research

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639

Posted on by Admin
MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639

MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639 We discovered a now-patched vulnerability in macOS SUHelper, designated as CVE-2022-22639. If exploited, the vulnerability could allow malicious actors to gain root privilege escalation. By: Mickey Jin April 04, 2022 Read time:  ( words) We discovered a vulnerability in suhelperd, a helper daemon process for Software Update in macOS. A class inside suhelperd, SUHelper, provides an essential system service through the inter-process communication (IPC)…

Read More

An In-Depth Look at ICS Vulnerabilities Part 1

Posted on by Admin
An In-Depth Look at ICS Vulnerabilities Part 1

In 2021, there were significant changes in the methods used by cyber attackers. More advanced destructive supply chain attacks also came to the surface this year. This has created an anxious environment, driving developments in cyber defense and the discovery of ICS-related CVEs. 2021’s timeline overview of major OT and ICS cyber incidents shows that modern criminal operations have become so developed that a service industry has emerged with a common business model – Ransom­ware-as-a-Service…

Read More

Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

Posted on by Admin
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously

But that’s just the tangible cost of a cryptocurrency-mining attack. There are also indirect consequences that an affected organization might encounter, such as the disruption and slowdown of operations that could result in loss of revenue or even damage to the reputation of the organization because of the inconveniences brought upon its customers. The major players in the cloud-based cryptocurrency mining landscape are diverse in terms of their tools, techniques, and even the way they…

Read More

Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

Posted on by Admin
Purple Fox Uses New Arrival Vector and Improves Malware Arsenal

In previous campaigns in 2019, HTTP file servers (HFS) were used by Purple Fox to run the C&C servers that host files on the infected bots. In this most recent investigation, we found an exposed HFS that the Purple Fox group uses to host all the second stage samples with their update timestamps. We were able to track the frequency of the second stage updated packages pushed to this exposed server using the timestamp data….

Read More

An Investigation of Cryptocurrency Scams and Schemes

Posted on by Admin
An Investigation of Cryptocurrency Scams and Schemes

The use of cryptocurrency has increased tremendously since it was first introduced in 2009. As blockchain technology has only enabled this use to expand, interest in cryptocurrency and the assets that are generated in its use also continue to grow. However, the virtual environment that allows it to flourish has also become fertile ground for cybercriminals to exploit, so much so that there has been a constant stream of reports on scams related to cryptocurrency…

Read More

Cyclops Blink Sets Sights on Asus Routers

Posted on by Admin
Cyclops Blink Sets Sights on Asus Routers

Conclusion and security recommendations Over the past few years, IoT attacks have been escalating globally and internet routers have been one of the primary targets. There are several reasons that these devices are favored by an attacker — the infrequency of patching, the lack of security software, and the limited visibility of defenders. Combined, these allow for the possibility of what we refer to as “eternal botnets.” Once an IoT device is infected with malware,…

Read More

New Nokoyawa Ransomware Possibly Related to Hive

Posted on by Admin
New Nokoyawa Ransomware Possibly Related to Hive

Hive, which is one of the more notable ransomware families of 2021, made waves in the latter half of the year after breaching over 300 organizations in just four months — allowing the group to earn what could potentially be millions of US dollars in profit. In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in…

Read More

New RURansom Wiper Targets Russia

Posted on by Admin
New RURansom Wiper Targets Russia

Other versions also attempt to start the process with elevated privileges. These different versions and modifications might indicate that the malware was still undergoing development at the time of writing. Other activities from the same author Aside from RURansom, the developer appears to have been working on another “wiper” dubbed as “dnWipe.” Its payload is executed every Tuesday. We analyzed dnWipe and found that it simply encodes content in base64 for the following file extensions:…

Read More

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

Posted on by Admin
SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service

SMS PVA Part 3: Countries Most Impacted by Cybercriminal Service Malware In this final part, we discuss the countries most affected by SMS PVA services as well as lay out several recommendations to mitigate the risks of such threats. By: Trend Micro March 02, 2022 Read time:  ( words) Part two of our blog entry discussed the impacts and implications of SMS PVA services. The article also explored how these services work by using Carousell…

Read More

SMS PVA Part 2: Underground Service for Cybercriminals

Posted on by Admin
SMS PVA Part 2: Underground Service for Cybercriminals

In this sample, we can see an Indonesian mobile number with an “ethnically” matching photograph in Whatsapp (presumed real account of the owner), but with a Russian name in Telegram (account presumed to have been registered using SMS PVA). These are just some illustrations of the common trend we saw on smspva.net. Either the accounts have different names across different services, or the country of the mobile phone does not match the language used in…

Read More
1 12 13 14 15 16 18