Lucene search
K

195 matches found

Malwarebytes
Malwarebytes
added 2022/12/13 1:0 p.m.74 views

Silence is golden partner for Truebot and Clop ransomware

A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...

9.3AI score0.36009EPSS
Exploits1
Talos Blog
Talos Blog
added 2022/09/28 12:12 p.m.97 views

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...

9.3CVSS0.9AI score0.99933EPSS
Exploits29
Malwarebytes
Malwarebytes
added 2022/08/31 8:0 p.m.15 views

Malwarebytes receives highest rankings in recent third-party tests

Malwarebytes Endpoint Protection continues to receive outstanding results in third-party testing. Our recent participation in two highly-regarded industry evaluations, namely MRG-Effitas and Info-Techs Data Quadrant Report, reflects our belief that continual testing and unbiased validation are...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/22 12:0 p.m.26 views

Cryptojackers growing in numbers and sophistication

With rising energy costs and increased volatility in the value of cryptocurrencies, we were bound to see a rise in malicious cryptomining, aka cryptojacking. If you dont know whether you will ever see a return on your investments in mining equipment, one will look for other opportunities. But if...

7.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/08/18 5:0 p.m.12 views

Hardware-based threat defense against increasingly complex cryptojackers

Even with the dip in the value of cryptocurrencies in the past few months, cryptojackers – trojanized coin miners that attackers distribute to use compromised devices’ computing power for their objectives – continue to be widespread. In the past several months, Microsoft Defender Antivirus detect...

0.3AI score
Exploits0
Securelist
Securelist
added 2022/08/15 12:0 p.m.68 views

IT threat evolution Q2 2022

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics Targeted attacks New technique for installing fileless malware Earlier this year, we discovered a malicious campaign that employed a new technique for installing...

9.3CVSS1.1AI score0.99677EPSS
Exploits164
The Hacker News
The Hacker News
added 2022/08/15 6:37 a.m.52 views

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index PyPI on August 6, 2022 and i...

0.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/07/27 12:0 a.m.18 views

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics...

2.7AI score
Exploits0
Kitploit
Kitploit
added 2022/05/31 12:30 p.m.78 views

K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way reverse shell. k0otkit is the combination of Kubernetes and...

8.6CVSS8.8AI score0.9857EPSS
Exploits114References1
The Hacker News
The Hacker News
added 2022/05/18 10:18 a.m.56 views

Hackers Gain Fileless Persistence on Targeted SQL Servers Using a Built-in Utility

Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/07 4:3 a.m.43 views

This New Fileless Malware Hides Shellcode in Windows Event Logs

A new malicious campaign has been spotted taking advantage of Windows event logs to stash chunks of shellcode for the first time in the wild. "It allows the 'fileless' last stage trojan to be hidden from plain sight in the file system," Kaspersky researcher Denis Legezo said in a technical write-...

0.5AI score
Exploits0
ThreatPost
ThreatPost
added 2022/05/04 1:24 p.m.40 views

Attackers Use Event Logs to Hide Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...

7.6AI score
Exploits0References1
Securelist
Securelist
added 2022/05/04 10:0 a.m.41 views

A new secret stash for “fileless” malware

In February 2022 we observed the technique of putting the shellcode into Windows event logs for the first time "in the wild" during the malicious campaign. It allows the "fileless" last stage Trojan to be hidden from plain sight in the file system. Such attention to the event logs in the campaign...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2022/03/16 11:30 a.m.26 views

WMEye - A Post Exploitation Tool That Uses WMI Event Filter And MSBuild Execution For Lateral Movement

WMEye is an experimental tool that was developed when exploring about Windows WMI. The tool is developed for performing Lateral Movement using WMI and remote MSBuild Execution. It uploads the encoded/encrypted shellcode into remote targets WMI Class Property, create an event filter that when...

7.5AI score
Exploits0References1
HackRead
HackRead
added 2022/02/27 10:30 p.m.25 views

Meet SockDetour fileless backdoor targeting U.S. Defense contractors

By Deeba Ahmed Researchers suspect that the SockDetour backdoor is used in attacks carried out by an APT advanced persistent threat… This is a post from HackRead.com Read the original post: Meet SockDetour fileless backdoor targeting U.S. Defense contractors...

2.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/25 5:21 p.m.65 views

New "SockDetour" Fileless, Socketless Backdoor Targets U.S. Defense Contractors

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to...

10CVSS0.5AI score0.78395EPSS
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/12/17 12:0 a.m.10 views

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign...

3.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/12/16 1:45 p.m.45 views

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...

7.5AI score
Exploits0References7
Kitploit
Kitploit
added 2021/12/08 11:30 a.m.34 views

Fileless-Xec - Stealth Dropper Executing Remote Binaries Without Dropping Them On Disk

Certainly useful , mainly for fun, rougly inspired by 0x00 article Pentest use: fileless-xec is used on target machine to stealthy execute a binary file located on attacker machine Short story fileless-xec enable us to execute a remote binary on a local machine directly from memory without droppi...

7.5AI score
Exploits0References13
Malwarebytes
Malwarebytes
added 2021/11/01 11:33 a.m.30 views

A week in security (Oct 25 – Oct 31)

Last week on Malwarebytes Labs Beyond the VPN: Ultimate online privacy with the Tor Project’s Isabela Bagueros: Lock and Code S02E20 Patch now to bypass Firefox add-ons that abuse the proxy API to deny updates How social media mistakes can impact cybersecurity Update now! Apple patches bugs in iO...

0.4AI score
Exploits0
Rows per page
Query Builder