#Tampa

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases

by

December 11, 2023 at 04:13AM The blog entry discusses the Analyzing AsyncRAT’s Code Injection into Aspnet_Compiler.exe Across Multiple Incident Response Cases, highlighting how the malware misuses legitimate processes for malicious activities and demonstrates evolving adversary tactics. It emphasizes the malware’s capabilities, infection chain, and strategies for evading detection. The entry also provides mitigation strategies and … Read more

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

by

December 11, 2023 at 03:00AM Cybersecurity researchers have uncovered 18 malicious loan apps on the Google Play Store, collectively downloaded over 12 million times. These apps target users in Southeast Asia, Africa, and Latin America, gathering personal and financial information for blackmail. It’s crucial to download apps from official sources and scrutinize permissions and reviews … Read more

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

by

December 11, 2023 at 01:18AM A new set of process injection techniques called PoolParty was presented at Black Hat Europe 2023. These techniques allow code execution in Windows while evading endpoint detection and response systems. SafeBreach researcher Alon Leviev highlighted their capability to work across all processes, making them more flexible than existing techniques. PoolParty … Read more

Over 30% of Log4J apps use a vulnerable version of the library

by

December 10, 2023 at 10:39AM Around 38% of Apache Log4j applications are still vulnerable to security issues, including the critical Log4Shell flaw (CVE-2021-44228) allowing unauthenticated remote code execution. Despite available patches for over two years, many organizations continue to use insecure versions. It’s recommended that companies scan their environment and develop an emergency upgrade plan … Read more

Europe Reaches a Deal on the World’s First Comprehensive AI Rules

by

December 9, 2023 at 03:00PM EU negotiators reached a historic deal on comprehensive artificial intelligence rules, addressing generative AI, face recognition surveillance, and potential risks. While hailed as a milestone, civil society groups remain cautious, seeking more robust safeguards. The AI Act, set to be voted on in early 2022, could have global implications, with … Read more

AutoSpill attack steals credentials from Android password managers

by

December 9, 2023 at 11:20AM Researchers presented the AutoSpill attack, targeting Android password managers during the autofill process. It exploits weaknesses in WebView controls, potentially leaking account credentials to the invoking app. Multiple password managers were found susceptible, with vendors taking steps to address the issue. The attack highlights the need for improved security measures … Read more

SLAM Attack: New Spectre-based Vulnerability Impacts Intel, AMD, and Arm CPUs

by

December 9, 2023 at 07:12AM Researchers from Vrije Universiteit Amsterdam disclosed a new side-channel attack called SLAM, exploiting a feature in Intel, AMD, and Arm CPUs. The exploit, an end-to-end Spectre-based attack, allows leakage of sensitive data from kernel memory. Intel, AMD, and Arm are working on mitigations, while existing and future CPUs are affected. … Read more

Hollywood plays unwitting Cameo in Kremlin plot to discredit Zelensky

by

December 9, 2023 at 06:38AM A pro-Russia group recruited Hollywood actors through platforms like Cameo to create videos supporting a fake person named “Vladimir” and promoting false claims of Ukraine’s president having a substance addiction. These videos were shared on Russian social media to spread propaganda. Ongoing campaigns also spoof mainstream media reports to smear … Read more

Researchers Unveal GuLoader Malware’s Latest Anti-Analysis Techniques

by

December 9, 2023 at 02:36AM Threat hunters expose GuLoader malware’s evolving obfuscation tactics, making analysis time-consuming. Used in phishing campaigns, it distributes various payloads and is continually updated to evade security measures. Similar updates seen in DarkGate RAT, showcasing the sophistication and adaptability of modern malware threats. Remote access trojans are leveraging novel email-based infection … Read more

ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related

by

December 8, 2023 at 08:10PM The Dark Web leak site operated by the ransomware group ALPHV/BlackCat was taken offline on Dec. 7, possibly due to law enforcement action. RedSense Intelligence confirmed the takedown on social media, but its verification is pending. The group has targeted over 650 companies. Law enforcement is under scrutiny for not … Read more