Found 6043 bookmarks
Custom sorting
Leveraging DNS Tunneling for Tracking and Scanning
Leveraging DNS Tunneling for Tracking and Scanning
This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.
#unit42#EN#2024#DNS#Tunneling#Tracking#Scanning#research#analysis
·unit42.paloaltonetworks.com·
Leveraging DNS Tunneling for Tracking and Scanning
Malicious Go Binary Delivered via Steganography in PyPI
Malicious Go Binary Delivered via Steganography in PyPI
On May 10, 2024, Phylum’s automated risk detection platform alerted us to a suspicious publication on PyPI. The package was called requests-darwin-lite and appeared to be a fork of the ever-popular requests package with a few key differences, most notably the inclusion of a malicious Go binary packed into
#phylum#EN#2024#Steganography#macOS#Go
·blog.phylum.io·
Malicious Go Binary Delivered via Steganography in PyPI
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
There are two types of malicious documents that are distributed via email recently: those exploiting equation editor and those including external link URLs. This post will describe the infection flow of the DanaBot malware that is distributed through documents containing external links, the latter method, as well as the evidence and detection process with the AhnLab EDR product’s diagram. Figure 1 shows the content of a spam email with a Word document attached that contains an external link. As you can see, it is a sophisticatedly disguised email pretending to be a job application form to deceive the recipient. The attached file (.docx) is a Word document that contains an external link.
#ahnlab#EN#2024#DanaBot#email#Word
·asec.ahnlab.com·
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
Europol confirms web portal breach, says no operational data stolen
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft
#bleepingcomputer#EN#2024#Europol#Security#EPE#Theft#Leak#InfoSec#Data#Breach#Computer
·bleepingcomputer.com·
Europol confirms web portal breach, says no operational data stolen
Big Vulnerabilities in Next-Gen BIG-IP
Big Vulnerabilities in Next-Gen BIG-IP
Our ongoing research has identified remotely exploitable vulnerabilities in F5’s Next Central Manager that can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next Central Manager. These attacker-controlled accounts would not be visible from the Next Central Manager itself, enabling ongoing malicious persistence within the environment. At the time of writing, we have not seen any indication that these vulnerabilities have been exploited in the wild.
#eclypsium#EN#2024#BIG-IP#vulnerabilities#CVE-2024-21793#CVE-2024-26026
·eclypsium.com·
Big Vulnerabilities in Next-Gen BIG-IP
APT trends report Q1 2024
APT trends report Q1 2024
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
#securelist#Kaspersky#EN#2024#report#APT#Gelsemium#Careto
·securelist.com·
APT trends report Q1 2024
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
We discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
#leviathansecurity#EN#2024#VPN#Tunnel#TunnelVision#CVE-2024-3661#DHCP
·leviathansecurity.com·
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium
The EU issued a statement strongly condemning the malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia.
#EU#consilium#EN#2024#attribution#APT28#Russia#statement#Germany#Czechia
·consilium.europa.eu·
Cyber: Statement by the High Representative on behalf of the EU on continued malicious behaviour in cyberspace by the Russian Federation - Consilium
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia |
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia |
Czechia jointly with Germany, the European Union, NATO and international partners strongly condemns activities of the Russian state-controlled actor APT28, who has been conducting a long-term cyber espionage campaign in European countries. APT28 is associated with Russian military intelligence service GRU.
#gov.cz#EN#2024#Ministry#Czech#Republic#Czechia#APT28#Statement#attribution
·mzv.gov.cz·
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia |
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s internal data storage directory, which could lead to arbitrary code execution and token theft, among other impacts. We have shared our findings with Google’s Android Application Security Research team, as well as the developers of apps found vulnerable to this issue. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research more broadly so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent them from being introduced into new apps or releases.
#microsoft#EN#2024#Android#vulnerable#application#share#Dirty-stream
·microsoft.com·
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps