Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

A new bypass appears According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd service will spawn the script directly instead of resorting to the isolated XPC service. The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we…

Read More

Raspberry Robin Malware Targets Telecom, Governments

Raspberry Robin Malware Targets Telecom, Governments

We noted layers 3 and 5 as capable of anti-analysis techniques. Meanwhile, we found that not all layers have unique packers. The fourth and seventh layers are identical, as well as the tenth and thirteenth. The packing of the eighth and fourteenth layers are also similar. This repeated use of packers implies that the group is using a separate packing program. We are continuing with our analysis to see if this program is their own…

Read More

Web3 IPFS Only Used for Phishing – So Far

Web3 IPFS Only Used for Phishing – So Far

Web3 IPFS Only Used for Phishing – So Far Cloud We discuss the use of the InterPlanetary File System (IPFS) in phishing attacks. By: Matsukawa Bakuei, Morton Swimmer December 20, 2022 Read time:  ( words) Web3 has been garnering attention recently, but it has yet to be used for anything practical and widespread except for one thing: phishing. The concept of Web 3 encompasses a variety of technologies. In this article, we will ignore the…

Read More

A Closer Look at Windows Kernel Threats

A Closer Look at Windows Kernel Threats

Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the telecommunication, business process outsourcing (BPO), managed security service provider (MSSP), and financial services industries. This month, SophosLabs also reported their…

Read More

Agenda Ransomware Uses Rust to Target More Vital Industries

Agenda Ransomware Uses Rust to Target More Vital Industries

Agenda Ransomware Uses Rust to Target More Vital Industries Ransomware This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda’s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works. By: Nathaniel Morales, Ivan Nicole Chavez, Nathaniel Gregory Ragasa, Don Ovid Ladores, Jeffrey Francis Bonaobra, Monte de Jesus December 16, 2022 Read time:  ( words) This year, ransomware-as-a-service…

Read More

Trend Helps Google Play Prevent Malicious Apps via ADA

Trend Helps Google Play Prevent Malicious Apps via ADA

Trend Helps Google Play Prevent Malicious Apps via ADA Trend Micro will be joining Google’s App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the Google Play store. By: Jon Clay December 16, 2022 Read time:  ( words) Google has announced Trend Micro will be joining their App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published to the…

Read More

Ransomware Business Models: Future Pivots and Trends

Ransomware Business Models: Future Pivots and Trends

RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale. Evolutions Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in…

Read More

Trend Joining App Defense Alliance Announced by Google

Trend Joining App Defense Alliance Announced by Google

Trend Joining App Defense Alliance Announced by Google Malware Trend Micro’s participation in Google’s App Defense Alliance will ensure the security of customers by preventing malicious apps from being made available on the Google Play Store. By: Jon Clay December 15, 2022 Read time:  ( words) On December 1, 2022, Google announced Trend Micro will be joining their App Defense Alliance (ADA) to help improve their ability to identify malicious apps before they are published…

Read More

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Our investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; we also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on…

Read More

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT

Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT Cloud We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool. By: David Fiser, Alfredo Oliveira December 12, 2022 Read time:  ( words) We’ve previously written about cryptojacking scenarios involving Linux machines and specific cloud computing instances being targeted by threat actors active in this space such as TeamTNT. We found that the routines and chain of…

Read More
1 5 6 7 8 9 27