My Weekly Roundup #146
EmoCheck Tool 2.2 Supports and Detects New 64-bit Variants of Emotet Malware
JPCERT/CC, Japan’s first CSIRT (Computer Security Incident Response Team), has released a new version of their open-source tool EmoCheck to identify new 64-bit variants of the Emotet malware, which started infecting users earlier this month.
In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware. The initial access vector for this case was an IcedID payload delivered via email.
Defeating BazarLoader Anti-Analysis Techniques
Malware authors embed multiple anti-analysis techniques in their code to retard the analysis processes of human analysts and sandboxes. However, there are ways defenders can defeat these techniques in turn.
Hive0117 Continues Fileless Malware Delivery in Eastern Europe
Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman.
Russia cyber case prompted big portion of FBI’s surveillance database searches in 2021
A Russian cyberthreat against U.S. critical infrastructure in the first half of 2021 prompted the FBI to query the database of a warrantless surveillance program nearly 2 million times as the bureau cast a wide net for useful information, officials said Friday.
Adventures in the land of BumbleBee
BUMBLEBEE is a new malicious loader that is being used by several threat actors and has been observed to download different malicious samples. The key points are:
Cloudflare detects one of the largest DDoS attacks on record targeting crypto platform
Internet infrastructure company Cloudflare said today that it mitigated one of the largest volumetric distributed denial of service (DDoS) attacks that has been recorded to date.
LAPSUS$: Recent techniques, tactics and procedures
This post describes the techniques, tactics and procedures we observed during recent LAPSUS$ incidents. LAPSUS$ first appeared publicly in December 2021, however, NCC Group first observed LAPSUS$ months prior during an incident response engagement.
ATT&CK Goes to v11: Structured Detections, Beta Sub-Techniques for Mobile, and ICS Joins the Band
Right on cue, ATT&CK’s latest release is out, and this time we’ve gone to v11! If you’ve been following along with our roadmap there shouldn’t be any huge surprises in store, but we wanted to take a chance to go over our latest changes.
Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping
Office365 Attacks: Bypassing MFA, Achieving Persistence and More - Part I APTs are actively attacking Office 365 (O365) – finding mechanisms to bypass MFA and to impersonate users regardless of whether you reset their passwords.
New Black Basta ransomware springs into action with a dozen breaches
A new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. The first known Black Basta attacks occurred in the second week of April, as the operation quickly began attacking companies worldwide.
Chinese state-backed hackers now target Russian state officers
Security researchers analyzing a phishing campaign targeting Russian officials found evidence that points to the China-based threat actor tracked as Mustang Panda (also known as HoneyMyte and Bronze President).
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
At the start of the year, Bitdefender noticed a RIG Exploit Kit campaign using CVE-2021-26411 exploits found in Internet Explorer to deliver RedLine Stealer, a low-cost password stealer sold on underground forums.
Google Confirms Record-Breaking 14 Serious Chrome Security Exploits Surprise In New Report
Google’s Project Zero security research team, on a mission to make zero-day exploits hard, has revealed that 2021 was a record-breaking year. In all, across multiple platforms, Project Zero detected and disclosed some 58 ‘in-the-wild’ zero-days. That’s record-breaker number one right there.
Scientists create paper-thin speakers that could be used like wallpaper
Every few decades, speakers get a little more immersive thanks to advancements in sound processing technologies and cheaper access to surround sound components. But what if you could literally turn all the walls in your home into one giant speaker?
Russia’s Apparently Using Military Dolphins to Protect Its Naval Base
Russia has enlisted the help of some new marine recruits in its ongoing invasion of Ukraine, deploying trained military dolphins to protect one of its naval bases in the Black Sea.
Pixel Watch prototype is left at a bar, gets photographed
The Pixel Watch had an iPhone 4 moment over the weekend. Just as Apple’s 2010 flagship leaked after being left at a bar, Google’s upcoming Pixel Watch was apparently lost and found at a restaurant.
You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results
Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address.
Elon Musk Says He Will Encrypt Twitter 2.0 Messages To Stop Spying
Elon Musk has been spitting a lot of ‘idea-balls’ against the wall since his Twitter takeover was announced. One of the most applauded, yet at the same time somewhat controversial, being the introduction of end-to-end encrypted direct messages to what you might call Twitter 2.0.
Facebook’s New Nightmare—Is It Time To Delete Your Account?
Facebook has been under fire recently, with explosive whistleblower allegations and continuing regulatory headaches. But things might have just got worse for Facebook’s 3 billion users—could it be the turning point that finally incentivises people to delete their accounts?
Netflix Cancels Space Force After 2 Seasons
The last week has been pretty rough for Netflix in terms of news; the big streamer has had some high profile cancellations and reports of layoffs. If you’re a fan of Space Force, their sci-fi military comedy series, bad news: it too has been canceled.
Doctor Strange in the Multiverse of Madness’ latest teaser would like you to meet the Illuminati
There’s only one week left until Doctor Strange in the Multiverse of Madness drops, but rather than waiting for news to spread by word of mouth, Marvel’s just dropped a new teaser featuring a cameo that might change the future of the MCU.
Opening credits for Star Trek: Strange New Worlds is giving us all the feels
Paramount+ debuted the official opening credits for Star Trek: Strange New Worlds on Twitter this morning, and the sequence leans heavily into fan nostalgia.
New Monkey Island Game: Yes To Hints, No To Pixel Art
Return to Monkey Island will have modern graphics and a hint system. Creator Rob Gilbert has explained that he’s had some major rethinks over what he calls a “new” Monkey Island game rather than “another” game in the series.