Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers

Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode...

WINTAPIX Kernel Driver Targeting Middle Eastern Nations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment. To receive real-ti...

APT15 enhanced its arsenal with an updated variant of the Turian backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT15 has modified its toolkit to include new variants of the Turian backdoor, as well as new command and control infrastructure. The malware contains VMProtect, which obfuscates all API calls within the...

RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...

Metamorfo Returns with Keylogger Trick to Target Financial Firms

Researchers have discovered a recent spate of phishing emails spreading a new variant of Metamorfo, a financial malware known for targeting Brazilian companies. Now, however, it’s expanding its geographic range and adding a new technique. Metamorfo was first discovered in April 2018, in various...

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday. Adobe has just issued a patch for the previously unknown critical flaw. The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code executio...

Analyzing malware by API calls

Over the last quarter, we've seen an increase in malware using packers, crypters, and protectors—all methods used to obfuscate malicious code from systems or programs attempting to identify it. These packers make it very hard, or next to impossible to perform static analysis. The growing number o...

Threat Actors Target Chinese Language News Sites

A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware...

Any combination of instructions to achieve free kill-vulnerability warning-the black bar safety net

Note:writing flower instructions,refer to the following pairs of instructions,can be arbitrary free combination. Free to killeffect. push ebp pop ebp push eax pop eax push esp pop esp push 0 push 0 push 1 0 -------which numbers can be arbitrary,note the following correspondence push -10...

PcShare full free kill processing ideas-vulnerability warning-the black bar safety net

PcShare fullfree killprocessing ideas Pcshare software package within update 1 3 files 8 of which have the color of the icon is the function of the plug-in generally combined with good shell Beidou 2. 6 like a good Shell you can. 关键 处理 PcClient.dll PcInit.exe PcHide. sys three files. These days 0...