A new malware strain dubbed Dexphot attacking windows computers to mine cryptocurrency, monitoring services, and scheduled tasks to rerun the infection if windows defender removed it. The malware uses filess techniques it gets malicious codes executed directly in memory and also it hijacks the legitimate process to hide the malicious activity. Microsoft closely tracked the […]
A new malicious downloader dubbed “DePriMon” registers itself as fake Windows Default Print Monitor to achieve persistence and to execute commands as a SYSTEM user. The DePriMon malware found to be active at least from March 2017, it was detected first in a private company based in Central Europe. It is well-written malware and the […]
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface.It can also work in client/server mode. Remote monitoring could be done via terminal, Web interface or API (XML-RPC and RESTful). […]
According to web application security experts from Nyotron, there is a new method that allows threat actors to encrypt Windows files in a special way, which won’t be able to detect the attack. Ransomware attacks remain very common and keep evolving. A report based on figures from multiple security firms mentions that 28% of cybersecurity […]
If you’ve updated your Windows today like me, this article may just end up scaring you a bit. In the latest, it has been discovered that a malicious campaign has been installing ransomware under the pretext of updating your operating system. Named as Cyborg ransomware; the attackers try to lure users by sending emails prompting […]
While SD cards provide a wonderful means to store photos, videos, and other data, they need careful handling since they are prone to damage and consequent data loss. However, with Yodot Recovery Software, there is a lifeline. Whether you accidentally delete any files, your memory card becomes corrupted, you can potentially recover your files. Quick […]
The latest Windows 10 November 2019 Update has begun rolling out for users. But some evil minds didn’t spend much time in taking advantage of the situation and deliver infected and fake Windows Update to the users. A new ransomware campaign has been discovered by the security researchers at SpiderLabs (via TechRadar). The fake Windows […]
New malspam email campaign discovered with fake windows updater and its Builder, through which hackers launching Cyborg Ransomware to encrypt the compromised systems files. A spam email claims to be from Microsoft and email body urges the victims to Install the Latest “Microsoft Windows Update” by opening the attached file. Fake update attachment appears with […]
In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. I often ran the same scripts one after the other to get information about the current system and/or the domain. To automate as many internal penetrationtest processes (reconnaissance as well as exploitation) […]
Recently, a malware by the name of ACbackdoor has been discovered which infects both Windows and Linux based systems. With little to no documentation of its origin, it has capabilities for pretty complex operations which include arbitrary execution of shell commands, updating, arbitrary binary execution, and persistence. Although both of the variants have different backdoor […]
Researchers discovered a previously undetected multi-platform malware called ACbackdoor that has both Linux and Windows Variant to infect the respective users and steal sensitive information. Dubbed ACbackdoor Linux variant has a completely no detection rate while the Windows variant has a higher detection rate than the Linux variant. Researchers believe that the ACbackdoor variant is […]
With the release of Windows Insider Build 19025 (20H1), Microsoft has introduced an algorithm to better fix the shortcomings of the Search indexer in Windows 10. Back in 2018, some Insiders turned off the Windows Search indexer on their machines. When Microsoft asked why, the user feedback revealed that high disk usage, high CPU usage, […]
Researchers discovered a new malware campaign that drops two different Remote Access Trojan(RAT) on targeted Windows systems and steal sensitive information from popular browsers such as Chrome and Firefox. The samples that uncovered by Fortinet researchers drop the RevengeRAT and WSHRAT malware and it has various obfuscation functionalities that use the various stage to maintain […]
Researchers detect a wave of malware campaigns from a new hacking group named TA2101 that targeting various organizations in German and Italy to deploy the backdoor malware in their network. Threat actors from this new hacking group using legitimate and licensed penetration testing tools and backdoor framework such as Cobalt Strike and Metasploit to perform […]
Researchers discovered a new PureLocker Ransomware that capable of encrypting files in Windows, Linux, and macOS. The ransomware used by threat actors to perform a targeted attack against production servers of the enterprise networks. Code reuse analysis against Purelocker reveals that the ransomware related to the “more_eggs”, a backdoor malware often used by Cobalt Gang, FIN6 […]
Researchers uncovered a new ransomware family named “Buran” ransomware that works as a Ransomware-as-a-Service(RaaS) model and actively selling in a well-known Russian forum. Ransomware authors advertising in well known Russian underground forums and the Buran Ransomware compatible with all versions of the Windows OS and Windows server. Unlike other RaaS based ransomware such as GandCrab that earned […]
A new wave of malware attack strikes again from the Titanium APT group that infects windows with hidden backdoor by mimicking common legitimate software and fileless technique. Titanium APT is one of the technologically advanced hacking group, they are using the various sophisticated technique to attack the target, and their method of attack makes very […]
We have already seen Windows XP booting on Nintendo Switch and Windows 10 running on OnePlus 6T. This time a developer has managed to run Windows 10 on a calculator (via Windowslatest). The calculator, in this case, isn’t a basic or scientific calculator that we see commonly. The pictures posted by the developer shows an […]
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the root of the execution directory. DFIRTriage […]
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory. A […]
There was a time when Microsoft had a significant place in the mobile world, and its operating system — Windows Mobile — had a hold. However, that changed, and now we don’t see its traces at all. Now, we might know one of the reasons for the same, as hinted by Bill Gates. Although there […]