endpoints

Attack on Security Titans: Earth Longzhi Returns With New Tricks

Posted on May 2, 2023May 2, 2023 by Admin

Attack on Security Titans: Earth Longzhi Returns With New Tricks After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat. By: Ted Lee, Hara Hiroaki May 02, 2023 Read time: ( words) We discovered a new campaign by Earth Longzhi (a subgroup of APT41) that targets organizations based…

Rapture, a Ransomware Family With Similarities to Paradise

Posted on April 28, 2023April 28, 2023 by Admin

Rapture, a Ransomware Family With Similarities to Paradise Ransomware In March and April 2023, we observed a type of ransomware targeting its victims via a minimalistic approach with tools that leave only a minimal footprint behind. Our findings revealed many of the preparations made by the perpetrators and how quickly they managed to carry out the ransomware attack. By: Don Ovid Ladores, Ian Kenefick, Earle Maui Earnshaw April 28, 2023 Read time: ( words) In…

ViperSoftX Updates Encryption, Steals Data

Posted on April 24, 2023April 24, 2023 by Admin

Figure 11. Top 10 countries affected by ViperSoftX malware in the enterprise (top) and consumer (bottom) sectorsSource: Trend Micro Smart Protection Network (SPN) Conclusion and insights While other cybercriminals use sideloading to load another non-binary component (usually the encrypted payload, which comes together as a package with the normal executable and the sideloaded DLL), the chosen techniques of the actors behind ViperSoftX (which involve using WMI Query Language (WQL), DLL sideloading/DLL load order hijacking, PowerShell…

An Analysis of the BabLock Ransomware

Posted on April 18, 2023April 18, 2023 by Admin

An Analysis of the BabLock Ransomware Ransomware This blog post analyzes a stealthy and expeditious ransomware called BabLock (aka Rorschach), which shares many characteristics with LockBit. By: Don Ovid Ladores April 18, 2023 Read time: ( words) A ransomware called BabLock (aka Rorschach) has recently been making waves due to its sophisticated and fast-moving attack chain that uses subtle yet effective techniques. Although primarily based on LockBit, the ransomware is a hodgepodge of other different…

Mac Malware MacStealer Spreads as Fake P2E Apps

Posted on March 30, 2023March 30, 2023 by Admin

Conclusion While not new, P2E games are enjoying a renewed interest and rise in popularity, and so will the efforts of threat actors aiming to take advantage of this growing trend. MacStealer malware is just one of many to take advantage of P2Es’ traction. P2E gamers, in particular, are lucrative targets because the economic model of these games requires them to adopt cryptocurrencies and wallets. Security researchers can find investigating the delivery of the malware…

New OpcJacker Malware Distributed via Fake VPN Malvertising

Posted on March 29, 2023March 29, 2023 by Admin

New OpcJacker Malware Distributed via Fake VPN Malvertising Malware We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022. By: Jaromir Horejsi, Joseph C Chen March 29, 2023 Read time: ( words) We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability),…

Earth Preta’s Cyberespionage Campaign Hits Over 200

Posted on March 27, 2023March 27, 2023 by Admin

This mix of traditional intelligence trade craft and cyber techniques could mean that these groups have access to advanced resources and support from nation states, since such techniques are not typically available to independent hackers. Moreover, this approach could signify the growing convergence of cyber- and physical security as cyberattacks continue to move beyond digital systems and into the physical world. Operation groups While this is not a comprehensive list, we summarize and attribute the…

Patch CVE-2023-23397 Immediately: What You Need To Know and Do

Posted on March 21, 2023March 25, 2023 by Admin

How is CVE-2023-23397 exploited? The attacker sends a message to the victim with an extended Message Application Program Interface (MAPI) property with a Universal Naming Convention (UNC) path to a remote attacker-controlled Server Message Block (SMB, via TCP 445). Share-hosted on a server controlled by the attacker, the vulnerability is exploited whether the recipient has seen the message or not. The attacker remotely sends a malicious calendar invite represented by .msg — the message format…

Emotet Returns, Now Adopts Binary Padding for Evasion

Posted on March 13, 2023March 14, 2023 by Admin

Once a user enables macros for the malicious document, it will download a ZIP file will from one of seven hardcoded and obfuscated URLs (which will be iterated through until the file is successfully retrieved): hxxps://midcoastsupplies.com[.]au/configNQS/Es2oE4GEH7fbZ/ hxxp://mtp.evotek[.]vn/wp-content/L/ hxxp://www.189dom[.]com/xue80/C0aJr5tfI5Pvi8m/ hxxps://esentai-gourmet[.]kz/404/EDt0f/ hxxp://139.219.4[.]166/wp-includes/XXrRaJtiutdHn7N13/ hxxps://www.snaptikt[.]com/wp-includes/aM4Cz6wp2K4sfQ/ hxxps://diasgallery[.]com:443/about/R/ The macro will then check if the response is 200 (indicating a success retrieval of the file). If so, it will then check if that file is either a PE File or a…

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

Posted on March 2, 2023March 2, 2023 by Admin

Security recommendations and Trend Micro solutions Email-related threats are becoming increasingly sophisticated and harder to spot. Back in the day, bad grammar and an exaggerated sense of urgency were enough tell-tale signs of malicious emails. Nowadays, malicious actors have evolved to mimic the voice and tone of the character they’re trying to pretend to be and at times, are prepared to play the long con. To successfully combat spam or phishing threats, organizations must…

1 2 3 … 11 »

endpoints

Attack on Security Titans: Earth Longzhi Returns With New Tricks

Rapture, a Ransomware Family With Similarities to Paradise

ViperSoftX Updates Encryption, Steals Data

An Analysis of the BabLock Ransomware

Mac Malware MacStealer Spreads as Fake P2E Apps

New OpcJacker Malware Distributed via Fake VPN Malvertising

Emotet Returns, Now Adopts Binary Padding for Evasion

Managed XDR Exposes Spear-Phishing Campaign Targeting Hospitality Industry Using RedLine Stealer

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)