Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 45
883 résultats taggé EN  ✕
Iran responsible for Charlie Hebdo attacks https://www.microsoft.com/en-us/security/business/security-insider/uncategorized/iran-responsible-for-charlie-hebdo-attacks/
06/02/2023 19:44:22
QRCode
archive.org
thumbnail

Today, Microsoft’s Digital Threat Analysis Center (DTAC) is attributing a recent influence operation targeting the satirical French magazine Charlie Hebdo

microsoft DTAC EN 2023 attribution Iran influence France CharlieHebdo EmennetPasargad
Onenote Malware: Classification and Personal Notes https://marcoramilli.com/2023/02/04/onenote-malware-classification-and-personal-notes/
06/02/2023 18:59:12
QRCode
archive.org
thumbnail

During the past 4 months Microsoft Onenote file format has been (ab)used as Malware carrier by different criminal groups. While the main infection vector is still on eMail side - so nothing really relevant to write on - the used techniques, the templates and the implemented code to inoculate Malware changed a lot. So it…

marcoramilli EN 2023 OneNote abused technical Malware
Detecting OneNote Abuse https://labs.withsecure.com/publications/detecting-onenote-abuse
06/02/2023 18:58:22
QRCode
archive.org
thumbnail

OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.

withsecure 2023 EN Attack-detection OneNote Office LNK
No Macro? No Worries. VSTO Being Weaponized by Threat Actors https://www.deepinstinct.com/blog/no-macro-no-worries-vsto-being-weaponized-by-threat-actors
06/02/2023 18:54:47
QRCode
archive.org
thumbnail

A software development toolset, VSTO is available in Microsoft’s Visual Studio IDE. It enables Office Add-In’s (a type of Office application extension) to be developed in .NET and also allows for Office documents to be created that will deliver and execute these Add-In’s.

deepinstinct EN 2023 Weaponized VSTO Microsoft VisualStudio IDE Add-In
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide https://www.bleepingcomputer.com/news/security/massive-esxiargs-ransomware-attack-targets-vmware-esxi-servers-worldwide/
05/02/2023 12:57:29
QRCode
archive.org
thumbnail

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

bleepingcomputer EN 2023 ESXiArgs Nevada-Ransomware Ransomware VMware Vmware-ESXi
Exploitation of GoAnywhere MFT zero-day vulnerability https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
05/02/2023 10:47:52
QRCode
archive.org
thumbnail

On Thursday, February 2, 2023, security reporter Brian Krebs published a warning on Mastodon about an actively exploited zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT managed file transfer solution. Fortra (formerly HelpSystems) evidently published an advisory on February 1 behind authentication; there is no publicly accessible advisory.

rapid7 EN 2023 GoAnywhere BrianKrebs Fortra HelpSystems MFT
Malware-Traffic-Analysis.net - 2023-02-03 - DEV-0569 activity: Google ad --> FakeBat Loader --> Redline Stealer & Gozi/ISFB/Ursnif https://www.malware-traffic-analysis.net/2023/02/03/index.html
05/02/2023 10:46:32
QRCode
archive.org

NOTES:

Zip files are password-protected. If you don't know the password, see the "about" page of this website.
IOCs are listed on this page below all of the images.

malware-traffic-analysis EN 2023 analysis googleads DEV-0569 CPU-Z IoCs
Ransomware Roundup – Trigona Ransomware https://www.fortinet.com/blog/threat-research/ransomware-roundup-trigona-ransomware
03/02/2023 21:47:20
QRCode
archive.org
thumbnail

In this week's Ransomware Roundup, FortiGuardLabs covers Trigona ransomware along with protection recommendations. Read the blog to find out more.

fortinet EN 2023 threat-research ransomware Trigona double-extortion IoCs
.NET Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
02/02/2023 21:21:11
QRCode
archive.org
thumbnail

.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.

sentinelone EN 2023 Malvertising googleads
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector https://labs.withsecure.com/publications/no-pineapple-dprk-targeting-of-medical-research-and-technology-sector
02/02/2023 15:16:56
QRCode
archive.org
thumbnail

During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.

