A Look Into Purple Fox’s Server Infrastructure

A Look Into Purple Fox’s Server Infrastructure

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Read More

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. By: Nitesh Surana December 03, 2021 Read time:  ( words) Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this…

Read More

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies’ limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions — such as sandboxes — which may implement file…

Read More

QAKBOT Loader Returns With New Techniques and Tools

QAKBOT Loader Returns With New Techniques and Tools

QAKBOT Loader Returns With New Techniques and Tools Malware QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using. By: Ian Kenefick, Vladimir Kropotov November 13, 2021 Read time:  ( words) QAKBOT is a prevalent information-stealing malware that was first discovered…

Read More

This Week in Security News – November 12, 2021

This Week in Security News – November 12, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the prolific cybermercenaries, Void Balaur, and their recent attacks. Also, read on the 80-country agreement to mobilize safeguards against cyberattacks. Read on: Void Balaur and the Rise of the Cybermercenary Industry One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threat actor group that…

Read More
1 9 10 11