Expanding the Investigation: Deep Dive into Latest TrickMo Samples

...a new variant of the Banking Trojan called TrickMo.. features:

- OTP interception
- Screen recording
- Data exfiltration
- Remote control
- Automatic permission granting and auto-click on prompts
- Accessibility service abuse
- Overlay display and credential theft

Research:

https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

HijackLoader evolution: abusing genuine signing certificates

https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/

New Bumblebee Loader Infection Chain Signals Possible Resurgence

https://www.netskope.com/blog/new-bumblebee-loader-infection-chain-signals-possible-resurgence

Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps

https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

https://www.sentinelone.com/blog/macos-notlockbit-evolving-ransomware-samples-suggest-a-threat-actor-sharpening-its-tools/

Microsoft Update Warning—400 Million Windows PCs Now At Risk

https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/

Storm-0940 uses credentials from password spray attacks from a covert network

https://www.forbes.com/sites/zakdoffman/2024/10/30/warning-for-14-billion-microsoft-windows-10-windows-11-users-get-free-upgrade/

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

RISK:STATION, an unauthenticated zero-click vulnerability allowing attackers to obtain root-level code execution on the popular Synology DiskStation and BeeStation NAS devices, affecting millions of devices

https://www.midnightblue.nl/research/riskstation

Threat Campaign Spreads Winos4.0 Through Game Application

https://www.fortinet.com/blog/threat-research/threat-campaign-spreads-winos4-through-game-application

Мистер Малой легенда хип-хопа, автор множества хитов, и мой знакомый. Известен топ-треком всех времен и народов Буду пАгибать мАлодым, создал новый топ-трек "Войти в АЙТИ", не могу пропустить это и с радостью и гордостью поздравляю и представляю трек всеобщему вниманию.

Как завести себе питона, и войти в АЙТИ можно узнать из официального трека представленного в канале Мистера Малого:

- Apple Music
- Spotify Track
- Vk Official
- Ya Music

Приятного всем! ✌️

P.S. Кто не знает. Все о Мистер Малом на оф. сайте mistermaloy.com

Malicious Python Package Typosquats Popular 'fabric' SSH Library, Exfiltrates AWS Credentials

https://socket.dev/blog/malicious-python-package-typosquats-fabric-ssh-library

Linux Foundation курс/сертификацию есть возможность получить бесплатно (а ценники там норм), еще есть время до конца недели. На всякий случаю дублирую сюда.

https://news.1rj.ru/str/sysadm_in_up/2272

SpyNote: Unmasking a Sophisticated Android Malware

This version of SpyNote is being distributed as a fake Avast antivirus (Avastavv.apk) for the Android platform on a phishing site..:

https://www.cyfirma.com/research/spynote-unmasking-a-sophisticated-android-malware/

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies

https://www.infostealers.com/article/massive-moveit-vulnerability-breach-hacker-leaks-employee-data-from-amazon-mcdonalds-hsbc-hp-and-potentially-1000-other-companies/

APT Actors Embed Malware within macOS Flutter Applications

https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

🏎 OpenBLD.net – Engine for a Faster Internet

Increased throughput with the newest Gears in the racing engine of OpenBLD.net. Some Gears have been rewritten or built from scratch:

• Synchronous processing of block lists
• Caching of blocking events
• Updated caching system — the log enricher now has its own cache
• Enhanced request processing system
• New health-checking system for upstream servers, with response time detection
• Improved load balancing, routing requests to servers with the lowest response time
• Optimized parallel DNS request handling, delivering the fastest response

I hope these features will help us save valuable time online while the OpenBLD.net system's gears run smoothly under the hood.

What's Gears?

Gears are the components of the OpenBLD.net system that help to customize online experiences.

If you notice any “engine misfires,” please let me know. I’m always open to constructive feedback.

Wishing everyone a safe journey across the internet! ✌️

Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes

https://www.group-ib.com/blog/stealthy-attributes-of-apt-lazarus/

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/