Found 39 bookmarks
Newest
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.
#avast#EN#2024#Lazarus#FudModule#CVE-2024-21338#vulnerability
·decoded.avast.io·
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Decrypted: Akira Ransomware
Decrypted: Akira Ransomware
Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download. The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others.
#avast#EN#2023#Akira#decryptor#Windows#ransomware
·decoded.avast.io·
Decrypted: Akira Ransomware
Hitching a ride with Mustang Panda
Hitching a ride with Mustang Panda
Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.
#avast#EN#2022#MustangPanda#exfiltrated#analysis
·decoded.avast.io·
Hitching a ride with Mustang Panda
Hitching a ride with Mustang Panda
Hitching a ride with Mustang Panda
Avast discovered a distribution point where a malware toolset is hosted, but also serves as temporary storage for the gigabytes of data being exfiltrated on a daily basis, including documents, recordings, and webmail dumps including scans of passports from Asian, American and European citizens and diplomats applying for Burmese visas, from Burmese human rights activists and Burmese government institutions.
#avast#EN#2022#MustangPanda#exfiltrated#analysis
·decoded.avast.io·
Hitching a ride with Mustang Panda
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
#avast#EN#2022#Candiru#spyware#CVE-2022-2294#webRTC
·decoded.avast.io·
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are very interesting to analyze, we are always looking out for these kinds of samples […]
#avast#EN#2022#Rootkit#Linux#Syslogk#malware#Adore-Ng
·decoded.avast.io·
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild