research

New Mimic Ransomware Abuses Everything APIs for its Encryption Process

Posted on by Admin
New Mimic Ransomware Abuses Everything APIs for its Encryption Process

New Mimic Ransomware Abuses Everything APIs for its Encryption Process Ransomware Trend Micro researchers discovered a new ransomware that abuses the APIs of a legitimate tool called Everything, a Windows filename search engine developed by Voidtools that offers quick searching and real-time updates for minimal resource usage. By: Nathaniel Morales, Earle Maui Earnshaw, Don Ovid Ladores, Nick Dai, Nathaniel Gregory Ragasa January 26, 2023 Read time:  ( words) Trend Micro researchers discovered a new ransomware…

Read More

Vice Society Ransomware Group Targets Manufacturing Companies

Posted on by Admin
Vice Society Ransomware Group Targets Manufacturing Companies

Vice Society Ransomware Group Targets Manufacturing Companies Ransomware In this blog entry, we’d like to highlight our findings on Vice Society, which includes an end-to-end infection diagram that we were able to create using Trend Micro internal telemetry. By: Ieriz Nicolle Gonzalez, Paul Pajares, Arianne Dela Cruz, Warren Sto.Tomas January 24, 2023 Read time:  ( words) The Vice Society ransomware group made headlines in late 2022 and early 2023 during a spate of attacks against several targets, such as the one…

Read More

“Payzero” Scams and The Evolution of Asset Theft in Web3

Posted on by Admin
“Payzero” Scams and The Evolution of Asset Theft in Web3

“Payzero” Scams and The Evolution of Asset Theft in Web3 Cyber Threats In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”. By: Fyodor Yarochkin, Vladimir Kropotov, Jay Liao January 18, 2023 Read time:  ( words) Web3 is a lucrative emerging technology where many participants seek quick profit via…

Read More

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Posted on by Admin
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks

Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks Malware We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader). By: Junestherry Dela Cruz January 17, 2023 Read time:  ( words) We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis…

Read More

Gootkit Loader Actively Targets Australian Healthcare Industry

Posted on by Admin
Gootkit Loader Actively Targets Australian Healthcare Industry

Credential access The file krb.txt was created by one of the injected processes that contains Kerberos hashes for several accounts. Given that we did not see any dumping activity in the process telemetry, the dumping process transpired in the memory; it did not introduce a new tool or an executable file to do the dumping.   Impact The final payload is unknown for this case since we detected it and responded to it while it was…

Read More

Dridex Returns, Targets MacOS Using New Entry Method

Posted on by Admin
Dridex Returns, Targets MacOS Using New Entry Method

Dridex Returns, Targets MacOS Using New Entry Method Malware The Dridex variant we analyzed targets MacOS platforms with a new technique to deliver documents embedded with malicious macros to users. By: Armando Nathaniel Pedragoza January 05, 2023 Read time:  ( words) Normally, documents containing malicious macros enter a user’s system via email attachments posing as normal document files. However, while this might be the primary method of arrival, malicious actors have other ways of entering…

Read More

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

Posted on by Admin
A Technical Analysis of CVE-2022-22583 and CVE-2022-32800

A Technical Analysis of CVE-2022-22583 and CVE-2022-32800 Exploits & Vulnerabilities This blog entry discusses the technical details of how we exploited CVE-2022-22583 using a different method. We also tackle the technical details of CVE-2022-32800, another SIP-bypass that we discovered more recently, in this report. By: Mickey Jin December 21, 2022 Read time:  ( words) On Jan. 26, 2022, Apple patched a System Integrity Protection (SIP)-bypass vulnerability in the PackageKit framework, identified as CVE-2022-22583. Apple shared…

Read More

Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

Posted on by Admin
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities

A new bypass appears According to the aforementioned patch, we can see that if we can bypass the volume path check at line 81, then the system_installd service will spawn the script directly instead of resorting to the isolated XPC service. The question then is, how can we bypass the volume path check? Through debugging, we found that the destination volume path returned at line 80 is an arbitrary mounted DMG volume path that we…

Read More

Web3 IPFS Only Used for Phishing – So Far

Posted on by Admin
Web3 IPFS Only Used for Phishing – So Far

Web3 IPFS Only Used for Phishing – So Far Cloud We discuss the use of the InterPlanetary File System (IPFS) in phishing attacks. By: Matsukawa Bakuei, Morton Swimmer December 20, 2022 Read time:  ( words) Web3 has been garnering attention recently, but it has yet to be used for anything practical and widespread except for one thing: phishing. The concept of Web 3 encompasses a variety of technologies. In this article, we will ignore the…

Read More

A Closer Look at Windows Kernel Threats

Posted on by Admin
A Closer Look at Windows Kernel Threats

Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the telecommunication, business process outsourcing (BPO), managed security service provider (MSSP), and financial services industries. This month, SophosLabs also reported their…

Read More
1 3 4 5 6 7 18