Found 7 bookmarks
Newest
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files such as APK, EXE and Inno setup installer that includes Spy and Stealer capabilities. Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber-attacks. The hosted websites made to look legitimate are listed below.
#trellix#EN#2024#fake#antivirus#AV#malicious#research
·trellix.com·
A Catalog of Hazardous AV Sites – A Tale of Malware Hosting
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement's (LE) "Operation Cronos" aimed at dismantling LockBit's infrastructure, the ransomware operators somehow managed to survive and stay a float. It appears that the cybercriminals group behind LockBit ransomware partially restored their infrastructure and created an impression that the LE actions did not affect their normal operation. Concurrently, alongside the resurgence of LockBit's exploitation of ScreenConnect vulnerabilities, we have seen other threat actors have either impersonated LockBit ransomware or incorporated LockBit into their own cyber attack campaigns.
#Trellix#EN#2024#LockBit-related#LockBit#campaigns#ransomware#LockBitSupp
·trellix.com·
 The LockBit’s Attempt to Stay Relevant, Its Imposters and New Opportunistic Ransomware Groups
Shining Light on Dark Power: Yet Another Ransomware Gang
Shining Light on Dark Power: Yet Another Ransomware Gang
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.
#trellix#EN#2023#DarkPower#ransomware#gang#research
·trellix.com·
Shining Light on Dark Power: Yet Another Ransomware Gang
Shining Light on Dark Power: Yet Another Ransomware Gang
Shining Light on Dark Power: Yet Another Ransomware Gang
Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.
#trellix#EN#2023#DarkPower#ransomware#gang#research
·trellix.com·
Shining Light on Dark Power: Yet Another Ransomware Gang
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
#trellix#EN#2022#CVE-2007-4559#tarfile#Python#vulnerability
·trellix.com·
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559. The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “..” sequence to filenames in a TAR archive. Over the course of our research into the impact of this vulnerability we discovered that hundreds of thousands of repositories were vulnerable to this vulnerability. While the vulnerability was originally only marked as a 6.8, we were able to confirm that in most cases an attacker can gain code execution from the file write.
#trellix#EN#2022#CVE-2007-4559#tarfile#Python#vulnerability
·trellix.com·
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability