-
Feb 8, 2023
A Russian threat group, dubbed TA866 by Proofpoint, is suspected of using a new technique to steal sensitive information. The group has been taking screenshots of infected devices and uploading them to a remote server. The use of screenshots is… read more »
-
Feb 7, 2023
The first Linux version of the Clop ransomware has been discovered, with a flaw in its encryption algorithm that allows it to be decrypted without paying the ransom. Cybersecurity firm SentinelOne discovered the ELF version on 26 December 2022, and… read more »
-
Feb 6, 2023
Several e-commerce industries in South Korea and the United States are being targeted by a GuLoader malware campaign, according to a report from cybersecurity firm Trellix. The attack is notable for its transition from using malware-laden Microsoft Word documents to… read more »
-
Feb 3, 2023
I have released my new musical work, Komorebi: a 4-track album that explores the world of electronic, lo-fi music, with each track designed to create a relaxing and peaceful atmosphere. The title of the album, Komorebi, is a Japanese word… read more »
-
Feb 2, 2023
Kaspersky Lab cybersecurity experts have discovered a new version of the Prilex point-of-sale (PoS) malware that has been enhanced to target transactions using NFC technology and is believed to be the most advanced PoS threat to date. The Prilex malware… read more »
-
Feb 1, 2023
The National Institute of Standards and Technology (NIST) has released the Artificial Intelligence Risk Management Framework (AI RMF 1.0) which provides guidelines for organizations to manage risks and promote responsible use of AI systems. The framework outlines the characteristics of… read more »
-
Jan 31, 2023
TrickGate is a shellcode-based packer that has been operating successfully and undetected for over six years. It is offered as a service to other threat actors to help hide malware payloads behind a layer of wrapper code and bypass security… read more »
-
Jan 30, 2023
The UNC2565 group behind the GOOTLOADER malware continues to improve its code by adding new components and obfuscation techniques to evade detection. GOOTLOADER is a stealthy malware, classified as a first-stage downloader, designed to target Windows-based systems. It is considered… read more »
-
Jan 28, 2023
Cyber security firm ESET has reported that Ukraine has been hit by a new cyber attack from Russia using a previously undocumented data wiper called SwiftSlicer. The attack has been attributed to Sandworm, a nation-state group linked to Military Unit… read more »
-
Jan 27, 2023
Cyber-security researchers at Palo Alto Networks’ Unit 42 have discovered a new variant of the PlugX malware that can infect connected USB removable media devices to spread to additional systems. PlugX is a type of malware that is primarily used… read more »
-
Jan 25, 2023
Researchers at threat analytics firm Securonix have uncovered a new Python-based malware that has been spotted in the wild. The malware, named PY#RATION, is a remote access trojan (RAT) that gives its operators control over breached systems. According to Securonix,… read more »
-
Jan 25, 2023
Static malware analysis is the process of analysing malware samples without executing them. In this post, I’d like to share my basic workflow for static malware analysis, with tools and techniques that can be used at each stage. 1. File… read more »
-
Jan 22, 2023
A very short article that I think will be useful to DFIR colleagues. According to this article from Microsoft, after installing Windows 11 build 22H2, Windows events 4688 stopped working correctly. Event ID 4688 is a Windows security event that… read more »
-
Jan 21, 2023
The Russian state-sponsored cyber espionage group known as Gamaredon has been found to be using the popular messaging app Telegram in its recent attacks against Ukraine. The group, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa… read more »
-
Jan 20, 2023
A critical RCE (remote code execution) vulnerability has been discovered impacting multiple services related to Microsoft Azure, potentially allowing a malicious actor to completely take control of a targeted application. The vulnerability was discovered by Israeli cloud infrastructure security firm… read more »
-
Jan 19, 2023
Cybercriminals are increasingly using malicious LNK files as a way to gain initial access and download payloads such as Bumblebee, IcedID, and Qakbot. These malicious shortcut files are used to evade security solutions and infect victims’ computers with malware. A… read more »
-
Jan 18, 2023
Codespaces is a development environment that allows developers to easily set up, configure, and collaborate on projects from within GitHub. It allows users to customize their project by committing configuration files to their repository, which creates a repeatable configuration for… read more »
-
Jan 17, 2023
A threat actor known as Lolip0p has uploaded three rogue packages to the Python Package Index (PyPI) repository, which are designed to drop malware on compromised developer systems. According to a report by Fortinet the packages, named colorslib, httpslib and… read more »
-
Jan 16, 2023
Incident response is a critical component of any organization’s cybersecurity strategy. With the increasing use of cloud-based services, it’s essential to have the right tools in place to quickly and effectively respond to security incidents. In this post, I propose… read more »
-
Jan 15, 2023
After the LastPass databreach, doubts have been raised in the cybersecurity community about the actual security of password managers. Personally, I have always held a fairly unpopular opinion: password managers built into browsers are more secure than stand-alone. In this… read more »