Lucene search
K

323 matches found

The Hacker News
The Hacker News
added 2022/02/01 10:28 a.m.43 views

Iranian Hackers Using New PowerShell Backdoor in Cyber Espionage Attacks

An advanced persistent threat group with links to Iran has updated its malware toolset to include a novel PowerShell-based implant called PowerLess Backdoor, according to new research published by Cybereason. The Boston-headquartered cybersecurity company attributed the malware to a hacking group...

2AI score
Exploits0
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2022/01/14 10:26 a.m.14 views

What is RAT Remote Access Trojan ❓ Detection and Removal

Introduction Humans live in the 21st century where a large portion of our exchanges are taken care of on the web. Thus, people, businesses and organizations are presented with new online protection dangers. A significant number of these digital dangers will break into your framework and challenge...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/12/16 10:19 a.m.45 views

New Fileless Malware Uses Windows Registry as Storage to Evade Detection

A new JavaScript-based remote access Trojan RAT propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial...

0.9AI score
Exploits0
Packet Storm
Packet Storm
added 2021/09/10 12:0 a.m.290 views

Backdoor.Win32.VB.awm Authentication Bypass / Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2271d942a23a89d7adea524d4ac3c13f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.awm Vulnerability: Authentication Bypass - Information Leakage Description: The...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/02 10:7 a.m.42 views

Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2021/07/29 10:5 a.m.50 views

Threat Spotlight: Solarmarker

By Andrew Windsor, with contributions from Chris Neal. Executive summaryCisco Talos has observed new activity from Solarmarker, a highly modular .NET-based information stealer and keylogger.A previous staging module, "d.m," used with this malware has been replaced by a new module dubbed... This i...

1.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/21 10:0 a.m.92 views

MacOS Being Picked Apart by $49 XLoader Data Stealer

There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...

7.4AI score
Exploits0References13
Kitploit
Kitploit
added 2021/06/14 12:30 p.m.257 views

Redpill - Assist Reverse Tcp Shells In Post-Exploration Tasks

Project Description The redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to use unconventional ways to access target system, such as reverse tcp shells not metasploit in order to bypass the defenses implemented by the system...

7.8AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2021/04/09 4:31 p.m.53 views

Investigating a unique “form” of email delivery for IcedID malware

Microsoft threat analysts have been tracking activity where contact forms published on websites are abused to deliver malicious links to enterprises using emails with fake legal threats. The emails instruct recipients to click a link to review supposed evidence behind their allegations, but are...

0.5AI score
Exploits0
Kitploit
Kitploit
added 2021/02/24 8:30 p.m.36 views

BlackMamba - C2/post-exploitation Framework

BlackMamba is a multi client C2/post exploitation framework with some spyware features. Powered by Python 3.8.6 and QT Framework. Some of BlackMamba features are: Multi Client - Supports multiple client connections at the same time. Real Time Communication Updates - Real time communication and...

7.9AI score
Exploits0References4
The Hacker News
The Hacker News
added 2021/02/02 2:0 p.m.58 views

Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/02 2:0 p.m.4 views

Agent Tesla Malware Spotted Using New Delivery & Evasion Techniques

Security researchers on Tuesday uncovered new delivery and evasion techniques adopted by Agent Tesla remote access trojan RAT to get around defense barriers and monitor its victims. Typically spread through social engineering lures, the Windows spyware not only now targets Microsoft's Antimalware...

5.9AI score
Exploits0
HackRead
HackRead
added 2021/01/06 1:40 a.m.51 views

ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices

By Waqas The undetected ElectroRat malware is capable of stealing private keys to access victims’ wallets and also run keylogger on a targeted device. This is a post from HackRead.com Read the original post: ElectroRat crypto-stealing malware hits MacOS, Windows, Linux devices...

2.9AI score
Exploits0
ThreatPost
ThreatPost
added 2020/12/15 4:47 p.m.35 views

Agent Tesla Keylogger Gets Data Theft and Targeting Update

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging designed to record keystrokes made by a user in order to exfiltrate data...

0.8AI score
Exploits0References10
Kitploit
Kitploit
added 2020/11/10 11:30 a.m.36 views

paradoxiaRAT - Native Windows Remote Access Tool

Paradoxia Remote Access Tool. Features Paradoxia Console Feature | Description ---|--- Easy to use | Paradoxia is extremely easy to use, So far the easiest rat! Root Shell | - Automatic Client build | Build Paradoxia Client easily with or without the icon of your choice. Multithreaded |...

7.5AI score
Exploits0References6
0day.today
0day.today
added 2020/11/08 12:0 a.m.404 views

GovRAT 2.0 - FUD unknown RAT with special functions

This RAT was written by me and cannot be blocked. FUD tested with the strictest firewall policies. You are buying the source code + digital certificate to sign your files. I can also host the C&C for you for extra Functions: Access C&C with any browser. Compile C&C for Linux OR Windows. VALID...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2020/10/19 4:7 p.m.40 views

Informatica: Improper Sanitization leads to XSS Fire on admin panel

Summary Because the HTML is not sanitized when taking the input on https://accounts.informatica.com/registration.html, the input is vulnerable to XSS. When a payload such as " is put into the form under company it triggers a blind xss. When the payload successfully is loaded, it dumps information...

5.7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/09/23 3:27 p.m.269 views

CISA: LokiBot Stealer Storms Into a Resurgence

The U.S. Cybersecurity and Infrastructure Security Agency CISA is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. The uptick started in July, according to the agency, and activity has remained “persistent” ever since. LokiBot targets Windows and...

9.3CVSS1.4AI score0.99945EPSS
Exploits33References8
The Hacker News
The Hacker News
added 2020/09/18 8:45 a.m.43 views

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security MOIS for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors...

1AI score
Exploits0
FireEye
FireEye
added 2020/08/06 12:0 a.m.24 views

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

0.1AI score
Exploits0References22
Rows per page
Query Builder