ROS-20260610-73-0022

The vulnerability in Thunderbird relates to exploiting an authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions without being detected...

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils. There is a code vulnerability in uutils coreutils, which arises from the inability of printenv to display environment variables that contain invalid UTF-8 byte sequences. This could allow malicious environment...

54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new analysis of endpoint detection and response EDR killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver BYOVD by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusions as they offer a way...

CYPRESS: Transferring Secrets in the Shadow of Visible Packets

Network steganography and covert communication channels have been studied extensively in the past. However, prior works offer minimal practical use for their proposed techniques and are limited to specific use cases and network protocols. In this paper, we show that covert channels in networking...

University site cloned to evade ad detection distributes fake Cisco installer

There is a constant "cat and mouse" game between defenders and attackers, the latter trying to outsmart and get a head start on the former. In the context of online advertising, this involves creating fake identities or using stolen ones to push out malicious ads. An attacker not only needs to...

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader aka WailingCrab loader by means of a search engine optimization SEO campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics...

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint, entails the use of TryCloudflare to create a rate-limited tunnel that acts as a conduit to relay traffic from ...

CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique

In Zscaler Internet Access ZIA a mismatch between Connect Host and Client Hello's Server Name Indication SNI enables attackers to evade network security controls by hiding their communications within legitimate traffic...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...

Saints Turned Evil

Saints Turned Evil By Sushant Kumar Arya, Daksh Kapur and Rohan Shah · January 02, 2024 Attribution at the Bottom As technology advances, attackers are constantly developing new evasion mechanisms to bypass security products and stay one step ahead of security vendors and their products. We have...

New Mockingjay Process Injection Technique Could Let Malware Evade Detection

A new process injection technique dubbed Mockingjay could be exploited by threat actors to bypass security solutions to execute malicious code on compromised systems. "The injection is executed without space allocation, setting permissions or even starting a thread," Security Joes researchers...

Facebook clickbait leads to money scam for users

Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links. We recently observed a scheme where Facebook users are clicking on posts that lead to external websites set up for the sole purpose of scamming them out of hundreds of dollars via fa...

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index PyPI has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind...

Fake ROBLOX and Nintendo game cracks drop ChromeLoader malware

By Deeba Ahmed What's worse, in the new campaign, ChromeLoader malware evades detection by security software. This is a post from HackRead.com Read the original post: Fake ROBLOX and Nintendo game cracks drop ChromeLoader malware...

PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks

The PlugX remote access trojan has been observed masquerading as an open source Windows debugger tool called x64dbg in an attempt to circumvent security protections and gain control of a target system. "This file is a legitimate open-source debugger tool for Windows that is generally used to...

Sneaky New Orbit Malware Backdoors Linux Devices

A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found. The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores th...

CronRAT: A New Linux Malware That's Scheduled to Run on February 31st

Researchers have unearthed a new remote access trojan RAT for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-sid...

Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which wa...

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors impersonated the U.S. Department of Transportation USDOT in a two-day phishing campaign that used a combination of tactics – including creating new domains that mimic federal sites so as to appear to be legitimate – to evade security detections. Between Aug. 16-18, researchers at...