Phishing platform Rockstar 2FA trips, and “FlowerStorm” picks up the pieces – Sophos News
A sudden disruption of a major phishing-as-a-service provider leads to the rise of another…that looks very familiar
When Guardians Become Predators: How Malware Corrupts the Protectors
We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Learn more about how four malware, XWorm, AsyncRAT, VenomRAT, and PureLogs Stealer, are leveraging TryCloudflare and get security recommendations from our…
Leveraging DNS Tunneling for Tracking and Scanning
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.