fee: Execute ELF files without dropping them on disk https://github.com/nnsee/fileless-elf-exec
GitHub
GitHub - nnsee/fileless-elf-exec: Execute ELF files without dropping them on disk
Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.
The hunt for NOBELIUM, the most sophisticated nation-state attack in history https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/
Microsoft Security Blog
The hunt for NOBELIUM, the most sophisticated nation-state attack in history | Microsoft Security Blog
In the second of a four-part series on the NOBELIUM nation-state attack, we share the behind-the-scenes details of the detection and investigation into the threat.
SharkBot: a new generation of Android Trojans is targeting banks in Europe https://www.cleafy.com/cleafy-labs/sharkbot-a-new-generation-of-android-trojan-is-targeting-banks-in-europe
Cleafy
SharkBot: a new generation of Android Trojans is targeting banks in Europe | Cleafy Labs
SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.
Cyber-mercenary group Void Balaur has been hacking companies for years https://therecord.media/cyber-mercenary-group-void-balaur-has-been-hacking-companies-for-years/
therecord.media
Cyber-mercenary group Void Balaur has been hacking companies for years
Cyber-security firm Trend Micro has published today a 46-page report detailing the history and activity of a hacker-for-hire group that has been advertising its services in the cybercrime underworld and conducting on-demand intrusions since the mid-2010s.
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
Microsoft News
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans (RATs), and other payloads related to targeted…
Revealing Lamberts/Longhorn malware capabilities using a step-by-step approach (cyberespionage group linked to Vault 7) https://cybergeeks.tech/revealing-the-lamberts-malware-using-a-step-by-step-approach-cyberespionage-group-linked-to-vault-7/
Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 https://blog.assetnote.io/2021/11/02/sitecore-rce/
TP-Link TL-WR840N EU v5 Remote Code Execution https://k4m1ll0.com/cve-2021-41653.html
K4M1Ll0
TP-Link TL-WR840N V5(EU) - RCE - CVE-2021-41653
exploit
US Cyber Command head confirms direct actions against ransomware gangs https://www.zdnet.com/article/us-cyber-command-head-confirms-direct-actions-against-ransomware-gangs/
ZDNet
US Cyber Command head confirms direct actions against ransomware gangs
General Paul M. Nakasone provided a peek behind the curtain into how his agency is trying to combat the growing threat organized ransomware gangs pose to US cybersecurity and vital global infrastructure.
BotenaGo botnet targets millions of IoT devices with 33 exploits https://www.bleepingcomputer.com/news/security/botenago-botnet-targets-millions-of-iot-devices-with-33-exploits/
BleepingComputer
BotenaGo botnet targets millions of IoT devices with 33 exploits
A new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices.
Credit card skimmer evades Virtual Machines https://blog.malwarebytes.com/threat-intelligence/2021/11/credit-card-skimmer-evades-virtual-machines/
Malwarebytes
Credit card skimmer evades Virtual Machines
This blog post was authored by Jérôme Segura There are many techniques threat actors use to slow down analysis or, even...
Abcbot, an evolving botnet https://blog.netlab.360.com/abcbot_an_evolving_botnet_en/
360 Netlab Blog - Network Security Research Lab at 360
Abcbot, an evolving botnet
Background
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Business on the cloud and security on the cloud is one of the industry trends in recent years. 360Netlab is also continuing to focus on security incidents and trends on the cloud from its own expertise in the technology field. The following is…
Deep Dive into a Fresh Variant of Snake Keylogger Malware https://www.fortinet.com/blog/threat-research/deep-dive-into-a-fresh-variant-of-snake-keylogger-malware
Fortinet Blog
Deep Dive into a Fresh Variant of Snake Keylogger Malware
FortiGuard Labs recently discovered a fresh variant of the Snake Keylogger malware. Learn how it is downloaded and executed through a captured Excel sample, what techniques this variant uses to pro…
Exchange Exploit Leads to Domain Wide Ransomware https://thedfirreport.com/2021/11/15/exchange-exploit-leads-to-domain-wide-ransomware/
The DFIR Report
Exchange Exploit Leads to Domain Wide Ransomware
In late September 2021, we observed an intrusion in which initial access was gained by the threat actor exploiting multiple vulnerabilities in Microsoft Exchange. The threat actors in this case wer…
Flare-On 2021: known https://0xdf.gitlab.io/flare-on-2021/known
0xdf hacks stuff
Flare-On 2021: known
known presented a ransomware file decrypter, as well as a handful of encrypted files. If I can figure out the key to give the decrypter, it will decrypt the files, one of which contains the flag. I’ll use Ghidra to determine the algorithm, then recreate it…