution approach to detect and defend against malware attacks holistically, providing critical validation checks and extensive network visibility for prevention, detection, and continuous discovery. … Read more

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

by

March 29, 2024 at 09:09AM In March 2024, a dormant botnet, TheMoon, was found controlling EoL routers and IoT devices to power a criminal proxy service named Faceless. The service allows malicious activities to remain anonymous and has been used by threats like SolarMarker and IcedID to connect to their C2 servers. The majority of … Read more

How Can We Reduce Threats From the Initial Access Brokers Market?

by

March 21, 2024 at 03:07PM Ready-made access IABs have become essential to the ransomware ecosystem. Learn how to prevent them from exploiting your assets and halt their ability to profit. Based on the meeting notes, the main takeaway is the recognition of the ready-made access IABs as a significant component of the ransomware ecosystem. The … Read more

Hackers Posing as Law Firms Phish Global Orgs in Multiple Languages

by

March 20, 2024 at 08:03AM Law firms are entrusted with extremely sensitive data by companies, making them a target for attackers seeking to deliver malware by exploiting this trust. Based on the meeting notes, it seems that the discussion centered around the trust that companies place in lawyers with their sensitive information and the potential … Read more

New SSH-Snake malware steals SSH keys to spread across the network

by

February 21, 2024 at 03:32PM SSH-Snake, an open-source network mapping tool, is being used by a threat actor to stealthily search for private keys and move laterally through victim infrastructure. It was discovered by Sysdig’s Threat Research Team, who describe it as a self-modifying worm that avoids typical detection patterns, making it a more efficient … Read more

Trend Micro and INTERPOL Join Forces Again for Operation Synergia

by

February 21, 2024 at 04:18AM Trend Micro and other private entities worked with INTERPOL on Operation Synergia, successfully taking down over 1,000 C&C servers and identifying suspects related to phishing, banking malware, and ransomware. Trend provided threat intelligence, aiding in the identification of malicious activities and culprits, ultimately contributing to the apprehension of 70 suspects. … Read more

‘Black Basta Buster’ Exploits Ransomware Bug for File Recovery

by

January 3, 2024 at 11:51AM SRLabs released the Black Basta Buster tool to decrypt files encrypted by a specific strain of the Black Basta ransomware, with limitations on encryption logic and file size. The decryptor can recover files between 5,000 bytes and 1GB, but larger files may lose the first 5,000 bytes. It exploits a … Read more

Discord will switch to temporary file links to block malware delivery

by

November 4, 2023 at 02:02PM Discord will implement temporary CDN links by the end of the year to prevent attackers from using its content delivery network for distributing malware. This change will not affect users who share content within the Discord client. Links to files uploaded to Discord servers will expire after 24 hours, improving … Read more