malware

Nation-state cyberattacks threaten the private sector

Posted on by Admin
Nation-state cyberattacks threaten the private sector

Nation-state cyberattacks threaten the private sector | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses CookiesBy…

Read More

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Posted on by Admin
Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. By: Abraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza December 17, 2021 Read time:  ( words) We recently published how Squirrelwaffle emerged as a loader using two exploits in a recent spam campaign in the Middle East. Further monitoring and analysis from our incident response and extended detection and response teams (IR/XDR)…

Read More

A Look Into Purple Fox’s Server Infrastructure

Posted on by Admin
A Look Into Purple Fox’s Server Infrastructure

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Read More

Preparing for the 2022 fraud threat landscape

Posted on by Admin
Preparing for the 2022 fraud threat landscape

Preparing for the 2022 fraud threat landscape | Security Magazine This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more. This Website Uses…

Read More

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Posted on by Admin
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware. By: Nitesh Surana December 03, 2021 Read time:  ( words) Earlier this year, a security flaw identified as CVE-2021-41773 was disclosed to Apache HTTP Server Project, a path traversal and remote code execution (RCE) flaw in Apache HTTP Server 2.4.49. If this…

Read More

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Posted on by Admin
Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Finally, we will analyze the two threads. The C&C communication thread regularly makes a GET request to <C&C domain>/<C&C path>?id=<9digit number>&stat=<environment hash>. The environment hash is computed as an MD5 hash of string created by concatenating the following five values: Value 1 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid))Value 2 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProductName))Value 3 = to_uppercase(crc32(user name))Value 4 = to_uppercase(crc32(computer name))Value 5 = concatenate Value1 Value2 Value3 Value4 It might receive a response in the following format: !lexec;<url to download>restartdelproc…

Read More

BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Posted on by Admin
BazarLoader Adds Compromised Installers, ISO to Arrival and Delivery Vectors

Conclusion The number of arrival mechanism variations used in BazarLoader campaigns continue to increase as threat actors diversify their attack patterns to evade detection. However, both techniques are noteworthy and still work despite their lack of novelty due to singular detection technologies’ limitations. For instance, while the use of compromised installers has been observed with other malware, the large file size can still challenge detection solutions — such as sandboxes — which may implement file…

Read More

Groups Target Alibaba ECS Instances for Cryptojacking

Posted on by Admin
Groups Target Alibaba ECS Instances for Cryptojacking

Groups Target Alibaba ECS Instances for Cryptojacking Cloud We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero. By: David Fiser, Alfredo Oliveira November 15, 2021 Read time:  ( words) It’s been known that threat actors are actively exploiting misconfigured Linux-powered servers, regardless of whether they run on-premises or in the cloud. The compromised devices are mostly used for cryptojacking purposes with the dominance of mining…

Read More
1 18 19 20 21 22 24