Elie

FEBRUARY 24, 2020

Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones.

IT 118

IT 118

Security Affairs

FEBRUARY 12, 2024

According to court documents, the FBI covertly purchased and analyzed the Warzone RAT. and three related domains, which together offered for sale the Warzone RAT malware — a sophisticated remote access trojan (RAT) capable of enabling cybercriminals to surreptitiously connect to victims’ computers for malicious purposes.”

Sales 107

Sales Access Passwords Information Security 107

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. What’re malicious files?

Libraries 103

Libraries Metadata Education Security 103

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. According to Google, since the end of 2019, the use of the new scanners allowed to increase the daily detection of weaponized Office documents by 10%. of threats that attempt to target Gmail users.

Phishing 117

Phishing IT Security Information Security 117

Security Affairs

NOVEMBER 21, 2021

The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick victims opening the malicious email used as the attack vector. The attacks were orchestrated by Squirrelwaffle , a threat actor known for sending malicious spam as replies to existing email chains. ” concludes the analysis.

Security 138

Security Access IT Information Security 138

Security Affairs

MAY 11, 2021

Court documents revealed that the infamous XcodeGhost malware, which has been active since 2015, infected 128 million iOS users. Documents provided in a court case that sees Epic Games v. The mass hack was the result of the availability of 4000 malicious apps in the App Store, the apps were found containing the XCodeGhost Malware.

Passwords 111

Passwords Privacy IT Security 111

eSecurity Planet

NOVEMBER 7, 2022

Python, PowerShell , Java) Analyzing memory for code injections and other malicious activities Examining suspicious documents (such as PDFs, Microsoft Office, emails). We’ll examine the pros and cons, but REMnux is definitely a great asset for those who want to focus on their work and skip the “installation hell.”. REMnux Pros.

Ransomware 124

Ransomware Security IT Cybersecurity 124

Security Affairs

MARCH 31, 2022

The Morphisec Labs researchers analyzed a new malware, tracked as Mars stealer, which is based on the older Oski Stealer. . Morphisec Labs recently discovered the Mars stealer that was spreading masqueraded as malicious software cracks and keygens. The malicious code was offered only $160 for a lifetime subscription.

Sales 90

Sales Passwords Access IT 90

The Last Watchdog

OCTOBER 20, 2023

“Unauthorised transactions made with the help of lost or stolen credit cards, counterfeit cards, ID document forgery and identity theft, fake identification, email phishing, and imposter scams are among the most common types of payment fraud today.” Cloud technologies also play an important role in the latest anti-fraud developments.

Artificial Intelligence 100

Artificial Intelligence Cybersecurity Big data Cloud 100

Security Affairs

NOVEMBER 9, 2022

“Amadey Bot, the malware that is used to install LockBit, is being distributed through two methods: one using a malicious Word document file, and the other using an executable that takes the disguise of the Word file icon.” The malicious Microsoft Word document (“ ???.docx ” concludes the report.

Ransomware 96

Ransomware Sales Phishing Security 96

Security Affairs

MARCH 14, 2024

In the campaign observed by ZDI, threat actors used PDF documents lures that contained Google DoubleClick Digital Marketing (DDM) open redirects. The victims were redirected to compromised sites hosting the exploit for the Microsoft Windows SmartScreen bypass flaw CVE-2024-21412 that led to malicious Microsoft (.MSI) MSI) installers.

Phishing 111

Phishing Marketing Cybersecurity Security 111

Security Affairs

JANUARY 7, 2023

Experts at IBM X-Force that first analyzed it noticed that the threat does not borrow code from other banking malware, but the malicious code implements comparable capabilities, including launching man-in-the-browser attacks, and intercepting and stealing financial information from victims. com/products/app/ZoomInstallerFull[.]exe.

Phishing 95

Phishing Libraries Cybersecurity IT 95

Security Affairs

JUNE 12, 2020

Russia-linked Gamaredon APT use a new module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. OTM file) that was specifically designed to target Microsoft Outlook email client with malicious macro scripts. ” read the post published by ESET.

Military 112

Military Phishing Government IT 112

Security Affairs

NOVEMBER 27, 2021

Other IKEA organisations, suppliers, and business partners are compromised by the same attack and are further spreading malicious emails to persons in Inter IKEA,” reads the emails sent by IKEA to its employees. The emails use weaponized Office documents or include a link to them.

Phishing 140

Phishing Access Archiving Ransomware 140

Security Affairs

JUNE 17, 2021

The decoy content displayed by the malicious files employed in the attacks often made use of political themes and involved images or videos of resistance bases or strikes against the Iranian regime, a circumstance that suggests the attack is aimed at potential supporters of such movements within the country.

Ransomware 128

Ransomware Security Cybersecurity IT 128

Security Affairs

JANUARY 3, 2024

These frameworks enable the creation of complex and sophisticated Business Email Compromise (BEC) campaigns, and generation of contents for “Money Mule” spam used in money laundering schemes, and the provision of pre-made malicious strategies and tools.

Artificial Intelligence 121

Artificial Intelligence Phishing Government Cybersecurity 121

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. The vulnerability is caused by the poor sanitization of malicious SVG documents before they are incorporated into the HTML page interpreted by a Roundcube user.

Military 118

Military Government Phishing IT 118

Security Affairs

SEPTEMBER 4, 2022

SafeBreach Labs researchers recently analyzed a new targeted attack aimed at Farsi-speaking code developers. The attackers used a Microsoft Word document that included a Microsoft Dynamic Data Exchange (DDE) exploit along with a previously undiscovered remote access trojan (RAT), tracked as CodeRAT by SafeBreach Labs researchers.

e-Discovery 98

e-Discovery Communications Government Access 98

Security Affairs

JANUARY 27, 2022

North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent attacks, Malwarebytes researchers reported. Both documents were compiled on 2020-04-24, but experts believe that they have been used in a campaign around late December 2021 and early 2022.

