Found 4945 bookmarks
Custom sorting
AI deepfake 'news anchors' found in pro-China footage on social media, research firm says - Hong Kong Free Press HKFP
AI deepfake 'news anchors' found in pro-China footage on social media, research firm says - Hong Kong Free Press HKFP
The “news broadcasters” appear stunningly real, but they are AI-generated deepfakes in first-of-their-kind propaganda videos that a research report published Tuesday attributed to Chinese state-aligned actors. The fake anchors — for a fictious news outlet called Wolf News — were created by artificial intelligence software and appeared in footage on social media that seemed to […]
#hongkongfp#EN#2023#broadcasters#China#fake#WolfNews#AI-generated#deepfakes
·hongkongfp.com·
AI deepfake 'news anchors' found in pro-China footage on social media, research firm says - Hong Kong Free Press HKFP
Britain and US make major move against ransomware gangs by sanctioning seven individuals - The Record from Recorded Future News
Britain and US make major move against ransomware gangs by sanctioning seven individuals - The Record from Recorded Future News
The United Kingdom and United States on Thursday sanctioned seven people connected to what officials have told The Record is a single network behind the Conti and Ryuk ransomware gangs as well as the Trickbot banking trojan. The sanctions are described as the first major move of a “new campaign of concerted action” between Britain and the United States, and insiders say that further actions should be expected later this year.
#therecord#EN#2023#UK#US#Trickbot#sanctions#Conti#Ryuk#ransomware
·therecord.media·
Britain and US make major move against ransomware gangs by sanctioning seven individuals - The Record from Recorded Future News
A Backdoor with Smart Screenshot Capability
A Backdoor with Smart Screenshot Capability
Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being "smart" means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot capabilities. From an attacker’s point of view, it’s interesting to “see” what’s displayed on the victim’s computer.
#sans#EN#2023#python#backdoor#Screenshot
·isc.sans.edu·
A Backdoor with Smart Screenshot Capability
2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking
2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking
Every year, we publish our estimates of illicit cryptocurrency activity to demonstrate the power of blockchains’ transparency – these kinds of estimates aren’t possible in traditional finance – and to teach investigators and compliance professionals about the latest trends in cryptocurrency-related crime that they need to know about. What could those estimates look like in a year like 2022? Last year was one of the most tumultuous in cryptocurrency history, with several large firms imploding, including Celsius, Three Arrows Capital, FTX, and others — some amid allegations of fraud.
#chainalysis#2023#EN#Cryptocurrency#Volumes#Report
·blog.chainalysis.com·
2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
Sliver is an open-source penetration testing tool developed in the Go programming language. Cobalt Strike and Metasploit are major examples of penetration testing tools used by many threat actors, and various attack cases involving these tools have been covered here on the ASEC blog. Recently, there have been cases of threat actors using Sliver in addition to Cobalt Strike and Metasploit. The ASEC (AhnLab Security Emergency response Center) analysis team is monitoring attacks against systems with either unpatched vulnerabilities or misconfigured settings. During this process, we have recently discovered a Sliver backdoor being installed through what is presumed to be vulnerability exploitation on certain software. Not only did threat actors use the Sliver backdoor, but they also used the BYOVD (Bring Your Own Vulnerable Driver) malware to incapacitate security products and install reverse shells.
#asec.ahnlab#EN#2023#Sliver#Sunlogin#analysis
·asec.ahnlab.com·
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
Onenote Malware: Classification and Personal Notes
Onenote Malware: Classification and Personal Notes
During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side - so nothing really relevant to write on - the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it…
#marcoramilli#EN#2023#OneNote#abused#technical#Malware
·marcoramilli.com·
Onenote Malware: Classification and Personal Notes
Detecting OneNote Abuse
Detecting OneNote Abuse
OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.
