Found 43 bookmarks
Custom sorting
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
#securelist#EN#2022#DLL-hijacking#Malware-Descriptions#Microsoft-Exchange#Trojan#Vulnerabilities-and-exploits#Zero-day#CVE-2022-41040#CVE-2022-41082#analysis
·securelist.com·
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
DeftTorero TTPs in 2019–2021
DeftTorero TTPs in 2019–2021
Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared until 2021, which led us to speculate on a possible shift by the threat actor to more fileless/LOLBINS techniques, and the use of known/common offensive tools publicly available on the internet that allows them to blend in.
#securelist#EN#2022#DeftTorero#LebaneseCedar#Lebanon#webshell
·securelist.com·
DeftTorero TTPs in 2019–2021
RedLine spreads through ads for cheats and cracks on YouTube
RedLine spreads through ads for cheats and cracks on YouTube
An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware.
#securelist#EN#2022#RedLine#YouTube#stealer
·securelist.com·
RedLine spreads through ads for cheats and cracks on YouTube
Good game, well played: an overview of gaming-related cyberthreats in 2022
Good game, well played: an overview of gaming-related cyberthreats in 2022
The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion, with 3 billion players globally. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims. One of the most outstanding examples involves $2 million‘s worth of CS:GO skins stolen from a user’s account, which means that losses can get truly grave. Besides stealing personal credentials and funds, hackers can affect the performance of gaming computers, infecting these with unsolicited miner files.
#securelist#EN#2022#gaming#cyberthreats#overview
·securelist.com·
Good game, well played: an overview of gaming-related cyberthreats in 2022
APT ToddyCat
APT ToddyCat
Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia ToddyCat is a relatively new APT actor that we have not been able to relate to other known actors, responsible for multiple sets of attacks detected since December 2020 against high-profile entities in Europe and Asia. We still have little information about this actor, but we know that its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.
#securelist#EN#2022#APT#ToddyCat#actor#threat#Europe#Asia
·securelist.com·
APT ToddyCat
Analysis of dark web posts selling access to corporate networks
Analysis of dark web posts selling access to corporate networks
Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an attack, but also for the data and services necessary to organize one (e.g., to perform specific steps of a multiphase attack)
#securelist#EN#2022#monetizing#cyberattacks#selling#access#darkweb
·securelist.com·
Analysis of dark web posts selling access to corporate networks
Gas Is Too Expensive; Let’s Make It Cheap!
Gas Is Too Expensive; Let’s Make It Cheap!
A search online lead me to a discovery I didn’t think was possible nowadays. I realized almost immediately that critical security issues were probably involved. I found that out of the many tens of thousands of gas stations the company claimed to have installed their product in, 1,000 are remotely hackable.
#Internet-of-Things#securelist#gas-station#EN#2022#shodan#IoT#research#hacking
·securelist.com·
Gas Is Too Expensive; Let’s Make It Cheap!
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
#securelist#EN#2022#DLL-hijacking#Malware-Descriptions#Microsoft-Exchange#Trojan#Vulnerabilities-and-exploits#Zero-day#CVE-2022-41040#CVE-2022-41082#analysis
·securelist.com·
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
DeftTorero TTPs in 2019–2021
DeftTorero TTPs in 2019–2021
Earlier this year, we started hunting for possible new DeftTorero (aka Lebanese Cedar, Volatile Cedar) artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared until 2021, which led us to speculate on a possible shift by the threat actor to more fileless/LOLBINS techniques, and the use of known/common offensive tools publicly available on the internet that allows them to blend in.
#securelist#EN#2022#DeftTorero#LebaneseCedar#Lebanon#webshell
·securelist.com·
DeftTorero TTPs in 2019–2021
RedLine spreads through ads for cheats and cracks on YouTube
RedLine spreads through ads for cheats and cracks on YouTube
An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting archive or other file with installer-type functionality) recently caught our eye. Its main payload is the widespread RedLine stealer. Discovered in March 2020, RedLine is currently one of the most common Trojans used to steal passwords and credentials from browsers, FTP clients and desktop messengers. It is openly available on underground hacker forums for just a few hundred dollars, a relatively small price tag for malware.
#securelist#EN#2022#RedLine#YouTube#stealer
·securelist.com·
RedLine spreads through ads for cheats and cracks on YouTube
Good game, well played: an overview of gaming-related cyberthreats in 2022
Good game, well played: an overview of gaming-related cyberthreats in 2022
The gaming industry went into full gear during the pandemic, as many people took up online gaming as their new hobby to escape the socially-distanced reality. Since then, the industry has never stopped growing. According to the analytical agency Newzoo, in 2022, the global gaming market will exceed $ 200 billion, with 3 billion players globally. Such an engaged, solvent and eager-to-win audience becomes a tidbit for cybercriminals, who always find ways to fool their victims. One of the most outstanding examples involves $2 million‘s worth of CS:GO skins stolen from a user’s account, which means that losses can get truly grave. Besides stealing personal credentials and funds, hackers can affect the performance of gaming computers, infecting these with unsolicited miner files.
#securelist#EN#2022#gaming#cyberthreats#overview
·securelist.com·
Good game, well played: an overview of gaming-related cyberthreats in 2022