In this blog post, we discuss the technical details of a new banking dropper that we have dubbed DawDropper, give a brief history of banking trojans released in early 2022 that use malicious droppers, and elaborate on cybercriminal activities related to DaaS in the deep web. Source link
Read More
Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike Cyber Threats Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics. By: Buddy Tancio, Jed Valderama July 27, 2022 Read time: ( words) Our in-depth analysis of what began as an unusual PowerShell script revealed intrusion sets associated with Gootkit loader. In the past, Gootkit used freeware installers…
Read More
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography Cloud In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking. By: Alfredo Oliveira, David Fiser July 21, 2022 Read time: ( words) Previously, we reported on how threat actors are targeting multiple cloud environments such as Huawei Cloud to host cryptocurrency-mining malware by abusing misconfiguration issues and weak or stolen…
Read More
The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable endpoint security products, move laterally across networks, and exfiltrate information, among others. We have also extensively discussed legitimate tools that…
Read More
Q: Are you or do you expect to use cloud-based capabilities in your private network? Network cloudification?Base: n = 408 Source: 451 Research custom study Coexistence of technology evolution and cybersecurity Openness expands business opportunities, but there are always major security challenges. Many of us will remember the Apache Log4j vulnerability that occurred at the end of 2021. The use of open source is also promoted in O-RAN ALLIANCE mentioned above, but the biggest security…
Read More
Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, we have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. These instances of so-called “protestware” occur in the form of code changes by certain open-source code maintainers or backers in what could only be surmised as…
Read More
We created an attacker on the network that sends an RTPS payload with parameter Length set to 4 null bytes, causing the DDS layer underneath the ROS 2 node to crash abruptly. The Lidar sensor is still sending information about obstacles, but this is not delivered in time (if at all), causing the control loop to miss deadlines. Consequently, the robot will be blind to obstacles or won’t see them in time. Recommendations Following the…
Read More
In this section, we cover how malicious actors are leveraging Windows runners in their attempts to mine cryptocurrency, as well as the persistence techniques they use to dodge detection by GitHub to prevent their Actions from being disabled. GitHub provides the runner, a server designed to run workflows (aka Actions). Workflows are deployed on Azure and terminated after an enterprise’s automation is completed. While this service has its limits, users do not pay anything to…
Read More
Data Distribution Service: Exploring Vulnerabilities and Risks Part 2 Privacy & Risks In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations. By: Trend Micro July 06, 2022 Read time: ( words) In part one, we have an exhaustive overview of Data Distribution Services (DDS). We also highlighted where this middleware software is used, which includes systems that drive systems such as railways,…
Read More
Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. By: Nathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio July 06,…
Read More
Introduction Cloud computing services have grown exponentially in