Metadata 87

Metadata Phishing Communications Ransomware 87

Security Affairs

MARCH 27, 2023

In a recent campaign analyzed by Trend Micro, the threat actors used spear-phishing emails and Google Drive links as attack vectors. To bypass email-scanning services, the threat actors started embedding the Google Drive link in a lure document. The link points to a password-protected archive, the document also includes the password.

Archiving 92

Archiving Phishing Passwords Government 92

Security Affairs

JANUARY 10, 2022

In December, Cado Security experts found a new version of a malicious shell script targeting insecure cloud instances running under the above Chinese cloud hosting providers. The security firm analyzed a total of six versions of the botnet since November. ” concludes the report.

Mining 95

Mining Honeypots Cloud Security 95

Security Affairs

JULY 19, 2022

The malware was designed to spy on the target systems, exfiltrate documents, acquire keystrokes, and screen captures. CloudMensis was developed in Objective-C, the samples analyzed by ESET are compiled for both Intel and Apple architectures. In the sample we analyzed, pCloud was used to store and deliver the second stage.

Cloud 97

Cloud Authentication Access Communications 97

Security Affairs

MARCH 3, 2020

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. The Kimsuky APT group has been analyzed by several security teams. By analyzing its contents, we noticed that it is used to delete the initial artifact (scr) and file itself. I ntroduction.

IT 134

IT File names Libraries Communications 134

Security Affairs

MARCH 30, 2020

Upon opening the file, victims will need to ‘Enable Content’ to view the content of the protected document, but this action will trigger the infection process. “If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.”

Phishing 142

Phishing Security IT Information Security 142

Security Affairs

JANUARY 7, 2021

The experts found a malicious document uploaded to Virus Total related to a meeting request dated 23 Jan 2020, a circumstance that suggests the attack took place a year ago. A malicious macro is encoded within another that is dynamically decoded and executed. ” reads the post published by Malwarebytes. Pierluigi Paganini.

Phishing 100

Phishing Government Encryption Cloud 100

Security Affairs

APRIL 6, 2023

The attack chain associated with ARCHIPELAGO starts with phishing emails that embed malicious links. “ARCHIPELAGO invests time and effort to build rapport with targets, often corresponding with them by email over several days or weeks before finally sending a malicious link or file. ” concludes the report.

Phishing 90

Phishing Passwords Military Education 90

Security Affairs

SEPTEMBER 10, 2022

Once opened the archive, it will displays a Windows shortcut (LNK) file that masquerades as a document. The attackers also drop a malicious DLL and an encrypted payload file, noticing that the legitimate binary files are vulnerable to DLL search order hijacking. ” reads the analysis published by Secureworks.

Government 110

Government Archiving Metadata Encryption 110

Security Affairs

AUGUST 26, 2021

“As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices. that allows remote authenticated attackers to execute arbitrary code as the root user via maliciously crafted meeting room. ” reads CISA’s advisory. ” reads the MAR.

Security 127

Security Authentication Libraries Passwords 127

Security Affairs

OCTOBER 1, 2020

Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents.

Passwords 137

Passwords Ransomware Cybersecurity IT 137

Security Affairs

OCTOBER 11, 2022

VMware researchers have analyzed the supply chain behind the Emotet malware reporting that its operators are continually shifting their tactics, techniques, and procedures to avoid detection. ” The attack chain used in recent Emotet campaigns leverages on spam emails to deliver weaponized Microsoft documents.

Passwords 94

Passwords Ransomware IT Security 94

Schneier on Security

MAY 8, 2019

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.

Security 88

Security IT 88

Security Affairs

JULY 28, 2022

Proofpoint researchers noticed that the of ISO, RAR and LNK file attachments reached nearly 175% during the same period and at least 10 malicious actors started using LNK files in their campaigns since February 2022. Before October 2021, most of malicious phishing campaigns were spreading malware using weaponized Office documents.

Phishing 99

Phishing Ransomware Access IT 99

Security Affairs

JUNE 8, 2023

Threat actors engage in extensive email correspondence with the victims and use spoofed URLs, websites mimicking legitimate web platforms, and weaponized documents. ” reads the report published by SentinelOne “The initial email requests the review of a draft article analyzing the nuclear threat posed by North Korea.”

Archiving 79

Archiving Risk Phishing Passwords 79

Security Affairs

SEPTEMBER 29, 2022

The malicious code was developed to target a broad range of devices, including small office/home office (SOHO) routers and enterprise servers. The Chaos malware includes capabilities previously documented in the original Kaiji Linux botnet. ” reads the analysis published by Lumen Technologies. ” concludes the report.

Mining 94

Mining Financial Services IT Security 94

Security Affairs

MARCH 25, 2022

Ukraine CERT (CERT-UA) published technical details about a malicious activity tracked as UAC-0026, which SentinelLabs associated with China-linked Scarab APT. The attacker spread their malware through phishing messages using weaponized documents that deploy the HeaderTip malware. ” reads the advisory published by CERT-UA.

Phishing 94

Phishing Metadata Archiving IT 94

The Last Watchdog

JULY 11, 2023

Nazdan Penetration testing provides valuable insights into a system’s security posture, allowing companies to fortify their defenses and protect investor data from malicious actors. This includes scanning all materials, such as investor onboarding documents and communication. Foster collaborative partnerships.

IT 161

IT Encryption Risk Financial Services 161

Security Affairs

JULY 8, 2022

Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. Cybereason researchers documented the evolution of the Lockbit ransomware that uses multiple techniques to infect target systems. “LockBit operates on a RaaS (Ransomware as a Service) model.

Ransomware 101

Ransomware Phishing Encryption Access 101