Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems.
Download Slides
While Windows holds the largest market share on malware, macOS has its fair share of threats that mostly exist in an adware/grayware area. In this post I want to walk through how a Pirrit PKG file installer works. There are lots of more complex threats, but this is a good place to start if you’re just jumping into analysis. If you want to follow along at home, I’m working with this file in MalwareBazaar: https://bazaar.abuse.ch/sample/d39426dbceb54bba51587242f8101184df43cc23af7dc7b364ca2327e28e7825/.
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies.
BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.
The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.
Russians using smart TVs reported seeing something atypical: A message appeared instead of the usual listing of channels. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” read the message that took over their screens. “TV and the authorities are lying. No to war.”
CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.
Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.