Tag: dropper
-
Cloud Blog: Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/ Source: Cloud Blog Title: Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation Feedly Summary: Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more…
-
The Register: FireScam infostealer poses as Telegram Premium app to surveil Android devices
Source URL: https://www.theregister.com/2025/01/06/firescam_android_malware/ Source: The Register Title: FireScam infostealer poses as Telegram Premium app to surveil Android devices Feedly Summary: Once installed, it helps itself to your data like it’s a free buffet Android malware dubbed FireScam tricks people into thinking they are downloading a Telegram Premium application that stealthily monitors victims’ notifications, text messages,…
-
Hacker News: Certificate Authorities and the Fragility of Internet Safety
Source URL: https://azeemba.com/posts/certificate-authorities-and-the-fragility-of-internet-safety.html Source: Hacker News Title: Certificate Authorities and the Fragility of Internet Safety Feedly Summary: Comments AI Summary and Description: Yes Summary: The provided text offers a deep examination of HTTPS and the critical role of Certificate Authorities (CAs) in ensuring internet security. It discusses the potential vulnerabilities in the certificate verification process…
-
Hacker News: Certificate Authorities and the Fragility of Internet Safety
Source URL: https://azeemba.com/posts/certificate-authorities-and-the-fragility-of-internet-safety.html Source: Hacker News Title: Certificate Authorities and the Fragility of Internet Safety Feedly Summary: Comments AI Summary and Description: Yes Summary: The provided text offers a deep examination of HTTPS and the critical role of Certificate Authorities (CAs) in ensuring internet security. It discusses the potential vulnerabilities in the certificate verification process…
-
Hacker News: Certificate Authorities and the Fragility of Internet Safety
Source URL: https://azeemba.com/posts/certificate-authorities-and-the-fragility-of-internet-safety.html Source: Hacker News Title: Certificate Authorities and the Fragility of Internet Safety Feedly Summary: Comments AI Summary and Description: Yes Summary: The provided text offers a deep examination of HTTPS and the critical role of Certificate Authorities (CAs) in ensuring internet security. It discusses the potential vulnerabilities in the certificate verification process…
-
Hacker News: Bootkitty: Analyzing the first UEFI bootkit for Linux
Source URL: https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ Source: Hacker News Title: Bootkitty: Analyzing the first UEFI bootkit for Linux Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the emergence of “Bootkitty,” the first UEFI bootkit targeting Linux systems, highlighting its implications for security professionals in AI, cloud, and infrastructure. This new threat reflects an evolving…
-
The Register: First-ever UEFI bootkit for Linux in the works, experts say
Source URL: https://www.theregister.com/2024/11/27/firstever_uefi_bootkit_for_linux/ Source: The Register Title: First-ever UEFI bootkit for Linux in the works, experts say Feedly Summary: Bootkitty doesn’t bite… yet Security researchers say they’ve stumbled upon the first-ever UEFI bootkit targeting Linux, illustrating a key moment in the evolution of such tools.… AI Summary and Description: Yes Summary: The detection of “Bootkitty,”…
-
Cloud Blog: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/ Source: Cloud Blog Title: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Feedly Summary: In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android…
-
Cloud Blog: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/ Source: Cloud Blog Title: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware Feedly Summary: Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…