command-and-control – Experimental News Clipping Site

Cloud Blog: Backscatter: Automated Configuration Extraction

Jan 14, 2025

—

by

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/backscatter-automated-configuration-extraction/ Source: Cloud Blog Title: Backscatter: Automated Configuration Extraction Feedly Summary: Written by: Josh Triplett Executive Summary Backscatter is a tool developed by the Mandiant FLARE team that aims to automatically extract malware configurations. It relies on static signatures and emulation to extract this information without dynamic execution, bypassing anti-analysis logic present in…

Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances

Jan 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…

The Register: FireScam infostealer poses as Telegram Premium app to surveil Android devices

Jan 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/06/firescam_android_malware/ Source: The Register Title: FireScam infostealer poses as Telegram Premium app to surveil Android devices Feedly Summary: Once installed, it helps itself to your data like it’s a free buffet Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims’ notifications, text messages,…

Cloud Blog: XRefer: The Gemini-Assisted Binary Navigator

Dec 13, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/ Source: Cloud Blog Title: XRefer: The Gemini-Assisted Binary Navigator Feedly Summary: Written by: Muhammad Umair Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical to incident response timelines. At…

Microsoft Security Blog: Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Dec 5, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/ Source: Microsoft Security Blog Title: Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Feedly Summary: Microsoft has observed Secret Blizzard compromising the infrastructure and backdoors of the Pakistan-based threat actor we track as Storm-0156 for espionage against the Afghanistan government and Indian Army targets. The post Frequent freeloader part…

Cloud Blog: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments

Dec 4, 2024

—

by

system automation

in Uncategorized

Source URL: https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/ Source: Cloud Blog Title: (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments Feedly Summary: Written by: Thibault Van Geluwe de Berlaere Executive Summary Browser isolation is a security technology where web browsing activity is separated from the user’s local device by running the browser in a secure environment,…

The Register: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Nov 22, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/ Source: The Register Title: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole Feedly Summary: PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to…

The Register: Swiss cheesed off as postal service used to spread malware

Nov 16, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/16/swiss_malware_qr/ Source: The Register Title: Swiss cheesed off as postal service used to spread malware Feedly Summary: QR codes arrive via an age-old delivery system Switzerland’s National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country’s postal service.… AI Summary and Description: Yes Summary: The National Cyber…

The Register: China’s Volt Typhoon crew and its botnet surge back with a vengeance

Nov 13, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Source: The Register Title: China’s Volt Typhoon crew and its botnet surge back with a vengeance Feedly Summary: Ohm, for flux sake China’s Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.… AI…

The Register: Winos4.0 abuses gaming apps to infect, control Windows machines

Nov 8, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/08/winos40_targets_windows/ Source: The Register Title: Winos4.0 abuses gaming apps to infect, control Windows machines Feedly Summary: ‘Multiple’ malware samples likely targeting education orgs Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 that gives the attackers full control over compromised machines.… AI Summary and Description: Yes…

Tag: command-and-control