A detailed analysis of the STOP/Djvu Ransomware https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/
TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware https://www.proofpoint.com/us/blog/threat-insight/ta575-uses-squid-game-lures-distribute-dridex-malware
Proofpoint
TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware | Proofpoint US
Want to be in season two of the Netflix phenomenon? You might not like the hidden cost...
Spectre v4.0: the speed of malware threats after the pandemics https://yoroi.company/research/spectre-v4-0-the-speed-of-malware-threats-after-the-pandemics/
Yoroi
Spectre v4.0: the speed of malware threats after the pandemics - Yoroi
Introduction Cybercrime is today the first threat for businesses and actors are still evolving their malicious business models. In fact, the criminal ecosystem goes beyond the Malware-as-a-Service, many malware developers are increasing their dangerousn…
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks https://threatpost.com/tortilla-exchange-servers-proxyshell/175967/
Threat Post
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.
Mekotio Banker Returns with Improved Stealth and Ancient Encryption https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/
Check Point Research
Mekotio Banker Returns with Improved Stealth and Ancient Encryption - Check Point Research
Research by: Arie Olshtein & Abedalla Hadra A banking Trojan called “Mekotio” that targeted Latin America countries in the past, now making a comeback with a change in its infection flow. Check Point Research (CPR) detected over 100 attacks in recent weeks…
Practical MBA Deobfuscation with msynth https://synthesis.to/2021/11/11/practical_mba_deobfuscation.html
Zero-Day Disclosure: Palo Alto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/
Ibm
QRadar SaaS | IBM
Palo Alto Networks recently completed the acquisition of IBM's QRadar Software as a Service (SaaS) assets. IBM continue to sale QRadar on-premises.
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
The dark side of Microsoft Remote Procedure Call protocols https://redcanary.com/blog/msrpc-to-attack/
Red Canary
The dark side of Remote Procedure Call protocols - Red Canary
MSRPC to ATT&CK is a one-stop shop for learning more about how adversaries abuse Remote Procedure Calls and what you can do to detect it.
The Kerberos Key List Attack: The return of the Read Only Domain Controllers https://www.secureauth.com/blog/the-kerberos-key-list-attack-the-return-of-the-read-only-domain-controllers/
SecureAuth
Resource Hub
Explore SecureAuth's resources to learn more about better workforce and customer identity and access management.
Analyzing a watering hole campaign using macOS exploits https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/
Google
Analyzing a watering hole campaign using macOS exploits
To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…
Evading EDR Detection with Reentrancy Abuse https://www.deepinstinct.com/blog/evading-antivirus-detection-with-inline-hooks
Deep Instinct
Evading EDR Detection with Reentrancy Abuse | Deep Instinct
In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver https://posts.specterops.io/mimidrv-in-depth-4d273d19e148
Medium
Mimidrv In Depth: Exploring Mimikatz’s Kernel Driver
Mimikatz provides the opportunity to leverage kernel mode functions through the included driver, Mimidrv. Mimidrv is a signed Windows…
Practical attacks against attribute-based encryption https://research.kudelskisecurity.com/2021/11/12/practical-attacks-against-attribute-based-encryption/
Kudelski Security Research
Practical attacks against attribute-based encryption
Authors: Antonio de la Piedra (Kudelski Security Research Team) and Marloes Venema (Radboud University Nijmegen) This week at Black Hat Europe 2021 we have presented our work on attacking attribute…
Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915) https://www.secforce.com/blog/exploiting-grandstream-ht801-ata-cve-2021-37748-cve-2021-37915/
www.secforce.com
Exploiting Grandstream HT801 ATA (CVE-2021-37748, CVE-2021-37915)
This article describes two authenticated remote code execution vulnerabilities that we found during a time-bounded security assessment of Grandstream’s HT801 Analog Telephone Adapter. Both vulnerabilities are exploitable via the limited configuration shell…
Backup “Removal” Solutions - From Conti Ransomware With Love https://www.advintel.io/post/backup-removal-solutions-from-conti-ransomware-with-love
Redsense
RedSense Home
RedSense Cyber Threat Intelligence provides products and services to many of the world’s most sophisticated corporate threat intelligence departments and security organizations. As companies rethink their intelligence frameworks for greater efficacy and cost…