DGA is one of the classic techniques for botnets to hide their C2s, attacker only needs to selectively register a very small number of C2 domains, while for the defenders, it is difficult to determine in advance which domain names will be generated and registered.
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users’ accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.
A critical flaw in multiple models of DrayTek Vigor routers can allow unauthenticated, remote attackers to fully compromise affected devices.
Among the threat actors distributing Bumblebee is Projector Libra. Also known as EXOTIC LILY, Projector Libra is a criminal group that uses file sharing services to distribute malware after direct email correspondence with a potential victim.
A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else’s email.
Just over a year ago, we wrote about a “cybersecurity researcher” who posted almost 4000 pointlessly poisoned Python packages to the popular repository PyPI.
The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year.
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.
ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here.
JusTalk, a popular mobile video calling and messaging app with 20 million global users, exposed a massive database of supposedly private messages to the public Internet for months.
Cyble Research Labs has been actively monitoring various Stealers and blogging about them to keep our readers aware and informed. Recently, we came across a malware sample which turned out to be a new malware variant named “LOLI Stealer.”
97% of top universities in the US, UK and Australia putting students, staff, and stakeholders at risk of being impersonated by cybercriminals
SolidBit Ransomware Enters the RaaS Scene and Takes Aim at Gamers and Social Media Users With New Variant
This blog entry offers a technical analysis of a new SolidBit variant that is posing as different applications to lure gamers and social media users.
Even though the request is an HTTP GET, it sends two bytes that are 0x191a as data. The reply is always the same, consisting of five bytes 0x1a1a6e0429. This is the C2 standard reply, which does not correspond to any kind of action on the implant.
The founder and leader of the crowdsourced pro-Russian hacktivists Killnet announced his plans to leave the group after an upcoming hack and leak operation against Lockheed Martin. Killnet is part of a new breed of cyberwarfare that emerged during Russia’s invasion of Ukraine.
A team of Ukrainian cyber-activists has thought of a simple yet potentially effective way to spread uncensored information in Russia: bundling torrents with text and video files pretending to include installation instructions.
Fileless malware uses a computer system’s built-in tools to execute a cyberattack. In other words, fileless malware takes advantage of the vulnerabilities present in installed software to facilitate an attack.
The ASEC analysis team discovered that a malicious CHM file targeting certain Korean universities is distributed on a massive scale. The file that is being distributed is the same type as the one discussed in a post uploaded in May. Figure 1 shows the code of the HTM file inside the malicious CHM.
A ransomware attack on printing and mailing services provider OneTouchPoint is having several downstream effects on its customers, prompting it to release a data breach notice last week on behalf of 34 healthcare organizations.
Everybody has heard about the latest cool thing™, which is DALL·E 2 (henceforth called Dall-e). A few months ago, when the first previews started, it was basically everywhere.
A long ago, in a Jack in the Box drive-thru far, far away, an unknown Mark Hamill got fired for making clown voices. Many years later, owners probably biting their fingers, Mark is back with the clown voices, surprising fans with tales from the past… and autographs too!
And here they finally are. Walter White and Jesse Pinkman. As the latter would say: Yeah, bitch!