If you’re still running macOS Mojave or earlier, now is the time to take action to ensure your Mac maintains protection against malware.

• Dark Utilities, released in early 2022, is a platform that provides full-featured C2 capabilities to adversaries.
• It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems.
• Payloads provided by the platform support Windows, Linux and
• Python-based implementations and are hosted within the Interplanetary File System (IPFS), making them resilient to content moderation or law enforcement intervention.
• Since its initial release, we've observed malware samples in the wild leveraging it to facilitate remote access and cryptocurrency mining.

The Malwarebytes Threat Intelligence team has discovered a new Remote Access Trojan that we dubbed Woody Rat used to target Russian entities.

RedLine is a stealer distributed as cracked games, applications, and services. The malware steals information from web browsers, cryptocurrency wallets, and applications such as FileZilla, Discord, Steam, Telegram, and VPN clients. The binary also gathers data about the infected machine, such as the running processes, antivirus products, installed programs, the Windows product name, the processor architecture, etc. The stealer implements the following actions that extend its functionality: Download, RunPE, DownloadAndEx, OpenLink, and Cmd. The extracted information is converted to the XML format and exfiltrated to the C2 server via SOAP messages.

• Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.
• The implants for the new malware family are written in the Rust language for Windows and Linux.
• A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.
• We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.
• We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.

A ThreatLabz technical analysis of the latest variant of proxy-based AiTM attacks that are phishing enterprise users for their Microsoft credentials.

Raccoon is a malware family that has been sold as malware-as-a-service on underground forums since early 2019. In early July 2022, a new variant of this malware was released. The new variant, popularly known as Raccoon Stealer v2, is written in C unlike previous versions which were mainly written in C++.

This investigation report contains an applications analysis of 7 different Apple developer accounts (identified so far — maybe there are…

At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.

Turns out they're not all that rare. We just don't know how to find them.

911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its…

Microsoft has discovered that an access broker it tracks as DEV-0206 uses the Raspberry Robin Windows worm to deploy a malware downloader on networks where it also found evidence of malicious activity matching Evil Corp tactics.

The risk of distributed denial-of-service attacks (DDoS) has never been greater. Over the past several years, organizations have encountered a deluge of DDoS extortion, novel threats, state-sponsored hacktivism, and unprecedented innovation in the threat landscape.

We have observed more than 3,000 emails containing phishing URLs that have utilized IPFS for the past 90 days and it is evident that IPFS is increasingly becoming a popular platform for phishing websites.

SEKOIA.IO presents its Ransomware threat landscape for the first semester of 2022, with the following key points:

• Ransomware victimology – recent evolutions
• A busy first half of the year – several newcomers in the ransomware neighborhood
• Cross-platform ransomware features trend
• New extortion techniques
• State-nexus groups carrying out ransomware campaigns
• Ransomware threat groups’ Dark Web activities
• A shift towards extortion without encryption?

28.07.2022 - Durant la pandémie de COVID-19, la transformation numérique s’est sensiblement accélérée. Or la numérisation croissante s'accompagne d'une augmentation des cyberrisques, y compris pour le secteur de la santé. En réaction à cette situation, la Conférence des directrices et directeurs cantonaux de la santé (CDS) a élaboré des recommandations concernant la protection des données et la sécurité de l'information. Elle y renvoie aux recommandations du NCSC en matière de cybersécurité dans le secteur de la santé.

While many ransomware groups come and go, LockBit seems to be the one that persists. First discovered in September 2019 using the name ABCD, and then gaining notoriety as LockBit in April 2020, the group has outlasted many of their competitors

In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware

MSTIC and MSRC disclose technical details of a private-sector offensive actor (PSOA) tracked as KNOTWEED using multiple Windows and Adobe 0-day exploits, including one for the recently patched CVE-2022-22047, in limited and targeted attacks against European and Central American customers.

The US Justice Department seized approximately half a million dollars that North Korean government-backed hackers had either extorted from US health care organizations or used to launder ransom payments, deputy Attorney General Lisa Monaco said Tuesday as she touted an aggressive US strategy to claw back money for victims of ransomware attacks.