ESET researchers publish an analysis of Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks.<<

• We discovered a malicious downloader being deployed, by legitimate Chinese software update mechanisms, onto victims’ machines.
• The downloader seeks to deploy a modular backdoor that we have named WizardNet.
• We analyzed Spellbinder: the tool the attackers use to conduct local adversary-in-the-middle attacks and to redirect traffic to an attacker-controlled server to deliver the group’s signature backdoor WizardNet.
• We provide details abouts links between TheWizards and the Chinese company Dianke Network Security Technology, also known as UPSEC.

In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices.
All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays.

Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.

1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies.

Introducing a novel technique for e-mail spoofing