article thumbnail

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. I am a computer security scientist with an intensive hacking background. The following code is the execution path that drives Stage 2 to Stage 3.

article thumbnail

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

DLA Piper Privacy Matters

As a reminder, in 2022, the CNIL priority topics were (i) direct marketing (ii) monitoring telework and (iii) the use of cloud computing (see our previous post ). This decision comes from several claims filed with CNIL for unauthorized access by third parties to patient records held by health care institutions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Epson Unveils Two Document Scanners Designed to Easily Organize Receipts and Invoices

Info Source

The automatic file naming and receipt recognition tool, with machine-learning capabilities, identifies important data such as vendor names and logos, and streamlines the process of storing and finding critical data and documents 2. Availability and Support.

article thumbnail

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

The execution of such a command drops on local HardDrive (AppData-Local-Temp) three new files named: RetrieveRandomNumber.vbs (2x) and RandomName.reg. The following image represents a simple ‘cat’ command on the just dropped files. On Final Stage VBS Run Files.

article thumbnail

Cyber Threats Observatory Gets Improvements

Security Affairs

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. I am a computer security scientist with an intensive hacking background. About the author: Marco Ramilli, Founder of Yoroi.

article thumbnail

APT34: Glimpse project

Security Affairs

The command and control is implemented by a standalone.NET application working through files. The backend, a nodeJS server, runs and offers Public API and and saves, requests to agents, and results from agents, directly into files named with “UID-IP” convention acting as agent ID.

article thumbnail

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Security Affairs

My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Stage1 was dropping and executing a brand new PE file named: rEOuvWkRP.exe (sha256: 92f59c431fbf79bf23cff65d0c4787d0b9e223493edc51a4bbd3c88a5b30b05c) using the bitsadmin.exe native Microsoft program.