Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
19 résultats taggé analysis  ✕
The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP https://xorl.wordpress.com/2022/06/22/the-forgotten-suaveeyeful-freebsd-software-implant-of-the-equation-group/
24/06/2022 09:23:37
QRCode
archive.org
thumbnail

I was checking the 2017 ShadowBrokers leaks when I noticed that one of the EQUATION GROUP tools leaked back then has no public references/analysis (at least as far as I can tell). So, here is what …

xorl 2022 EN FreeBSD EquationGroup 2017 implant SUAVEEYEFUL China Japan US analysis
Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.’ https://www.nytimes.com/2022/06/21/technology/microsoft-facial-recognition.html
23/06/2022 06:48:37
QRCode
archive.org
thumbnail

For years, activists and academics have been raising concerns that facial analysis software that claims to be able to identify a person’s age, gender and emotional state can be biased, unreliable or invasive — and shouldn’t be sold.

nytimes 2022 EN facial-analysis privacy Face Analysis Responsible AI recognition
Emotet SMB spreader overview http://reversing.fun/posts/2022/06/20/emotet-smb-spreader.html
21/06/2022 17:24:22
QRCode
archive.org

Emotet is back in business and it’s revealing some new tricks. Not long ago, Emotet introduced a new module, the Google Chrome’s credit card grabber. More recently, the SMB spreader module has been brought back and is now, once again, part of the infection chain.

reversing.fun Emotet 2022 SMB analysis module
BRATA is evolving into an Advanced Persistent Threat https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat?s=09
20/06/2022 08:49:35
QRCode
archive.org
thumbnail

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

cleafy 2022 EN malware BRATA APT phishing analysis IOCs banker
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat https://blog.malwarebytes.com/threat-analysis/2022/06/asyncrat-surpasses-dridex-trickbot-and-emotet-to-become-dominant-email-threat/
13/06/2022 11:36:11
QRCode
archive.org
thumbnail

Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.

malwarebytes EN 2022 analysis email threat email-threat Review TrickBot ASyncRat Dridex
A closer look at Eternity Malware https://blog.cyble.com/2022/05/12/a-closer-look-at-eternity-malware/
16/05/2022 12:00:29
QRCode
archive.org
thumbnail

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

Cyble 2022 EN 2022 Eternity Malware Telegram analysis
Analyzing a Pirrit adware installer https://forensicitguy.github.io/analyzing-pirrit-adware-installer/
14/05/2022 09:33:03
QRCode
archive.org

While Windows holds the largest market share on malware, macOS has its fair share of threats that mostly exist in an adware/grayware area. In this post I want to walk through how a Pirrit PKG file installer works. There are lots of more complex threats, but this is a good place to start if you’re just jumping into analysis. If you want to follow along at home, I’m working with this file in MalwareBazaar: https://bazaar.abuse.ch/sample/d39426dbceb54bba51587242f8101184df43cc23af7dc7b364ca2327e28e7825/.

forensicitguy EN Analysis pirrit macOS malware walkthough PKG adware
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html
03/05/2022 09:58:30
QRCode
archive.org
thumbnail

Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software. Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like ua-parser-js, and node-ipc are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users.

google 2022 EN opensource Package Analysis Project malicious packages
Introducing Package Analysis: Scanning open source packages for malicious behavior https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
02/05/2022 10:50:10
QRCode
archive.org

Today we’re pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis, the project identified more than 200 malicious packages uploaded to PyPI and npm.

openssf EN 2022 Analysis Scan opensource packages Package behavior
AcidRain | A Modem Wiper Rains Down on Europe https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
08/04/2022 09:19:52
QRCode
archive.org
thumbnail

As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.

sentinelone EN AcidRain Wiper cyberwar Russia analysis
Complete dissection of an APK with a suspicious C2 Server https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/
02/04/2022 12:06:04
QRCode
archive.org

During our analysis of the Penquin-related infrastructure we reported in our previous post, we paid special attention to the malicious binaries contacting these IP addresses, since as we showed in the analysis, they had been used as C2 of other threats used by Turla.

turla apk android analysis EN 2022 lab52 c2
Lapsus$: when kiddies play in the big league https://www.sekoia.io/en/lapsus-when-kiddies-play-in-the-big-league/
23/03/2022 18:05:52
QRCode
archive.org
thumbnail

You may not have missed all the noises recently caused by Lapsus$, a group that seems to specialize in extortion without necessarily leveraging ransomware.

At first glance, Lapsus$ check marks all elements that would make researchers put them in the low priority threats, especially considering their readiness to make dramas and OpSec failures. Except that the group has successfully managed to significantly enrich its victim list with high profile corporations, thus drawing all our attention.

In the following, we will describe the threat actor profile that was drawn by our investigations based either on OSINT, dark web or infrastructure analysis.

sekoia EN 2022 analysis Lapsus$ group
BRANCH HISTORY INJECTION https://www.vusec.net/projects/bhi-spectre-bhb/?s=09
11/03/2022 10:09:52
QRCode
archive.org

On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it (PoC||GTFO right?).

vusec 2022 EN analysis spectre exploit speculative cross-privilege attack
An update on the threat landscape https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
08/03/2022 14:28:40
QRCode
archive.org
thumbnail

Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.

google threat analysis 2022 EN Ukraine TAG GoogleTAG informations APT28 UNC1151 Ghostwriter FancyBear MustangPanda
Cyber Realism in a Time of War https://www.lawfareblog.com/cyber-realism-time-war
03/03/2022 21:16:47
QRCode
archive.org
thumbnail

Activity in the digital domain may affect the war in Eastern Europe at the margins, but it will not decide it. That should tell us something about the West’s cyber posture.

politics lawfareblog weapon EN 2022 analysis Cybersecurity realism opinion
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/
23/02/2022 10:13:09
QRCode
archive.org
thumbnail

Bvp47 - a Top-tier Backdoor of US NSA Equation Group

PDF Document

pangulab EN 2022 analysis NSA EquationGroup Backdoor Bvp47 APT CIA TheShadowBrokers
Cyber-attack on ICRC: What we know https://www.icrc.org/en/document/cyber-attack-icrc-what-we-know
16/02/2022 11:21:27
QRCode
archive.org
thumbnail

Nearly a month has passed since we determined that servers hosting personal data belonging to more than 515,000 people worldwide were hacked in a sophisticated cyber-attack. We are now in a position to share some findings of our analysis of this data breach.

attack ICRC analysis APT sharing databreach
Objective-See's Blog https://objective-see.com/blog/blog_0x6D.html
15/02/2022 10:35:30
QRCode
archive.org
thumbnail

Analyzing OSX.DazzleSpy
A fully-featured cyber-espionage macOS implant

objectivesee EN analysis cyberespionage Asia macos DazzleSpy
SysJoker analyzing the first (macOS) malware of 2022! https://objective-see.com/blog/blog_0x6C.html
15/02/2022 10:18:34
QRCode
archive.org
thumbnail

Earlier today (January 11th), Researchers at Intezer published an report titled, “New SysJoker Backdoor Targets Windows, Linux, and macOS.”

In this report, they detailed a new cross-platform backdoor they named SysJoker. Though initially discovered on Linux, the Intezer researchers shortly thereafter also found both Windows and Mac versions:

"SysJoker was first discovered during an active attack on a Linux-based web server of a leading educational institution. After further investigation, we found that SysJoker also has Mach-O and Windows PE versions." -Intezer

SysJoker macos malware EN objectivesee report analysis
406 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio