Experimental News Clipping Site

Tag: infection chain

  • Cloud Blog: Mark Your Calendar: APT41 Innovative Tactics

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics/ Source: Cloud Blog Title: Mark Your Calendar: APT41 Innovative Tactics Feedly Summary: Written by: Patrick Whitsell Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited government website hosting malware being used to target…

  • Microsoft Security Blog: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/11/new-xcsset-malware-adds-new-obfuscation-persistence-techniques-to-infect-xcode-projects/ Source: Microsoft Security Blog Title: New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects Feedly Summary: Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCSSET malware features…

  • Cisco Talos Blog: Threat Spotlight: WarmCookie/BadSpace

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/warmcookie-analysis/ Source: Cisco Talos Blog Title: Threat Spotlight: WarmCookie/BadSpace Feedly Summary: WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.  AI Summary and Description: Yes Summary: The text discusses the emergence and operational characteristics of the WarmCookie malware family, which has…

  • Cisco Talos Blog: Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/gophish-powerrat-dcrat/ Source: Cisco Talos Blog Title: Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Feedly Summary: Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. AI Summary and Description: Yes Summary: The text details the analysis of a sophisticated phishing campaign…

  • Cloud Blog: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/ Source: Cloud Blog Title: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware Feedly Summary: Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…