15 matches found
LodaRAT: Established Malware, New Victim Patterns
Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...
Incident response analyst report 2023
Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents...
Water Orthrus Targets Chinese Users with CopperStealth and CopperPhish
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Water Orthrus has recently launched two new campaigns, CopperStealth and CopperPhish, where CopperStealth employs rootkit techniques, while CopperPhish globally distributes a phishing kit through PPI...
Emotet’s back and it isn’t wasting any time
Emotet is one of the best known, and most dangerous, malware threats of the past several years. On several occasions it appeared to take an early retirement, but it has always came back. In January of this year, a global police operation dismantled Emotets botnet. Law enforcement then used their...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment
Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...
The mystery of the Silver Sparrow Mac malware
Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apples new M1 chips, but what is unknown about this malware is actually more interesting than what is...
iSCSI unauthorized access vulnerability, tens of thousands of iSCSI are likely to be affected-vulnerability warning-the black bar safety net
! Overview iSCSI Internet Small Computer System Interface Internet small computer system interface, also known as IP-SAN, is an Internet-based and SCSI-3 protocols storage technology, by the IETF, proposed, and 2003 2 May 11, became the official standard. 2019 4 December 17, white cap sinks a...
Apache Struts2 remote code execution vulnerability S2-045 technical analysis and protection solution-vulnerability warning-the black bar safety net
Apache Struts2 Jakarta Multipart parser plug-ins the presence of a remote code execution vulnerability, the vulnerability number is CNNVD-201703-152。 The attacker can use the plugin to upload a file, modify the HTTP request header Content-Type value to trigger the vulnerability leads to remote co...
International air ticket booking system has loopholes, and can easily cancel, modify, flight reservation-vulnerability warning-the black bar safety net
! From the foreign media, CSO reports, the foreign tens of millions of people every day with the“trip booking system”very unsafe, lack of proper identity authentication scheme. Attackers exploit system weaknesses, and be able to easily change the passenger reservation, cancel the person's flight...
Malware More Globally Distributed, Still Made in China
In an attempt to better evade detection, cybercriminals are increasingly configuring their command and control infrastructure in such a way that initial malware callbacks communicate with a server located in the same country as the newly infected machines. This emerging trend is among the vast an...
Spam Botnet Gaining Traction
Upping its output of spam by nearly 5 percent in recent weeks, a new botnet called Festi has grabbed the attention of researchers, cracking the list of top 10 most prolific spamming botnets. The botnet has apparently pumped up the volume of spam by recruiting more bots, about 60 percent of which...
WINDOWSSERVER2022HOTPATCH:SERVER:GDR:BR:10.0.20348.3091:UnifiedCumulativeSecurity:
This detectoid will be used for targeting Baseline version 10.0.20348.3091 for GDR...
WINDOWSSERVER2022HOTPATCH:SERVER:GDR:BR:10.0.20348.2227:UnifiedCumulativeHotpatch:
This detectoid will be used for targeting baseline version10.0.20348.2227 for GDR...
WINDOWSSERVER2022HOTPATCH:SERVER:GDR:BR:10.0.20348.4648:UnifiedCumulativeHotpatch:
This detectoid will be used for targeting baseline version10.0.20348.4648 for GDR...