Aqua Security

JULY 19, 2023

Lately, we have seen a rise in the number of eBPF based tools used for malicious goals such as rootkits ( ebpfkit, TripleCross ) and malwares ( pamspy ). It is widely used by many security tools for monitoring kernel activity to detect and protect organizations.

Malware 96

Malware Linux Tools Organization 96

Aqua Security

AUGUST 11, 2022

In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected.

Malware 124

Malware 124

Ooda Loop

APRIL 9, 2024

The threat group behind a complex JavaScript remote access Trojan (RAT) known as JSOutProx has released a new version of the malware to target organizations in the Middle East. Resecurity, a cybersecurity services firm, is analyzing technical details of multiple instances of the malware targeting financial customers.

Malware 59

Malware Groups Organization 59

Aqua Security

SEPTEMBER 15, 2022

The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Over the past week we observed three different attacks on our honeypots. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure.

Malware 145

Malware Cloud Infrastructure 145

Ooda Loop

MARCH 28, 2024

Indian energy companies and government entities have been targeted with malware as a means of exfiltrating sensitive information. The malware is a type of updated open-source information stealer malware with the name HackBrowserData. This malware is able to exfiltrate sensitive information by […]

Malware 59

Malware Energy Open Source Government 59

Aqua Security

FEBRUARY 1, 2023

Known as HeadCrab , this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

Malware 145

Malware Research Cloud 145

CIO

AUGUST 24, 2022

The “sting” of a ransomware or malware attack is removed quickly, efficiently, and comprehensively. Who would have thought that the latest answer to cyberattacks was actually found in guaranteed cyber recovery on primary storage?

Malware 246

Malware Enterprise Disaster Recovery Storage 246

Prisma Clud

JUNE 22, 2023

Using WildFire in 2021 to analyze malicious files, our threat research team discovered a 73% increase in Cobalt Strike malware samples compared to 2020. The speed, volume and sophistication of modern malware attacks has made them more difficult to detect.

Malware 76

Malware Linux Windows Operating System 76

SecureWorks

APRIL 20, 2023

Type: Blogs Bumblebee Malware Distributed Via Trojanized Installer Downloads Restricting the download and execution of third-party software is critically important. Learn how CTU™ researchers observed Bumblebee malware distributed via trojanized installers for popular software such as Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.

Malware 91

Malware ChatGPT Research Software 91

Aqua Security

DECEMBER 2, 2020

Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. We found four container images in Docker Hub designed to execute fileless malware attacks.

Malware 128

Malware Research Resources 128

Ooda Loop

MARCH 6, 2024

Cado Security has issued a warning about a cryptojacking campaign leveraging Linux malware, which targets misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with innovative malicious payloads.

Malware 53

Malware Linux Cloud Innovation 53

Ooda Loop

JANUARY 10, 2024

The Dutch newspaper De Volkskrant’s investigation revealed a Dutch engineer recruited by the Netherlands’ intelligence services, the AIVD, likely played a role in deploying the Stuxnet malware at an Iranian nuclear facility.

Malware 83

Malware Engineering Recruiting Report 83

The Parallax

JANUARY 30, 2018

During a month that’s seen Android malware new and old plague the world’s most popular mobile operating system, Google says its Play Store is becoming more civilized and less like the Wild West. You have a lower probability of being infected by malware from Play than being hit by lightning,” Ahn says. READ MORE ON ANDROID SECURITY.

Malware 184

Malware Open Source Operating System Mobile 184

Lacework

JULY 15, 2022

This ancient technique has found its place in the world of malware, namely hiding malicious code within other files including image formatted files ( T1027.003 ). General indicators and signatures for steg malware are provided in the hunting section. Steg malware is uncommon relative to other malware. Malware Details.

Malware 96

Malware Network Storage Groups 96

SecureWorks

DECEMBER 9, 2022

Type: Blogs Drokbk Malware Uses GitHub as Dead Drop Resolver A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence. A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.

Malware 98

Malware Groups Research 98

SecureWorks

MARCH 8, 2022

Type: Blogs Excel Add-ins Deliver JSSLoader Malware The GOLD NIAGARA threat group has expanded its tactics for delivering the JSSLoader RAT, spoofing legitimate Microsoft Excel add-ins to infect systems. Learn how CTU researchers observed multiple malicious Microsoft Excel add-ins delivering JSSLoader malware.

Malware 90

Malware Research Groups System 90

Ooda Loop

FEBRUARY 23, 2024

A critical vulnerability affecting ConnectWise’s ScreenConnect remote desktop access product has been exploited widely, leading to the delivery of ransomware and other malware.

Malware 49

Malware Authentication 49

Ooda Loop

FEBRUARY 28, 2024

Despite the flaws being patched on January 31, with one addressed earlier, attackers continued to exploit them, specifically targeting a server-side request forgery (SSRF) vulnerability (CVE-2024-21893) to deploy new malware families such as […]

Malware 49

Malware Report 49

TechBeacon

AUGUST 27, 2020

Phones branded “ Tecno ” —made by Shenzhen Transsion Holdings—appear to be preinstalled with malware. Smartphone users in emerging markets are being ripped off by suspiciously cheap handsets.

Malware 145

Malware Marketing Mobile 145

Darktrace

APRIL 8, 2024

This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within customer environments which followed previously identified patterns of activity spikes across multiple weeks.

