Experimental News Clipping Site

Tag: evasion techniques

  • Cisco Talos Blog: Threat actors use copyright infringement phishing lure to deploy infostealers

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/threat-actors-use-copyright-infringement-phishing-lure-to-deploy-infostealers/ Source: Cisco Talos Blog Title: Threat actors use copyright infringement phishing lure to deploy infostealers Feedly Summary: Cisco Talos has observed an unknown threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. The decoy email and fake PDF filenames are designed to impersonate a company’s legal department,…

  • The Register: Perfctl malware strikes again as crypto-crooks target Docker Remote API servers

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/24/perfctl_malware_strikes_again/ Source: The Register Title: Perfctl malware strikes again as crypto-crooks target Docker Remote API servers Feedly Summary: Attacks on unprotected servers reach ‘critical level’ An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims’ systems, according to Trend Micro researchers.… AI Summary and Description: Yes…

  • Schneier on Security: Perfectl Malware

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html Source: Schneier on Security Title: Perfectl Malware Feedly Summary: Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua…

  • Microsoft Security Blog: File hosting services misused for identity phishing

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/ Source: Microsoft Security Blog Title: File hosting services misused for identity phishing Feedly Summary: Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities,…

  • Slashdot: Thousands of Linux Systems Infected By Stealthy Malware Since 2021

    by

    system automation
    in

    Source URL: https://linux.slashdot.org/story/24/10/04/1759201/thousands-of-linux-systems-infected-by-stealthy-malware-since-2021?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Thousands of Linux Systems Infected By Stealthy Malware Since 2021 Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a sophisticated malware strain named Perfctl that has infected numerous Linux systems since 2021. It exploits misconfigurations and a critical vulnerability in Apache RocketMQ, employing stealth techniques to…

  • Hacker News: Perfctl: A Stealthy Malware Targeting Linux Servers

    by

    system automation
    in

    Source URL: https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Source: Hacker News Title: Perfctl: A Stealthy Malware Targeting Linux Servers Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth analysis of the “perfctl malware,” a Linux-based threat identified by Aqua Nautilus researchers, that exploits misconfigurations in Linux servers. This malware employs sophisticated evasion techniques, persistence mechanisms,…

  • Cloud Blog: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/ Source: Cloud Blog Title: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware Feedly Summary: Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…

  • Slashdot: Windows 0-Day Was Exploited By North Korea To Install Advanced Rootkit

    by

    system automation
    in

    Source URL: https://tech.slashdot.org/story/24/08/20/182229/windows-0-day-was-exploited-by-north-korea-to-install-advanced-rootkit?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Windows 0-Day Was Exploited By North Korea To Install Advanced Rootkit Feedly Summary: AI Summary and Description: Yes Summary: The text provides critical insights into a zero-day vulnerability exploited by North Korean hackers, specifically the Lazarus group, to deploy advanced malware targeting sectors like cryptocurrency and aerospace. This event…