Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack

Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins...

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...

North Korean Hackers Used 'Torisma' Spyware in Job Offers-based Attacks

A cyberespionage campaign aimed at aerospace and defense sectors in order to install data gathering implants on victims' machines for purposes of surveillance and data exfiltration may have been more sophisticated than previously thought. The attacks, which targeted IP-addresses belonging to...

charlestondentalimplants.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1176144 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Proton Framework - A Windows Post Exploitation Framework Similar To Other Penetration Testing Tools Such As Meterpreter And Powershell Invader Framework

About Proton Framework Proton Framework is a Windows post exploitation framework similar to other penetration testing tools such as Meterpreter and Powershell Invader Framework. The major difference is that the Proton Framework does most of its operations using Windows Script Host a.k.a...

Guarding against supply chain attacks—Part 2: Hardware risks

The challenge and benefit of technology today is that it’s entirely global in nature. This reality is brought into focus when companies assess their supply chains, and look for ways to identify, assess, and manage risks across the supply chain of an enterprise. Part 2 of the “Guarding against...

IT threat evolution Q3 2019

Targeted attacks and malware campaigns Mobile espionage targeting the Middle East At the end of June we reported the details of a highly targeted campaign that we dubbed 'Operation ViceLeaker' involving the spread of malicious Android samples via instant messaging. The campaign affected several...

Protect

VM appliance lack of root file system integrity check may allow an attacker with read/write access to the VM image before it is booted up to inject malicious implants in the image...

FudgeC2 - A Collaborative C2 Framework For Purple-Teaming Written In Python3, Powershell And .NET

FudgeC2 is a campaign orientated Powershell C2 framework built on Python3/Flask - Designed for team collaboration, client interaction, campaign timelining, and usage visibility. Note: FudgeC2 is currently in alpha stage, and should be used with caution in non-test environments. Setup Installation...

Nuages - A Modular C2 Framework

Nuages is a modular C2 framework. Refer to the Wiki for documentation, do not hesitate to open issues for help, bug reports or feature requests Introduction Nuages aims at being a C2 framework in which back end elements are open source, whilst implants and handlers must be developed ad hoc by...

CVE-2019-6695

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods...

Security Watch: Elon Musk's NeuraLink Links Brains to iPhones via Bluetooth

Technologist Elon Musk has unveiled a plan for embedding Bluetooth-enabled implants into a human brain, to enable disabled persons to regain motor and cognitive function. IT experts however noted that along with FDA approval, the idea faces hurdles in the form of significant scrutiny on the...

Latest FinSpy Modules Lift Data from Secure Messaging Apps

The latest iOS and Android versions of the FinSpy espionage malware have been deployed in the wild, and are capable of collecting a raft of personal information such as contacts, SMS/MMS messages, emails, calendars, GPS location, photos, files in memory, phone call recordings and data – even from...

New FinSpy iOS and Android implants revealed ITW

Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...

Hidden Bee: Let’s go down the rabbit hole

Some time ago, we discussed the interesting malware, Hidden Bee. It is a Chinese miner, composed of userland components, as well as of a bootkit part. One of its unique features is a custom format used for some of the high-level elements this format was featured in my recent presentation at SAS...

SAS 2019: Gaza Cybergang Blends Sophistication Levels in Highly Effective Spy Effort

SINGAPORE — Around 240 high-profile victims in 39 countries worldwide have become victims of an APT cyber-espionage attack, led by an organization dubbed the Gaza Cybergang that comprises several groups of varying sophistication. The victims, who were all targeted last year, include political,...

Pe-Sieve - Recognizes And Dumps A Variety Of Potentially Malicious Implants (Replaced/Injected PEs, Shellcodes, Hooks, In-Memory Patches)

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory...

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...

Hackers attacking your memories: science fiction or future threat?

Authors: Kaspersky Lab and the Oxford University Functional Neurosurgery Group There is an episode in the dystopian near-future series Black Mirror about an implanted chip that allows users to record and replay everything they see and hear. A recent YouGov survey found that 29% of viewers would b...

China Chip Hack Shines Spotlight on Hardware and Supply-Chain Risk

Recent revelations in the press regarding hardware implants and supply-chain compromise are troubling and should be seen as an opportunity to assess our current threat model and security approach. This recently revealed situation is the hardware analogue to the software supply chain compromises w...