Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
49 résultats taggé research  ✕
Shining Light on Dark Power: Yet Another Ransomware Gang https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html
25/03/2023 21:11:57
QRCode
archive.org
thumbnail

Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives into the specifics of the ransomware used by the gang, as well as some information regarding their victim naming and shaming website, filled with non-paying victims and stolen data.

trellix EN 2023 DarkPower ransomware gang research
Uncle Sow: Dark Caracal in Latin America https://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america
12/02/2023 15:40:16
QRCode
archive.org
thumbnail

In 2018, EFF along with researchers from Lookout Security published a report describing the Advanced Persistent Threat (APT) we dubbed "Dark Caracal." Now we have uncovered a new Dark Caracal campaign operating since March of 2022, with hundreds of infections across more than a dozen countries. In this report we will present evidence that the cyber mercenary group Dark Caracal is still active and continues to be focused on Latin America, as was reported last year. We have discovered that Dark Caracal, using the Bandook spyware, is currently infecting over 700 computers in Central and South America, primarily in The Dominican Republic and Venezuela.

eff EN 2023 DarkCaracal APT LatinAmerica Venezuela campaign research
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html
09/02/2023 18:11:58
QRCode
archive.org
thumbnail

We discovered an active campaign targeting Eastern Europeans in the cryptocurrency industry using fake job lures.

trendmicro EN 2023 malware endpoints research Cryptocurrency campaign Fake Jobs
Accidentally Crashing a Botnet https://www.akamai.com/blog/security-research/kmsdbot-part-two-crashing-a-botnet
15/01/2023 16:15:38
QRCode
archive.org
thumbnail

As part of our research into the cryptomining botnet kmsdbot, we rendered it useless.

akamai EN 2022 Security-Research Research Bot-Attacks DDOS Bot-Attacks Cyber-Security Research Security-Research Kmsdbot botnet SIRT cryptomining crash malware
OPWNAI : Cybercriminals Starting to Use ChatGPT https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
07/01/2023 11:11:03
QRCode
archive.org

At the end of November 2022, OpenAI released ChatGPT, the new interface for its Large Language Model (LLM), which instantly created a flurry of interest in AI and its possible uses. However, ChatGPT has also added some spice to the modern cyber threat landscape as it quickly became apparent that code generation can help less-skilled threat actors effortlessly launch cyberattacks.

In Check Point Research’s (CPR) previous blog, we described how ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, capable of accepting commands in English. The question at hand is whether this is just a hypothetical threat or if there are already threat actors using OpenAI technologies for malicious purposes.

CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.

checkpoint EN 2023 research deepweb OpenAI ChatGPT cybercriminals malicious tools
Supply Chain Vulnerabilities Put Server Ecosystem At Risk https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
06/12/2022 22:46:22
QRCode
archive.org

BMC&C Eclypsium Research has discovered and reported 3 vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. MegaRAC BMC is widely used by many leading server manufacturers to provide “lights-out” management capabilities for their server products. Server manufacturers…

eclypsium EN 2022 CVE-2022-40259 CVE-2022-40242 CVE-2022-2827 Research AMI BMC MegaRAC supply-chain vulnerabilities server
Wi-Spy https://www.hackster.io/news/wi-spy-98d985364820
20/11/2022 10:45:30
QRCode
archive.org
thumbnail

The Wi-Peep exploit allows an attacker to covertly locate all of the Wi-Fi-enabled devices in a building quickly using inexpensive hardware.

Hackster.io EN 2022 research Wi-Fi Wi-Peep drone attacker locate devices
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor https://www.sentinelone.com/labs/black-basta-ransomware-attacks-deploy-custom-edr-evasion-tools-tied-to-fin7-threat-actor/
03/11/2022 16:40:02
QRCode
archive.org
thumbnail

Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.

SentinelOne EN 2022 BlackBasta FIN7 Research ransomware EDR TTPs
Banking Trojan Techniques: Financially Motivated Malware https://unit42.paloaltonetworks.com/banking-trojan-techniques/
01/11/2022 20:47:57
QRCode
archive.org

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

unit42 EN 2022 paloaltonetworks research Banking Trojan Techniques
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company https://www.trendmicro.com/en_us/research/22/j/lv-ransomware-exploits-proxyshell-in-attack.html
26/10/2022 20:19:52
QRCode
archive.org
thumbnail

