research

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

Posted on March 25, 2022March 25, 2022 by Admin

In previous campaigns in 2019, HTTP file servers (HFS) were used by Purple Fox to run the C&C servers that host files on the infected bots. In this most recent investigation, we found an exposed HFS that the Purple Fox group uses to host all the second stage samples with their update timestamps. We were able to track the frequency of the second stage updated packages pushed to this exposed server using the timestamp data….

An Investigation of Cryptocurrency Scams and Schemes

Posted on March 24, 2022March 25, 2022 by Admin

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency…

Cyclops Blink Sets Sights on Asus Routers

Posted on March 17, 2022March 17, 2022 by Admin

Conclusion and security recommendations Over the past few years, IoT attacks have been escalating globally and internet routers have been one of the primary targets. There are several reasons that these devices are favored by an attacker — the infrequency of patching, the lack of security software, and the limited visibility of defenders. Combined, these allow for the possibility of what we refer to as “eternal botnets.” Once an IoT device is infected with malware,…

New Nokoyawa Ransomware Possibly Related to Hive

Posted on March 9, 2022March 9, 2022 by Admin

Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in just four months — allowing the group to earn what could potentially be millions of US dollars in profit. In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in…

New RURansom Wiper Targets Russia

Posted on March 8, 2022March 8, 2022 by Admin

Other versions also attempt to start the process with elevated privileges. These different versions and modifications might indicate that the malware was still undergoing development at the time of writing. Other activities from the same author Aside from RURansom, the developer appears to have been working on another “wiper” dubbed as “dnWipe.” Its payload is executed every Tuesday. We analyzed dnWipe and found that it simply encodes content in base64 for the following file extensions:…

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

Posted on March 2, 2022March 3, 2022 by Admin

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service Malware In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats. By: Trend Micro March 02, 2022 Read time: ( words) Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell…

SMS PVA Part 2: Underground Service for Cybercriminals

Posted on February 27, 2022March 1, 2022 by Admin

In this sample, we can see an Indonesian mobile number with an “ethnically” matching photograph in Whatsapp (presumed real account of the owner), but with a Russian name in Telegram (account presumed to have been registered using SMS PVA). These are just some illustrations of the common trend we saw on smspva.net. Either the accounts have different names across different services, or the country of the mobile phone does not match the language used in…

SMS PVA Part 1: Underground Service for Cybercriminals

Posted on February 22, 2022February 23, 2022 by Admin

SMS PVA Part 1: Underground Service for Cybercriminals Malware In this three-part blog entry, our team explored SMS PVA, a service built on top of a global bot network that compromises smartphone cybersecurity as we know it. By: Trend Micro February 22, 2022 Read time: ( words) Smartphones have become a huge part of our daily lives. Not only do they allow us to connect with family and friends, these nifty devices let us become…

Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network

Posted on February 21, 2022February 21, 2022 by Admin

Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network Malware A Mac coinminer has been spotted using open-source components in its routine and the I2P Network to hide its traffic. We dive into old iterations of this malware, and also analyze the newest version. By: Luis Magisa February 21, 2022 Read time: ( words) Coinminers are one of the more profitable types of malware for malicious actors, and they require little maintenance once installed…

SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

Posted on February 15, 2022February 15, 2022 by Admin

Using these code snippets and C&C traffic as fingerprints, we were able to identify two more DEX files with the same functionality but different C&Cs, indicating an active development process and several versions of both the development code and production code of the Android malware. Only text messages sent by specific services and matched by the regex provided by the C&C were intercepted. This is likely to prevent the user of the Android phone from…

« 1 … 12 13 14 15 16 … 18 »

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

An Investigation of Cryptocurrency Scams and Schemes

Cyclops Blink Sets Sights on Asus Routers

New Nokoyawa Ransomware Possibly Related to Hive

New RURansom Wiper Targets Russia

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

SMS PVA Part 2: Underground Service for Cybercriminals

SMS PVA Part 1: Underground Service for Cybercriminals

Latest Mac Coinminer Utilizes Open-Source Binaries and the I2P Network

SMS PVA Services’ Use of Infected Android Phones Reveals Flaws in SMS Verification

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)