Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT attacks that were identified during the month of July 2025. Figure 1. Statistics of APT attacks in South Korea in July 2025 The majority of APT attacks […]| ASEC
Pluggable Authentication Modules (PAM) is a modular framework that allows applications such as su, sudo, and sshd to perform security policy logic such as authentication without implementing it directly. Applications delegate authentication to the libpam library, which then loads and executes PAM modules according to the configuration information before aggregating the results. For example, when […]| ASEC
A new Linux malware has recently caught the attention of security researchers. Identified as “Plague,”… Newly Discovered Plague Linux Backdoor Malware Remained Undetected For A Year on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.| Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Test...
Project AK47, a toolset including ransomware, was used to leverage SharePoint exploit chain ToolShell. This activity overlaps with Storm-2603. The post Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks appeared first on Unit 42.| Unit 42
Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth.| Unit 42
Overview On Oct 21, 2022, 360Netlab's honeypot system captured a suspicious ELF file ee07a74d12c0bb3594965b51d0e45b6f, which propagated via F5 vulnerability with zero VT detection, our system observces that it communicates with IP 45.9.150.144 using SSL with forged Kaspersky certificates, this caught our attention. After further lookup,| 360 Netlab Blog - Network Security Research Lab at 360
概述 2022年10月21日,360Netlab的蜜罐系统捕获了一个通过F5漏洞传播,VT 0检测的可疑ELF文件ee07a74d12c0bb3594965b51d0e45b6f,流量监控系统提示它和| 360 Netlab Blog - Network Security Research Lab at 360
Rootkit Attack - What is Rootkit Attack? - How does it work? - Popular Attack Examples - How to detect rootkits| Gridinsoft Blogs
Cybersecurity - Cybersecurity Threats - What is Cybersecurity Threat? - Types of Cybersecurity Threats - Cybersecurity Attacks| Gridinsoft Blogs
CL-STA-1020 targets Southeast Asian governments using a novel Microsoft backdoor we call HazyBeacon. It misuses AWS Lambda URLs for C2. CL-STA-1020 targets Southeast Asian governments using a novel Microsoft backdoor we call HazyBeacon. It misuses AWS Lambda URLs for C2.| Unit 42
AhnLab SEcurity intelligence Center (ASEC) has recently identified a case where a malicious LNK file is disguised as the credit card security email authentication pop-up to steal user information. The identified malicious LNK file has the following file name, disguising itself as the credit card company. **card_detail_20250610.html.lnk The threat actor has been using PowerShell scripts for keylogging […]| ASEC
June 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
Mirai botnet Pandora has been discovered infiltrating inexpensive Android-based TV sets. through the firmware spread via third party websites.| Gridinsoft Blogs
How to Secure Windows 10: Use Device Encryption or Bitlocker, Enable Controlled Folder Access, Turn on Your Firewall, Install Anti-malware| Gridinsoft Blogs
Statistics Report on Malware Targeting Windows Database Servers in Q2 2025 ASEC| ASEC
AhnLab SEcurity intelligence Center (ASEC) collects information on malware distributed through phishing emails by using its own “email honeypot system.” Based on this information, ASEC publishes the “Phishing Email Trend Report” and “Infostealer Trend Report” on the ASEC Blog every month. Recently, XwormRAT has been confirmed to be distributed using steganography. This malware starts […]| ASEC
A monetization mechanism of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted.| Help Net Security
Complete 2025 guide to Trojan malware: detection, removal, and prevention. Learn about Trojan virus examples, how they work, and protection| Gridinsoft Blogs
Nothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green’s soul leave his body. Our esteemed guests Justin Schuh and Matt Green joined us to debate whether Dual_EC_DRBG was intentionally backdoored by the NSA or ‘just’ a major fuckup. Links: Dicky George at InfiltrateCon 2014, Life at Both Ends of the Barrel - An NSA Targeting Retrospective: https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q D...| Security Cryptography Whatever
All About Remote Access Trojan (RAT) - what is it, the history of RAT, Infection Methods. How to remove them + much more.| Gridinsoft Blogs
We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve.| securelist.com
引子 2025 年 2 月 24 日,美国全国广播公司新闻(NBC News)报道称:“华盛顿特区的美国住房与城市发展部(HUD)总部的电视设备突然播放了一段未经授权的 AI 生成视频。视频画面中,唐纳德·特朗普总统弯腰亲吻埃隆·马斯克的脚趾,并配以LONG LIVE THE REAL KING的醒目字幕。工作人员无法关闭只能被迫拔掉所有电视电源”。这一事件迅速引发舆论热议,公众广泛讨论。网络安全...| 奇安信 X 实验室
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Introduction On April 29, 2024, XLab's Cyber Threat Insight and Analysis System(CTIA) detected anomalous activity: IP 172.247.127.210 was distributing an ELF-based Winnti backdoor. Further investigation revealed the same IP had, on December 20, 2023, distributed a zero-detection malicious PHP file, init_task.txt, providing a key| 奇安信 X 实验室
简介 2024年4月29日,XLab 大网威胁感知系统捕获一起异常活动:IP 172.247.127.210 正在传播 ELF 版本的 winnti 后门木马。APT 相关告警的出现迅速引起了我们的注意。进一步溯源发现,该 IP 曾于2023年12月20日传播一个VirusTotal 0检测的恶意PHP文件init_task.txt ,这一线索为我们后续的调查提供了重要切入点。 以 init_task 为线索,我们进一步发现了一系列关联的恶意 PHP payload,包括 task_loade...| 奇安信 X 实验室
Background On July 27, 2024, XLab's Cyber Threat Insight and Analysis System(CTIA) detected an ELF file named pskt from IP address 45.92.156.166. Currently undetected on VirusTotal, the file triggered two alerts: an Overlay section and a communication domain mimicking Microsoft. Our analysis identified it as a| 奇安信 X 实验室
简介 2024年7月27日,XLab的大网威胁感知系统检测到 IP 地址 45.92.156.166 正在传播一个名为pskt的ELF 文件,它在 VirusTotal 上尚无检测。该样本触发了两条告警:文件存在 Overlay 区段,且通信域名疑似模仿微软。经过分析,我们确认这是一个专门针对 Red Hat Enterprise Linux (RHEL) 7.9 的 Melofee 后门木马变种。 Melofee 是一个用 C++ 编写的后门木马,支持信息收集、进程管理、文件操作和 SHEL...| 奇安信 X 实验室
FIN7 has come up with yet another trick to assure the effectiveness of its "EDR killer" tool, dubbed AvNeutralizer by researchers.| Help Net Security
Aquasec Investigation Exposes Alarming Rise in Kubernetes Misconfigurations Leading to Catastrophic Breaches.| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Summary XLab's Cyber Threat Insight and Analysis system(CTIA) recently detected a sophisticated malicious payload delivery and upgrade framework, which we have named DarkCracks. This framework is characterized by its zero detection rate on VirusTotal, high persistence, stealth, and a well-designed upgrade mechanism, leveraging high-performance, stable online infrastructure as its| 奇安信 X 实验室
摘要 我们的XLab大网威胁感知系统最近捕获了一个VirusTotal 0检测, 高持续、高隐匿、高完善升级设计、并利用高性能稳定在线设备作为其基础设施的恶意载荷投递&升级框架系统。 从我们的数据来看,这个我们命名为DarkCracks的恶意程序设计精良,背后的攻击者绝非普通的脚本小子。虽然我们对他的载荷投递&升级框架体系已经掌握,但由于高隐匿性,它的Launcher组件我们截止目...| 奇安信 X 实验室
The IT security researchers at Kaspersky have revealed details of a new campaign that the company has been tracking under the name SnatchCrypto.| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Overview On June 17, 2024, we discovered an ELF sample written in C language with a detection rate of 0 on VT. This sample was packed with a modified upx packer. After unpacking, another modified upx-packed elf file was obtained which was written in CGO mode. After analysis, it was| 奇安信 X 实验室
一、概述 2024年6月17号我们发现了一个VT 0检测的使用c语言编写的ELF样本,这个样本使用变形的upx加壳,脱壳后得到了另一个变形的upx加壳的elf文件,使用cgo的方式编写。经过分析发现这是来自“8220“挖矿团伙的新工具,用来安装其他恶意软件执行,主要是构建Tsunami DDoS僵尸网络和安装PwnRig挖矿程序。根据样本中的函数名称将其命名为“k4spreader”,进一步分析了VT的和蜜罐的...| 奇安信 X 实验室
Avast discovered and analyzed GuptiMiner, a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The post GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining appeared first on Avast Threat Labs.| Avast Threat Labs
Ugrupowanie Lazarus nadal żeruje na kryptowalutach: cyberprzestępcy dystrybuują portfele DeFi z wbudowanym backdoorem.| Oficjalny blog Kaspersky
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.| securelist.com
In this article, we share our analysis of a recent version of the DinodasRAT implant for Linux, which may have been active since 2022.| securelist.com
This is not just an issue for the UK: if our government gets away with it, so will others.| Alice, Eve and Bob – a security blog
Let’s look at current exploitation of CVE-2023-22527 - a Confluence template-injection vulnerability| GreyNoise Labs
In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!| GreyNoise Labs
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.| securelist.com
Note to the reader: This blogpost was written “as it happened”, so it may jump around the place a bit. I’ll try clean it up somewhat before I hit publish, but I probably won’…| Darren Martyn
So a while back I read a blog post about using OpenSSL engines on Windows as part of a local privesc exploit against a certain VPN client. This got me thinking. If every time the OpenSSL library is…| Darren Martyn