WithSecure 2023 EN Case-study Report Lazarus attack
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware https://research.checkpoint.com/2023/following-the-scent-of-trickgate-6-year-old-packer-used-to-deploy-the-most-wanted-malware/
02/02/2023 07:19:20
QRCode
archive.org
thumbnail
  • Initially observed in July 2016, TrickGate is a shellcode-based packer offered as a service to hide malware from EDRs and antivirus programs.
  • Over the last 6 years, TrickGate was used to deploy the top members of the “Most Wanted Malware” list, such as Cerber, Trickbot, Maze, Emotet, REvil, Cobalt Strike, AZORult, Formbook, AgentTesla and more.
  • TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically. This characteristic caused the research community to identify it by numerous attributes and names.
  • While the packer’s wrapper changed over time, the main building blocks within TrickGate shellcode are still in use today.
  • Check Point Threat Emulation successfully detects and blocks the TrickGate packer.
checkpoint EN 2023 TrickGate shellcode hide EDR Cerber Trickbot Maze Emotet REvil CobaltStrike AZORult Formbook AgentTesla
OneNote Documents Increasingly Used to Deliver Malware https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
01/02/2023 22:06:17
QRCode
archive.org
thumbnail

Key Findings:

  • The use of Microsoft OneNote documents to deliver malware via email is increasing.
  • Multiple cybercriminal threat actors are using OneNote documents to deliver malware.
  • While some campaigns are targeted at specific industries, most are broadly targeted and include thousands of messages.
  • In order to detonate the payload, an end-user must interact with the OneNote document.
  • Campaigns have impacted organizations globally, including North America and Europe.
  • TA577 returned from a month-long hiatus in activity and began using OneNote to deliver Qbot at the end of January 2023.
proofpoint EN 2023 OneNote Documents Malware AsyncRAT IoCs Redline AgentTesla DOUBLEBACK
Qakbot's Evolution Continues with New Strategies https://blog.cyble.com/2023/02/01/qakbots-evolution-continues-with-new-strategies/
01/02/2023 21:48:20
QRCode
archive.org
thumbnail

Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.

Cyble EN 2023 Qakbot Microsoft OneNote
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware
01/02/2023 21:42:57
QRCode
archive.org
thumbnail

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

This blog will delve into the details of the HeadCrab attack, examining its methods of operation, techniques used to evade detection, and steps organizations can take to safeguard their systems.

aquasec EN 2023 State-of-the-Art Redis Malware HeadCrab
Hospitals urged to tighten DDoS defenses after health data found on Killnet list https://www.scmagazine.com/analysis/ransomware/hospitals-urged-to-tighten-ddos-defenses-after-health-data-found-on-killnet-list
01/02/2023 21:23:26
QRCode
archive.org
thumbnail

The Killnet hacktivist group is actively targeting the health sector with DDoS attacks, claiming to have successfully exfiltrated data from a number of hospitals within the last month, according to a Department of Health and Human Services Cybersecurity Coordination Center alert.

scmagazine EN 2023 Killnet DDoS Health hacktivist Hospitals
Pro-Russian DDoS attacks raise alarm in Denmark, U.S. https://therecord.media/ddos-denmark-us-russia-killnet/
01/02/2023 21:19:58
QRCode
archive.org
thumbnail

Distributed denial-of-service (DDoS) attacks by pro-Russian hacking groups are causing alarm in the U.S. and Denmark after several incidents affected websites of hospitals and government offices in both countries.

On Tuesday, Denmark announced that it was raising its cyber risk alert level after weeks of attacks on banks and the country’s defense ministry.

therecord EN 2023 DDoS Denmark US Denmark banks pro-Russian russia-ukraine-war Killnet
Google sponsored ads malvertising targets password manager https://www.malwarebytes.com/blog/threat-intelligence/2023/01/google-sponsored-ads-malvertising-targets-password-manager
01/02/2023 19:36:45
QRCode
archive.org
thumbnail

We have recently written about malvertising campaigns that leverage Google paid advertisements to try and trick people into downloading malware instead of the software they were looking for. This malware then stole login credentials from the affected system.

malwarebytes EN 2023 Google googleads passwordmanagers malware
Action needed for GitHub Desktop and Atom users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
01/02/2023 09:51:54
QRCode
archive.org
thumbnail

Update to the latest version of Desktop and previous version of Atom before February 2.

GitHub EN 2023 breach Update repositories
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide https://blog.cyble.com/2023/01/31/inthebox-web-injects-targeting-android-banking-applications-worldwide/?hss_channel=tw-1141929006603866117
31/01/2023 23:02:11
QRCode
archive.org
thumbnail

Cyble analyzes 'InTheBox' as part of its thorough research on Web Injects and their role in targeting Android Banking applications worldwide,

cyble EN 2023 analysis InTheBox Android Banking injection
Analyzing and remediating a malware infested T95 TV box from Amazon https://www.malwarebytes.com/blog/news/2023/01/preinstalled-malware-infested-t95-tv-box-from-amazon
31/01/2023 22:59:54
QRCode
archive.org
thumbnail

Find out why one of our Android experts has been obsessing over a little black box from Amazon.

malwarebytes EN 2023 howto T95 TVbox malware Android
page 1 / 45
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio