FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdaySecurity

JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware

By: Newsroom
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 (CVSS score: 8.7), impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 that allows users to create,

How to Conduct Advanced Static Analysis in a Malware Sandbox

By: The Hacker News
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to

Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware

By: Newsroom
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language. "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara&nbsp

How to Analyze Malware’s Network Traffic in A Sandbox

By: The Hacker News
Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure

Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.

By: Newsroom
Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. "This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and provide different backdoor functionalities," Palo Alto Networks Unit 42 researcher Chema Garcia 

7 Uses for Generative AI to Enhance Security Operations

By: The Hacker News
Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence (AI) techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to generate realistic and diverse outputs. When it comes to security operations, Generative AI can

ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

By: Newsroom
The macOS information stealer known as Atomic is now being delivered to target via a bogus web browser update chain tracked as ClearFake. "This may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system," Malwarebytes' JΓ©rΓ΄me SeguraΒ saidΒ in a Tuesday analysis. Atomic

How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography

By: The Hacker News
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them. Quishing Quishing, a phishing technique resulting from the

New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks

By: Newsroom
Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. DubbedΒ BiBi-Windows WiperΒ by BlackBerry, the wiper is the Windows counterpart ofΒ BiBi-Linux Wiper, which has been put to use by a pro-Hamas hacktivist group in the wake of the Israel-Hamas war last month. "The Windows variant [...

Inside the Code of a New XWorm Variant

By: The Hacker News
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.Β  Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power.Β  The analyst team atΒ ANY.RUNΒ came across the newest

LimeRAT Malware Analysis: Extracting the Config

By: The Hacker News
Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN'sΒ Q1 2023 reportΒ on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data

How to Build a Research Lab for Reverse Engineering β€” 4 Ways

By: The Hacker News
Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous β€” it requires specialized tools to record their activity, and a secure environment to prevent unintended damage. However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse

How to Detect New Threats via Suspicious Activities

By: The Hacker News
Unknown malware presents a significant cybersecurity threat and can cause serious damage to organizations and individuals alike. When left undetected, malicious code can gain access to confidential information, corrupt data, and allow attackers to gain control of systems. Find out how to avoid these circumstances and detect unknown malicious behavior efficiently.Β  Challenges of new threats'

3 Lifehacks While Analyzing Orcus RAT in a Malware Sandbox

By: The Hacker News
OrcusΒ is a Remote Access Trojan with some distinctive characteristics. The RAT allows attackers to create plugins and offers a robust core feature set that makes it quite a dangerous malicious program in its class. RAT is quite a stable type that always makes it to the top. ANY.RUN’s top malware types in 2022 That's why you'll definitely come across this type in your practice, and the Orcus

How to Do Malware Analysis?

By: The Hacker News
Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigation and how to do malware analysis with a sandbox. What is malware analysis?Β  Malware analysis is a

Troystealer malware: What it is, how it works and how to prevent it | Malware spotlight

By: Pedro Tavares

We are living in an era where malware is part of our daily lives. Emergent campaigns are increasing, each more sophisticated and harder to detect than the last. Malware can reveal itself through different abnormal behaviors, including a giant wave of annoying ads flooding your screen, your system crashing, blocks or repeatedly showing a BSOD […]

The post Troystealer malware: What it is, how it works and how to prevent it | Malware spotlight appeared first on Infosec Resources.

Troystealer malware: What it is, how it works and how to prevent it | Malware spotlight was first posted on October 15, 2020 at 8:03 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Fake STOP/DJVU decryptor malware: What it is, how it works and how to prevent it

By: Greg Belding

Introduction Imagine a situation where criminals steal access to your property. They offer you a seemingly valid solution in the way of a tool that will give you your access back. But you use that solution and yet you still do not have access? Welcome to the nightmarish world of STOP/DJVU β€” a ransomware that […]

The post Fake STOP/DJVU decryptor malware: What it is, how it works and how to prevent it appeared first on Infosec Resources.

Fake STOP/DJVU decryptor malware: What it is, how it works and how to prevent it was first posted on October 14, 2020 at 8:00 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Inside the Lyceum/Hexane malware

By: Howard Poston

The Lyceum/Hexane Cybercrime Group Lyceum and Hexane are two industry designations for an APT group that was discovered in August 2019 and was operating without detection for at least a year and possibly since April 2018. The Lyceum/Hexane APT focuses their attacks on companies within the oil, gas and telecommunications industries operating in the Middle […]

The post Inside the Lyceum/Hexane malware appeared first on Infosec Resources.

Inside the Lyceum/Hexane malware was first posted on October 7, 2020 at 8:01 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Tycoon malware: What it is, how it works and how to prevent it | Malware spotlight

By: Greg Belding

Introduction It has been said that a picture is worth a thousand words. In the world of malware, a picture is worth an infection β€” in other words, a picture can actually be the malware (ransomware, specifically in this case) that initially infects the compromised machine. This malware is called Tycoon and it uses an […]

The post Tycoon malware: What it is, how it works and how to prevent it | Malware spotlight appeared first on Infosec Resources.

Tycoon malware: What it is, how it works and how to prevent it | Malware spotlight was first posted on October 1, 2020 at 8:03 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
❌