Found 3 bookmarks
Newest
New Backdoor, MadMxShell
New Backdoor, MadMxShell
Beginning in March of 2024, Zscaler ThreatLabz observed a threat actor weaponizing a cluster of domains masquerading as legitimate IP scanner software sites to distribute a previously unseen backdoor. The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged GoogleAds to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites. The newly discovered backdoor uses several techniques such as multiple stages of DLL sideloading, abusing the DNS protocol for communicating with the command-and-control (C2) server, and evading memory forensics security solutions. We named this backdoor “MadMxShell” for its use of DNS MX queries for C2 communication and its very short interval between C2 requests.
#zscaler#EN#2024#typosquatting#MadMxShell#GoogleAds#DNS#Malvertising#Advance-ip-scanner
·zscaler.com·
New Backdoor, MadMxShell
Mail in the middle – a tool to automate spear phishing campaigns
Mail in the middle – a tool to automate spear phishing campaigns
The idea is simple; take advantage of the typos that people make when they enter email addresses. If we positioned ourselves in between the sender of an email (be it a person or a system) and the legitimate recipient, we may be able to capture plenty of information about the business, including personally identifiable information, email verification processes, etc. This scenario is effectively a Person-in-the-Middle (PiTM), but for email communications.
#Orange-Cyberdefence#sensepost#2024#EN#Typosquatting#tool#mail#domain
·sensepost.com·
Mail in the middle – a tool to automate spear phishing campaigns
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.
#aquasec#EN#2023#PowerHell#PowerShell#Gallery#typosquatting
·blog.aquasec.com·
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks