/ The evolution of a Mac trojan: UpdateAgent’s progression Details
The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing secondary payloads in the latest campaign, a capability that it added in one of its multiple iterations. Reminiscent of the progression of info-stealing trojans in other platforms, UpdateAgent may similarly become a vector for other threats to infiltrate target systems.

/ Decrypted: TargetCompany Ransomware Details
The extension of the encrypted files and the ransom note indicated the TargetCompany ransomware (not related to Target the store), which can be decrypted under certain circumstances.

/ Indicators of Compromise Associated with LockBit 2.0 Ransomware (PDF) Details
LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of
techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.

/ Blocking internet macros by default in MS Office Details
For macros in files obtained from the internet, users will no longer be able to enable content with a click of a button. A message bar will appear for users notifying them with a button to learn more. The default is more secure and is expected to keep more users safe including home users and information workers in managed organizations.

/ Qbot Likes to Move It, Move It Details
We did not observe the initial access for this case but assess with medium to high confidence that a malicious email campaign was used to deliver an Excel (xls) document. Following the opening of the xls document, the initial Qbot DLL loader was downloaded and saved to disk. Interestingly, the name of the DLL contained a .html extension to disguise the portable executable nature of the payload. Once executed, the Qbot process creates a scheduled task to elevate itself to system.
 

/ SpoolFool: Windows Print Spooler Privilege Escalation (CVE-2022–22718)

https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81

Exploit:
https://github.com/ly4k/SpoolFool

P.S. thx for the link @onebrick

/ Windows Kernel Elevation of Privilege Vulnerability

CVE-2022-21989

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21989

/ Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed

PoC:
https://asec.ahnlab.com/en/31089/

Exploring extensions of dependency confusion attacks via npm package aliasing

Dependency confusion attacks are a form of open source supply chain security attacks in which an attacker exploits how package managers install dependencies. In a prior post, we explored how to detect and prevent dependency confusion attacks on npm to maintain supply chain security:

https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/

Windows DNS Server Remote Code Execution Vulnerability

CVE-2022-21984 (important update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21984

NGINX - If is Evil... when used in location context

(EN) Directive if has problems when used in location context, in some cases it doesn’t do what you expect but something completely different instead. In some cases it even segfaults. It’s generally a good idea to avoid it if possible.

(RU) Директива if - у нее есть проблемы при использовании в контексте локаций, в некоторых случаях эта директива делает не то, что ожидается, а нечто совершенно другое.

На оф. сайте рекомендуют избегать этой директивы, если это возможно. А ты знал? Я нет - сюрприз 😄

https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

/ Attackers Disguise RedLine Stealer as a Windows 11 Upgrade

Threat actors are always looking for topical lures to socially engineer victims into infecting systems. We recently analyzed one such lure, namely a fake Windows 11 installer.

https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/

/ Most Common Antivirus Evasion and Bypass Techniques

The following are some of the most prevalent methods used by hackers to avoid antivirus detection:

https://www.socinvestigation.com/most-common-antivirus-evasion-and-bypass-techniques/

Additional article - Top 10 web hacking techniques of 2021

..the latest iteration of our annual community-powered effort to identify the most significant web security research released in the last year:

https://portswigger.net/research/top-10-web-hacking-techniques-of-2021

StackScraper - Capturing sensitive data using real-time stack scanning against a remote process

tool to show how much data can be extracted from a running process without requiring any injection techniques

https://www.x86matthew.com/view_post?id=stack_scraper

/ NaturalFreshMall: a mass store hack

More than 350 ecommerce stores infected with malware in a single day. Magento under attack..:

https://sansec.io/research/naturalfreshmall-mass-hack

And another article from the same category - Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution

https://www.wordfence.com/blog/2022/02/critical-vulnerabilities-in-php-everywhere-allow-remote-code-execution/

/ About the security content of iOS 15.3.1 and iPadOS 15.3.1

WebKit. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited

https://support.apple.com/en-us/HT213093

/ A walk through Project Zero metrics

https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html

/ Security updates available for Adobe Commerce APSB22-12

Adobe has released security updates for Adobe Commerce and Magento Open Source. These updates resolve a vulnerability rated critical. Successful exploitation could lead to arbitrary code execution:

https://support.magento.com/hc/en-us/articles/4426353041293-Security-updates-available-for-Adobe-Commerce-APSB22-12

/ Simple analysys weaponized PDFs in phishing attacks

https://securityaffairs.co/wordpress/127946/hacking/analyzing-phishing-attacks-pdfs.html

P.S. Phishing domain already blocked in BLD Service

/ 2021 Year End Report Vulnerability QuickView

https://pages.riskbasedsecurity.com/hubfs/Reports/2021/2021%20Year%20End%20Vulnerability%20QuickView%20Report.pdf

Apple releases security updates for macOS Big Sur and Catalina following macOS 12.2.1

https://support.apple.com/en-us/HT201222

and another post from the same category - Google relesed security updates for Chrome browser:

https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html

Zabbix 6.0 LTS

https://www.zabbix.com/ru/whats_new_6_0

master_librarian

A simple tool to audit Linux system libraries to find public security vulnerabilities.

https://github.com/CoolerVoid/master_librarian

/ Indicators of Compromise Associated with BlackByte Ransomware

Technical details, mitigations. This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware.

https://www.ic3.gov/Media/News/2022/220211.pdf