We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
#2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks
Bishop Fox examines the iSoon data disclosure from an offensive security perspective and an analysis of the platform's capabilities, design, features.
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
Learn about key concepts and different crypters-related activities as well as the lucrative ecosystem of malicious groups that exploit them.
Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.
Learn about NoName057(16), a pro-Russian hacktivist group behind Project DDoSia targeting entities supporting Ukraine. Discover an overview of the changes made by the group, both from the perspective of the software shared by the group to generate DDoS attacks and the specifics of the evolution of the C2 servers. It also provides an overview of the country and sectors targeted by the group for 2024.
Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.
Data from a Chinese cybersecurity vendor that works for the Chinese government exposed a range of hacking tools and services.
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!
Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure.
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
Bitdefender researchers have discovered a new backdoor targeting Mac OS users.
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Lucas Miller and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Ivanti Avalanche enterprise mobility management program. Other Ivanti products
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.
Arctic Wolf Labs has discovered, based on recent intrusion observations, a new Go-based malware loader named CherryLoader
It's been a while since I wrote an "attack of the week" post, and the fault for this is entirely mine. I've been much too busy writing boring posts about Schnorr signatures! But this week's news brings an exciting story with both technical and political dimensions: new reports claim that Chinese security agencies have developed…
Veeam Backup & Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted:
SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg
He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude:
We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
This write-up presents an exploit for a vulnerability in the XNU kernel:
Assigned CVE-2023-32434.
Fixed in iOS 16.5.1 and macOS 13.4.1.
Reachable from the WebContent sandbox and might have been actively exploited.
*Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way.
The exploit has been successfully tested on:
iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max)
macOS 13.1 and 13.4 (MacBook Air M2 2022)
All code snippets shown below are from xnu-8792.81.2.
On 26th October, 2023 F5 released a security advisory about a critical unauthenticated remote code execution vulnerability, CVE-2023-46747, in F5’s BIG-IP configuration utility. This vulnerability could allow unauthent…
