Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Finally, we will analyze the two threads. The C&C communication thread regularly makes a GET request to <C&C domain>/<C&C path>?id=<9digit number>&stat=<environment hash>. The environment hash is computed as an MD5 hash of string created by concatenating the following five values: Value 1 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid))Value 2 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProductName))Value 3 = to_uppercase(crc32(user name))Value 4 = to_uppercase(crc32(computer name))Value 5 = concatenate Value1 Value2 Value3 Value4 It might receive a response in the following format: !lexec;<url to download>restartdelproc…

Read More

AWS re:Invent 2021 Guide: Checklist & Key Sessions

AWS re:Invent 2021 Guide: Checklist & Key Sessions

AWS re:Invent 2021 Guide: Checklist & Key Sessions Cyber Threats Welcome to your complete guide to AWS re:Invent 2021, where you will find tips on how to get the most out of your conference experience both in Las Vegas and virtually. By: Aaron Ansari November 29, 2021 Read time:  ( words) AWS re:Invent is back in person for 2021 – providing the opportunity for viewing of their world-class content in the flesh. If you decide…

Read More

COP26 Backs Electric Vehicles to Reduce Climate Change

COP26 Backs Electric Vehicles to Reduce Climate Change

Last October 31, the 2021 United Nations Climate Change Conference started, tackling various ways on how countries plan to address the looming threat of climate change. During the event, electric vehicles (EVs) are expected to take center stage as one of the various ways countries can mitigate climate change. Also known as COP26, the 2021 edition is the 26th year that the conference parties to the United Nations Framework Convention on Climate Change. It is…

Read More

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies’ limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions — such as sandboxes — which may implement file…

Read More

This Week in Security News – November 19, 2021

This Week in Security News – November 19, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection. Read on: QAKBOT Loader Returns with New Techniques and Tools QAKBOT is a prevalent information-stealing malware that was first…

Read More

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains Exploits & Vulnerabilities Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell. By: Mohamed Fahmy, Sherif Magdy, Abdelrhman Sharshar November 19, 2021 Read time:  ( words) In September, Squirrelwaffle emerged as a new loader that is spread through spam campaigns. It is…

Read More

Digital Transformation Post-Pandemic Stats & Research

Digital Transformation Post-Pandemic Stats & Research

IT and business leaders have rarely seen eye-to-eye on cybersecurity, but today the friction seems more pronounced than ever. New Trend Micro research found that over 90% of IT decision-makers believe their organization would be willing to compromise on cybersecurity in favor of other priorities like digital transformation, productivity or customer experience. The short-term benefits of such a strategy are not worth the long-term costs. To succeed in the post-pandemic era, organizations must reconcile this…

Read More

Global Operations Lead to Arrests of Alleged Members of GandCrab REvil and Cl0p Cartels

Global Operations Lead to Arrests of Alleged Members of GandCrab REvil and Cl0p Cartels

A total of 13 suspects believed to be members of two prolific cybercrime rings were arrested as a global coalition across five continents involving law enforcement and private partners, including Trend Micro, sought to crack down on big ransomware operators. About the GandCrab/REvil arrests According to a report by Interpol, the global operation, which was done by 19 law enforcement agencies in 17 countries, led to the apprehension of seven suspects linked as “affiliates” or…

Read More

Groups Target Alibaba ECS Instances for Cryptojacking

Groups Target Alibaba ECS Instances for Cryptojacking

Groups Target Alibaba ECS Instances for Cryptojacking Cloud We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. By: David Fiser, Alfredo Oliveira November 15, 2021 Read time:  ( words) It’s been known that threat actors are actively exploiting misconfigured Linux-powered servers, regardless of whether they run on-premises or in the cloud. The compromised devices are mostly used for cryptojacking purposes with the dominance of mining…

Read More

QAKBOT Loader Returns With New Techniques and Tools

QAKBOT Loader Returns With New Techniques and Tools

QAKBOT Loader Returns With New Techniques and Tools Malware QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using. By: Ian Kenefick, Vladimir Kropotov November 13, 2021 Read time:  ( words) QAKBOT is a prevalent information-stealing malware that was first discovered…

Read More
1 24 25 26 27