#withsecure#2023#EN#Attack-detection#OneNote#Office#LNK
·labs.withsecure.com·
Detecting OneNote Abuse
Exploitation of GoAnywhere MFT zero-day vulnerability
Exploitation of GoAnywhere MFT zero-day vulnerability
On Thursday, February 2, 2023, security reporter Brian Krebs published a warning on Mastodon about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT managed file transfer solution. Fortra (formerly HelpSystems) evidently published an advisory on February 1 behind authentication; there is no publicly accessible advisory.
#rapid7#EN#2023#GoAnywhere#BrianKrebs#Fortra#HelpSystems#MFT
·rapid7.com·
Exploitation of GoAnywhere MFT zero-day vulnerability
Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif
Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif
NOTES: Zip files are password-protected. If you don't know the password, see the "about" page of this website. IOCs are listed on this page below all of the images.
#malware-traffic-analysis#EN#2023#analysis#googleads#DEV-0569#CPU-Z#IoCs
·malware-traffic-analysis.net·
Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad -- FakeBat Loader -- Redline Stealer & Gozi/ISFB/Ursnif
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
#WithSecure#2023#EN#Case-study#Report#Lazarus#attack
·labs.withsecure.com·
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
  • Initially observed in July 2016, TrickGate is a shellcode-based packer offered as a service to hide malware from EDRs and antivirus programs. * Over the last 6 years, TrickGate was used to deploy the top members of the “Most Wanted Malware” list, such as Cerber, Trickbot, Maze, Emotet, REvil, Cobalt Strike, AZORult, Formbook, AgentTesla and more. * TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically. This characteristic caused the research community to identify it by numerous attributes and names. * While the packer’s wrapper changed over time, the main building blocks within TrickGate shellcode are still in use today. * Check Point Threat Emulation successfully detects and blocks the TrickGate packer.
#checkpoint#EN#2023#TrickGate#shellcode#hide#EDR#Cerber#Trickbot#Maze#Emotet#REvil#CobaltStrike#AZORult#Formbook#AgentTesla
·research.checkpoint.com·
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
OneNote Documents Increasingly Used to Deliver Malware
OneNote Documents Increasingly Used to Deliver Malware
Key Findings: * The use of Microsoft OneNote documents to deliver malware via email is increasing. * Multiple cybercriminal threat actors are using OneNote documents to deliver malware. * While some campaigns are targeted at specific industries, most are broadly targeted and include thousands of messages. * In order to detonate the payload, an end-user must interact with the OneNote document. * Campaigns have impacted organizations globally, including North America and Europe. * TA577 returned from a month-long hiatus in activity and began using OneNote to deliver Qbot at the end of January 2023.
#proofpoint#EN#2023#OneNote#Documents#Malware#AsyncRAT#IoCs#Redline#AgentTesla#DOUBLEBACK
·proofpoint.com·
OneNote Documents Increasingly Used to Deliver Malware
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers. This blog will delve into the details of the HeadCrab attack, examining its methods of operation, techniques used to evade detection, and steps organizations can take to safeguard their systems.
#aquasec#EN#2023#State-of-the-Art#Redis#Malware#HeadCrab
·blog.aquasec.com·
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Hospitals urged to tighten DDoS defenses after health data found on Killnet list
Hospitals urged to tighten DDoS defenses after health data found on Killnet list
The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.
#scmagazine#EN#2023#Killnet#DDoS#Health#hacktivist#Hospitals
·scmagazine.com·
Hospitals urged to tighten DDoS defenses after health data found on Killnet list
Pro-Russian DDoS attacks raise alarm in Denmark, U.S.
Pro-Russian DDoS attacks raise alarm in Denmark, U.S.
Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups are causing alarm in the U.S. and Denmark after several incidents affected websites of hospitals and government offices in both countries. On Tuesday, Denmark announced that it was raising its cyber risk alert level after weeks of attacks on banks and the country’s defense ministry.
#therecord#EN#2023#DDoS#Denmark#US#banks#pro-Russian#russia-ukraine-war#Killnet
·therecord.media·
Pro-Russian DDoS attacks raise alarm in Denmark, U.S.