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint

trendmicro EN 2022 ProxyShell endpoints targeted-attacks ransomware research APT REvil Sodinokibi
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries https://blogs.blackberry.com/en/2022/10/unattributed-romcom-threat-actor-spoofing-popular-apps-now-hits-ukrainian-militaries
24/10/2022 21:48:55
QRCode
archive.org
thumbnail

Threat actor RomCom RAT is now targeting Ukrainian military institutions. Known to deploy spoofed versions of popular software Advanced IP Scanner, once exposed, RomCom RAT switched to PDF Filler, another popular application, which indicates the group behind it is actively developing new capabilities.

blackberry EN 2022 Research Unattributed RomCom Advanced-IP-Scanner RAT
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/
21/10/2022 13:41:28
QRCode
archive.org
thumbnail

ESET researchers recently identified a new version of the Android malware FurBall being used in a Domestic Kitten campaign conducted by the APT-C-50 group. The Domestic Kitten campaign is known to conduct mobile surveillance operations against Iranian citizens and this new FurBall version is no different in its targeting. Since June 2021, it has been distributed as a translation app via a copycat of an Iranian website that provides translated articles, journals, and books. The malicious app was uploaded to VirusTotal where it triggered one of our YARA rules (used to classify and identify malware samples), which gave us the opportunity to analyze it.

WeLiveSecurity EN 2022 FurBall APT-C-50 surveillance Iran research
SafeBreach Uncovers Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
19/10/2022 08:30:40
QRCode
archive.org
thumbnail

See how this tool—created by a sophisticated and seemingly unknown threat actor—uses the unique approach of disguising itself as part of a Windows update.

SafeBreach EN 2022 Powershell Undetectable IoCs research
BianLian Ransomware Encrypts Files in the Blink of an Eye https://blogs.blackberry.com/en/2022/10/bianlian-ransomware-encrypts-files-in-the-blink-of-an-eye
18/10/2022 10:25:08
QRCode
archive.org
thumbnail

BianLian is a financially motivated threat actor that targets a wide range of industries. It uses the exotic programming language “Go” to encrypt files with unusual speed.

blackberry Research 2022 Ransomware BianLian GO Golang
On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
13/10/2022 11:05:20
QRCode
archive.org

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons

doyensec doyensecurity EN 2022 vulnerability exploit eBPF bypass research
Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike https://www.trendmicro.com/de_de/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html
13/10/2022 10:33:28
QRCode
archive.org
thumbnail

We analyzed a QAKBOT-related case leading to a Brute Ratel C4 and Cobalt Strike payload that can be attributed to the threat actors behind the Black Basta ransomware.

trendmicro EN 2022 malware research network reports cyber-threats QAKBOT BruteRatelC4 BlackBasta
POLONIUM targets Israel with Creepy malware https://www.welivesecurity.com/2022/10/11/polonium-targets-israel-creepy-malware/
13/10/2022 10:07:59
QRCode
archive.org
thumbnail

ESET researchers analyzed previously undocumented custom backdoors and cyberespionage tools deployed in Israel by the POLONIUM APT group.

welivesecurity EN 2022 research POLONIUM Israel malware APT
The Majority of PostgreSQL Servers on the Internet are Insecure https://innerjoin.bit.io/the-majority-of-postgresql-servers-on-the-internet-are-insecure-f1e5ea4b3da3
09/10/2022 00:09:25
QRCode
archive.org

At most 15% of the approximately 820,000 PostgreSQL servers listening on the Internet require encryption. In fact, only 36% even support encryption. This puts PostgreSQL servers well behind the rest of the Internet in terms of security. In comparison, according to Google, over 96% of page loads in Chrome on a Mac are encrypted. The top 100 websites support encryption, and 97 of those default to encryption.

innerjoin.bit.io EN 2022 PostgreSQL research Insecure internet medium
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research https://research.nccgroup.com/2022/09/30/a-glimpse-into-the-shadowy-realm-of-a-chinese-apt-detailed-analysis-of-a-shadowpad-intrusion/
03/10/2022 21:21:19
QRCode
archive.org
thumbnail

This post explores some of the TTPs employed by a threat actor who was observed deploying ShadowPad during an incident response engagement.

nccgroup EN 2022 TTP research ShadowPad CVE-2022-29464 secur32.dll
Slack’s and Teams’ Lax App Security Raises Alarms https://www.wired.com/story/slack-microsoft-teams-app-security/
27/09/2022 07:51:57
QRCode
archive.org
thumbnail

New research shows how third-party apps could be exploited to infiltrate these sensitive workplace tools.

wired EN 2022 Microsoft Teams Slack third-party app research
page 1 / 3
1185 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio