Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability...
Fortinet: Govt networks targeted with now-patched SSL-VPN zero-day
Fortinet says unknown attackers exploited a FortiOS SSL-VPN zero-day vulnerability patched last month in attacks against government organizations and government-related...
NortonLifeLock warns that hackers breached Password Manager accounts
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully...
New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears...
PoC exploits released for critical bugs in popular WordPress plugins
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities,...
Royal Mail cyberattack linked to LockBit ransomware operation
A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation. Yesterday, the...
Cisco warns of auth bypass bug with public exploit in EoL routers
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers....
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a...
Hackers exploit Control Web Panel flaw to open reverse shells
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly...
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian...
Android TV box on Amazon came pre-installed with malware
A Canadian systems security consultant discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware...
Twitter claims leaked data of 200M users not stolen from its systems
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked...
Threema claims encryption flaws never had a real-world impact
A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end...
Winnti APT group docks in Sri Lanka for new campaign
In early August, the Malwarebytes Threat Intelligence team identified a new attack targeting government entities in Sri Lanka. The threat...
Ransomware in November 2022
Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their...
Cobalt Stike Beacon Detected – 124[.]222[.]73[.]187:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 24[.]199[.]125[.]39:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 179[.]43[.]187[.]24:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]27[.]62[.]175:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 106[.]13[.]1[.]223:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 45[.]77[.]44[.]118:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Malware Analysis – evasion – 4f774b19f651b067f18d07509c0c938d
Score: 7 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 4f774b19f651b067f18d07509c0c938dSHA1: 4fc969b01a148d8fcc9d18349f84840ae4b2d69bANALYSIS DATE: 2023-01-13T20:58:46ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – – 3b01de02b4a717539c44af9b388cf730
Score: 7 MALWARE FAMILY: TAGS:MD5: 3b01de02b4a717539c44af9b388cf730SHA1: e835e5bda10c4af40b07bdc8e0be8ba31d09a1caANALYSIS DATE: 2023-01-13T22:05:02ZTTPS: T1082 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...
Malware Analysis – djvu – 3dcf9fdd2fd95e1d56d8a5dc010130d6
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:19, discovery, persistence, ransomware, spyware, stealerMD5: 3dcf9fdd2fd95e1d56d8a5dc010130d6SHA1: 698761ced0b29ce6c67734368731ab8281124727ANALYSIS DATE: 2023-01-13T23:53:00ZTTPS: T1222, T1012, T1082, T1005,...
