research

“Payzero” Scams and The Evolution of Asset Theft in Web3

Posted on by Admin
“Payzero” Scams and The Evolution of Asset Theft in Web3

“Payzero” Scams and The Evolution of Asset Theft in Web3 Cyber Threats In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. By: Fyodor Yarochkin, Vladimir Kropotov, Jay Liao January 18, 2023 Read time:  ( words) Web3 is a lucrative emerging technology where many participants seek quick profit via…

Read More

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Posted on by Admin
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks Malware We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader). By: Junestherry Dela Cruz January 17, 2023 Read time:  ( words) We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis…

Read More

Gootkit Loader Actively Targets Australian Healthcare Industry

Posted on by Admin
Gootkit Loader Actively Targets Australian Healthcare Industry

Credential access The file krb.txt was created by one of the injected processes that contains Kerberos hashes for several accounts. Given that we did not see any dumping activity in the process telemetry, the dumping process transpired in the memory; it did not introduce a new tool or an executable file to do the dumping.   Impact The final payload is unknown for this case since we detected it and responded to it while it was…

Read More

Dridex Returns, Targets MacOS Using New Entry Method

Posted on by Admin
Dridex Returns, Targets MacOS Using New Entry Method

Dridex Returns, Targets MacOS Using New Entry Method Malware The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users. By: Armando Nathaniel Pedragoza January 05, 2023 Read time:  ( words) Normally, documents containing malicious macros enter a user’s system via email attachments posing as normal document files. However, while this might be the primary method of arrival, malicious actors have other ways of entering…

Read More

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Posted on by Admin
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 Exploits & Vulnerabilities This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. By: Mickey Jin December 21, 2022 Read time:  ( words) On Jan. 26, 2022, Apple patched a System Integrity Protection (SIP)-bypass vulnerability in the PackageKit framework, identified as CVE-2022-22583. Apple shared…

Read More

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Posted on by Admin
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

A new bypass appears According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd service will spawn the script directly instead of resorting to the isolated XPC service. The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we…

Read More

Web3 IPFS Only Used for Phishing – So Far

Posted on by Admin
Web3 IPFS Only Used for Phishing – So Far

Web3 IPFS Only Used for Phishing – So Far Cloud We discuss the use of the InterPlanetary File System (IPFS) in phishing attacks. By: Matsukawa Bakuei, Morton Swimmer December 20, 2022 Read time:  ( words) Web3 has been garnering attention recently, but it has yet to be used for anything practical and widespread except for one thing: phishing. The concept of Web 3 encompasses a variety of technologies. In this article, we will ignore the…

Read More

A Closer Look at Windows Kernel Threats

Posted on by Admin
A Closer Look at Windows Kernel Threats

Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the telecommunication, business process outsourcing (BPO), managed security service provider (MSSP), and financial services industries. This month, SophosLabs also reported their…

Read More

Agenda Ransomware Uses Rust to Target More Vital Industries

Posted on by Admin
Agenda Ransomware Uses Rust to Target More Vital Industries

Agenda Ransomware Uses Rust to Target More Vital Industries Ransomware This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda’s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works. By: Nathaniel Morales, Ivan Nicole Chavez, Nathaniel Gregory Ragasa, Don Ovid Ladores, Jeffrey Francis Bonaobra, Monte de Jesus December 16, 2022 Read time:  ( words) This year, ransomware-as-a-service…

Read More

Ransomware Business Models: Future Pivots and Trends

Posted on by Admin
Ransomware Business Models: Future Pivots and Trends

RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale. Evolutions Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in…

Read More
1 3 4 5 6 7 18