DJI Mavic 3 Drone Research: Vulnerability Analysis
Nozomi Networks Labs found 9 vulnerabilities in DJI drones - we outline the research process for identifying and mitigating these security issues.
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot
Cybercriminals Transform Raspberry Pi into a Tool for Fraud and Anonymization: GEOBOX Discovery
.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
Diving Deeper into AI Package Hallucinations
Lass Security's recent research on AI Package Hallucinations extends the attack technique to GPT-3.5-Turbo, GPT-4, Gemini Pro (Bard), and Coral (Cohere).
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.
Large-Scale StrelaStealer Campaign in Early 2024
We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript. #2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks
The iSOON Disclosure: Exploring the Integrated Operations Platform
Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
The Architects of Evasion: a Crypters Threat Landscape
Learn about key concepts and different crypters-related activities as well as the lucrative ecosystem of malicious groups that exploit them.
The Anatomy of an ALPHA SPIDER Ransomware Attack
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
NoName057(16) DDoSia project: 2024 updates and behavioural shifts
Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.
Scattered Spider laying new eggs
Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.
A first analysis of the i-Soon data leak
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.
Threat Intel Accelerates Detection & Response
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
Bitdefender researchers have discovered a new backdoor targeting Mac OS users.
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.
New Go-based Malware Loader Discovered I Arctic Wolf
Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators
On 26th October, 2023 F5 released a security advisory about a critical unauthenticated remote code execution vulnerability, CVE-2023-46747, in F5’s BIG-IP configuration utility. This vulnerability could allow unauthent…
Objective-See's Blog
A comprehensive analysis of the year's new malware