Found 2837 bookmarks
Custom sorting
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
A newly uncovered technique to abuse Google’s ad-words powerful advertisement platform is spreading rogue promoted search results in mass. Pointing to allegedly credible advertisement sites that are fully controlled by threat actors, those are used to masquerade and redirect ad-clickers to malicious phishing pages gaining the powerful credibility and targeting capabilities of Google’s search results. Adding customized malware payloads, threat actors are raising the bar for successful malware deployments on Personal PCs with ad words like Grammarly, Malwarebytes, and Afterburner as well as with Visual Studio, Zoom, Slack, and even Dashlane to target organizations.
#labs.guard.io#EN#2022#googleads#technique#advertisement#abuse#malware#distribution
·labs.guard.io·
“MasquerAds” — Google’s Ad-Words Massively Abused by Threat Actors, Targeting Organizations, GPUs and Crypto Wallets
Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone
Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone
  • Ukraine has released an instruction video for Russian soldiers on surrendering to a drone. * It's part of the "I Want to Live" hotline, which entices Russians to stop fighting in Ukraine. * The video suggests that surrendering via drone may become increasingly common.
#businessinsider#EN#2022#drones#war#Army#instruction#drone#russia-ukraine-war#surrendering
·businessinsider.com·
Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone
I scanned every package on PyPi and found 57 live AWS keys
I scanned every package on PyPi and found 57 live AWS keys
After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like: Amazon themselves 😅 Intel Stanford, Portland and Louisiana University The Australian Government General Atomics fusion department Terradata Delta Lake And Top Glove, the worlds largest glove manufacturer 🧤
#tomforb#EN#2022#leak#scan#AWS#keys#PyPi
·tomforb.es·
I scanned every package on PyPi and found 57 live AWS keys
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
We recently discovered ransomware, which performs MSDTC service DLL Hijacking to silently execute its payload. We have named this ransomware CatB, based on the contact email that the ransomware group uses. The sample was first uploaded to VT on November 23, 2022 and tagged by the VT community as a possible variant of the Pandora Ransomware. The assumed connection to the Pandora Ransomware was due to some similarities between the CatB and Pandora ransom notes. However, the similarities pretty much end there. The CatB ransomware implements several anti-VM techniques to verify execution on a “real machine”, followed by a malicious DLL drop and DLL hijacking to evade detection.
#minerva-labs#EN#2022#CatB#analysis#DLL#Hijacking#Ransomware
·minerva-labs.com·
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
More than 200 U.S. institutions hit with ransomware in 2022: report
More than 200 U.S. institutions hit with ransomware in 2022: report
More than 200 local governments, schools and hospitals in the U.S. were affected by ransomware in 2022, according to research conducted by cybersecurity firm Emsisoft. The annual “State of Ransomware in the US” report found that 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals dealt with ransomware attacks last year.
#therecord#EN#2023#annual#report#ransomware#2022#governments#universities#school
·therecord.media·
More than 200 U.S. institutions hit with ransomware in 2022: report
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.
#PyTorch#EN#2022#Linux#pip#Compromised#dependency#Supply-chain-security
·pytorch.org·
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike, the head of U.S. Cyber Command said. U.S. Army General Paul Nakasone said the cyber effort to secure the vote began before the Nov. 8 vote and carried through until the elections were certified. "We did conduct operations persistently to make sure that our foreign adversaries couldn't utilize infrastructure to impact us," Nakasone, who is also the director of the U.S. National Security Agency, told reporters.
#reuters#EN#2022#safeguard#midterm#vote#cyber#infrastructure#operations#US
·reuters.com·
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
Russian cyberattacks - Special Services - Gov.pl website
Russian cyberattacks - Special Services - Gov.pl website
With the ongoing war in Ukraine, in the Polish cyberspace, there are more and more occurrences classified as computer incidents, including attacks perpetrated by Russian hackers. This is a response of the Russian Federation to the Poland’s support provided to Ukraine and an attempt to destabilise the situation in our country.
#Gov.pl#EN#2022#official#Ukraine#russia-ukraine-war#Polish#attacks
·gov.pl·
Russian cyberattacks - Special Services - Gov.pl website
ZINC weaponizing open-source software - Microsoft Security Blog
ZINC weaponizing open-source software - Microsoft Security Blog
In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center (MSTIC) observed activity targeting employees in organizations across multiple industries including media, defense and aerospace, and IT services in the US, UK, India, and Russia. Based on the observed tradecraft, infrastructure, tooling, and account affiliations, MSTIC attributes this campaign with high confidence to ZINC, a state-sponsored group based out of North Korea with objectives focused on espionage, data theft, financial gain, and network destruction.
#microsoft#EN#2022#Microsoft#weaponized#ZINC#open-source#MSTIC#apt#North-Korea
·microsoft.com·
ZINC weaponizing open-source software - Microsoft Security Blog
New RisePro Stealer distributed by the prominent PrivateLoader
New RisePro Stealer distributed by the prominent PrivateLoader
PrivateLoader is an active malware in the loader market, used by multiple threat actors to deliver various payloads, mainly information stealer. Since our previous investigation, we keep tracking the malware to map its ecosystem and delivered payloads. Starting from this tria.ge submission, we recognized a now familiar first payload, namely PrivateLoader. However, the dropped stealer was not part of our stealer growing collection, notably including RedLine or Raccoon. Eventually SEKOIA.IO realised it was a new undocumented stealer, known as RisePro. This article aims at presenting SEKOIA.IO RisePro information stealer analysis.
#sekoia#EN#2022#PrivateLoader#malware#stealer#RisePro#analysis
·blog.sekoia.io·
New RisePro Stealer distributed by the prominent PrivateLoader
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
While conducting routine threat hunting for macOS malware on Ad networks, I stumbled upon an unusual Shlayer sample. Upon further analysis, it became clear that this variant was different from the known Shlayer variants such as OSX/Shlayer.D, OSX/Shlayer.E, or ZShlayer. We have dubbed it OSX/Shlayer.F.
#objective-see#2022#EN#Shlayer#macos#malware#IoCs#analysis
·objective-see.org·
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
As more and more users adopt new versions of Microsoft Office, it is likely that threat actors will turn away from VBA-based malicious documents to other formats such as XLLs or rely on exploiting newly discovered vulnerabilities to launch malicious code.
#talosintelligence#EN#2022#Excel#XLLing#malicious#add-ins#XLL#analysis
·blog.talosintelligence.com·
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Raspberry Robin Malware Targets Telecom, Governments
Raspberry Robin Malware Targets Telecom, Governments
We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security analytics tools.
#trendmicro#EN#2022#malware#apt#endpoints#RaspberryRobin#obfuscation#analysis
·trendmicro.com·
Raspberry Robin Malware Targets Telecom, Governments
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).
#cluster25#EN#2022#infostealer#Italy#phishing#Campaigns#analysis#Alibaba2044#IoCs
·blog.cluster25.duskrise.com·
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy