Collaborate Disseminate
Dear blog readers,This is the seventh post part of my “Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Six” blog post series where I intend to share actionable threat intelligence with vendors and org… Continue reading Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Seventh
Dear blog readers,This is the sixth post part of my “Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Five” blog post series where I intend to share actionable threat intelligence with vendors and orga… Continue reading Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Six
Dear blog readers,This is the fifth post part of my “Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Four” blog post series where I intend to share actionable threat intelligence with vendors and orga… Continue reading Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Five
Dear blog readers,This is the fourth post part of my “Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Three” blog post series where I intend to share actionable threat intelligence with vendors and or… Continue reading Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Four
Dear blog readers,This is the second post part of the “Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation” series where I intend to share actionable threat intelligence with vendors and organizations in the con… Continue reading Exposing Modern Client-Side Exploits Serving Kits – An AV and Snort IDS MD5 List Compilation – Part Two
Remember CoolWebSearch? Check this out. This is definitely “from the malicious software department”. Sample CoolWebSearch domains portfolio known to have participated in various campaigns throughout the years:0-29.com0-2u.com0-days.net000info.com001sof… Continue reading From the “Definitely Malicious” Department – Exposing a CoolWebSearch Domains Portfolio
The U.S. Department of Justice on Wednesday announced that an unnamed defendant has pleaded guilty in connection with a cyberattack that rocked the internet in 2016. The October 2016 distributed denial-of-service attack affected Dyn, an internet infrastructure company, before rippling out to cause outages for sites including Twitter, Netflix, Spotify, AirBnb and Reddit, among others. DDoS attacks typically occur when attackers access a network of hacked computers, then direct those connections to a single point on the web, overwhelming the target with traffic and knocking it offline. In this case, the defendant in question conspired with others in September and October 2016 to leverage an offshoot of an army of hackers computers known as the Mirai botnet, the Justice Department said Wednesday. The malicious tool relied on connected video cameras, recorders and other devices to carry out the incident. Authorities withheld the name of the defendant because they were a […]
The post Suspect in case of Mirai botnet, which knocked major sites offline in 2016, pleads guilty appeared first on CyberScoop.
More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. Continue reading The chronicles of Emotet
The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is s a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery […]
The post TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices appeared first on CyberScoop.
Continue reading TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices
In this post I’ll officially attempt to bring down and take offline the Emotet botnet including to actually provide never-published before OSINT type of research analysis on the actual C&C infrastructure behind the Emotet botnet which is one of the… Continue reading Exposing Emotet’s Modern Infrastructure – A Case Study on Tracking Down and Shutting Down Abusive Malware In Direct Cooperation with Abuse Departments