Malware 40

Malware Network 40

Lacework

SEPTEMBER 30, 2021

Key Takeaways IoT malware is becoming more popular for use in cloud attacks Typical usage of TLS in IoT malware is rare, but has been observed in suspected state-sponsored campaigns Lacework Labs recently observed what is believed to be a targeted attack using a TLS enabled version of Mirai dubbed “scsihelper” IoT malware (typically used [.].

Malware 80

Malware IoT Cloud 80

Darktrace

JANUARY 30, 2023

This blog post highlights the recent malvertising campaigns targeting Google searches that deploy info-stealer malware. It covers the attackers' techniques and provides a list of indicators of compromise. Recommendations for the general public are also included to help mitigate the risk of falling victim to such attacks.

Malware 85

Malware 85

Aqua Security

AUGUST 17, 2020

Now, Tracee is much more than just a system call tracer , it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when looking for hidden malware. Tracee can provide user s with timely insights that previously required special knowledge and tools.?.

Malware 134

Malware Open Source Analysis Tools 134

Symantec

FEBRUARY 16, 2023

Malware injects malicious code into Failed Request Event Buffering module in order to monitor HTTP requests from attacker.

Malware 98

Malware 98

Ooda Loop

DECEMBER 12, 2023

Cisco researchers recently observed the North Korea-linked Lazarus hacking group deploy three Dlang malware families against various targets in the manufacturing, agriculture, and physical security sectors.

Malware 45

Malware Programming Development Research 45

Lacework

OCTOBER 13, 2021

The post “Spytech Necro” – Keksec’s Latest Python Malware appeared first on Lacework.

Malware 92

Malware Analysis Infrastructure Tools 92

Ooda Loop

FEBRUARY 15, 2024

Microsoft’s threat intelligence team recently partnered with OpenAI to produce a report on threat actors using LLMs to streamline vulnerability research, targeting, and malware development.

Malware 45

Malware Research ChatGPT Groups 45

CIO

NOVEMBER 14, 2023

Malware is the top threat to IoT/OT With so many vulnerabilities plaguing IoT devices, these devices are attractive and relatively easy entry points into corporate networks for attackers. In fact, two notorious botnets, Mirai and Gafgyt, are major contributors to a recent surge in IoT malware attacks.

IoT 325

IoT Enterprise Malware Authentication 325

Strategy Driven

APRIL 11, 2023

As secure as Apple devices are, unfortunately, there’s no guaranteed way to ensure that they won’t fall foul of malware sneaking its way onto the devices from time to time. Adware Cleaner According to Apple , one of the easiest ways for spyware, trojans and malware in general to make their way onto devices is via Ads.

Malware 46

Malware Spyware Tools Applications 46

CIO

MARCH 26, 2024

Each quarter HP’s security experts highlight notable malware campaigns, trends and techniques identified by HP Wolf Security. The HP Threat Research team identified a new malware campaign that relied entirely on living-off-the-land tools. The attackers impersonated a shipping company to spread Vjw0rm and Houdini script malware.2

Trends 130

Trends Malware Hotels Windows 130

Tenable

AUGUST 4, 2022

Analyzing the Vulnerabilities Associated with the Top Malware Strains of 2021. International cybersecurity agencies issue a joint alert outlining the top malware strains of 2021. While malware is used for a variety of purposes, the government agencies point out that ransomware is a primary use case. Background. Description.

Malware 74

Malware Windows SMB Groups 74

Symantec

APRIL 28, 2019

SGX-based malware may not be as troublesome as believed. We'll explain why that is and how Symantec is ready to deal with such malware if they were to appear.

Malware 102

Malware 102

Ooda Loop

JANUARY 29, 2024

The Chinese cyberespionage group, Blackwood, has been caught delivering malware to entities in China and Japan.

Malware 45

Malware Groups Software 45

Tenable

SEPTEMBER 12, 2023

What are the top 3 malware variants in Q2 2023? What matters most to security leaders in 2023? Why is CISA urging AI vendors to apply secure by design practices to software products? Here’s what’s happening in cyber. Watch this week’s episode below and subscribe to our playlist on YouTube.

Malware 63

Malware Video Software 63

Lacework

FEBRUARY 27, 2023

James CondonDirector of Research, Lacework Labs This malware sample may unlock your variable naming writer’s block. Have you ever tried using your favorite foods? We hadn’t either until we came across this one. This Bash script was seen following the Confluence exploits we recently blogged about.

Malware 52

Malware Research 52

Dots and Bridges

JULY 23, 2021

The Ransomware and Malware Conundrum. This high-level session provides real answers for protection and prevention from Ransomware and Malware for an ever- expanding federal network enterprise. The Ransomware and Malware Conundrum – Hosted by Electrosoft and Capital Technology University. Electrosoft Services, Inc.

Malware 52

Malware Virtualization Network Enterprise 52

Darktrace

MARCH 22, 2023

Amadey Info-stealer malware was detected across over 30 customers between August and December 2022, spanning various regions and industry verticals. This blog highlights the resurgence of Malware as a Service (MaaS) and the leveraging of existing N-Day vulnerabilities in SmokeLoader campaigns to launch Amadey on customers’ networks.

Malware 59

Malware Analysis Research Network 59