Found 4945 bookmarks
Custom sorting
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
Endpoint Detection & Response systems (EDR), delivered by in-house teams or as part of a managed service, are a feature of modern intrusion detection and remediation operations. This success is a problem for attackers, and malicious actors have worked to find new ways to evade EDR detection capabilities. PDF Document
#withsecure#EN#2023#Research#Connor-Morley#EDR#bypass#manipulation#techniques
·labs.withsecure.com·
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
All you need to know about Qilin ransomware and its operations targeting critical sectors. Group-IB’s Threat Intelligence team infiltrated the Qilin ransomware group in March 2023 and now can reveal inside information about this RaaS program. The blog provides recommendations on how to prevent Qilin’s attacks and will be useful for threat intelligence experts, threat hunters, and corporate cybersecurity teams.
#group-ib#EN#2023#Qilin#RaaS#infiltrated
·group-ib.com·
You’ve been kept in the dark (web): exposing Qilin’s RaaS program
ABB provides details about IT security incident
ABB provides details about IT security incident
ABB recently became aware of an IT security incident that impacted certain ABB systems. ABB started an investigation, retained leading experts, notified certain law enforcement and data protection authorities, and implemented measures to contain and assess the incident. The incident has now been successfully contained.
#ABB#EN#2023#security-incident#ransomware
·new.abb.com·
ABB provides details about IT security incident
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
We would like to thank The Citizen Lab for their cooperation, support and inputs into this research. * Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). * Our research specifically looks at two components of this mobile spyware suite known as “ALIEN” and “PREDATOR,” which compose the backbone of the spyware implant. Our findings include an in-depth walkthrough of the infection chain, including the implants’ various information-stealing capabilities. * A deep dive into both spyware components indicates that ALIEN is more than just a loader for PREDATOR and actively sets up the low-level capabilities needed for PREDATOR to spy on its victims. * We assess with high confidence that the spyware has two additional components — tcore (main component) and kmem (privilege escalation mechanic) — but we were unable to obtain and analyze these modules. * If readers suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats.
#talosintelligence#EN#2023#PREDATOR#spyware#Intellexa#ALIEN#analysis#Android
·blog.talosintelligence.com·
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Spyware is sold to countries including Egypt, Indonesia, Oman, Saudi Arabia, and Serbia. Smartphone malware sold to governments around the world can surreptitiously record voice calls and nearby audio, collect data from apps such as Signal and WhatsApp, and hide apps or prevent them from running upon device reboots, researchers from Cisco’s Talos security team have found.
#arstechnica#EN#2023#Smartphone#PREDATOR#0-days#spyware#Android
·arstechnica.com·
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Mandiant identified novel operational technology (OT) / industrial control system (ICS)-oriented malware, which we track as COSMICENERGY, uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.
#mandiant#EN#2023#COSMICENERGY#Malware#ICS#(ICS)-oriented
·mandiant.com·
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version 2.10.2, offers unauthenticated attackers the ability to add malicious JavaScript to a website, potentially allowing ...Read More
#wordfence#EN#2023#Beautiful-Cookie-Consent-Banner#plugin#WordPress#XSS#Campaign
·wordfence.com·
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign