A new malware with highly-capable JavaScript RAT, which is paired with a C# keylogger has been discovered by the security analysts at Prevailion that recently emerged in the cybercrime underground. This new stealthy and lightweight malware is dubbed as ‘DarkWatchman,’ and it is operated by the threat actors based in Russia, which primarily targets the […]
Prevailion security specialists report that a newly identified spear phishing campaign is distributing a new remote access Trojan (RAT) capable of manipulating Windows Registry in order to evade the most advanced security measures on the affected system. Identified as DarkWatchman, this Trojan uses the registry on Windows systems for almost all temporary storage on an […]
A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky “fileless” techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion’s Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify its command-and-control (C2) […]
Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively exploited flaw that’s being abused to deliver Emotet, TrickBot, or Bazaloader malware payloads. The latest monthly release for December fixes a total of 67 flaws, bringing the total number of bugs patched by the company […]
The malware is dubbed CrypBot is essentially an information stealer that can obtain credentials for cryptocurrency wallets, browsers, credit cards, browser cookies, and capture screenshots from compromised devices. Cybersecurity solutions provider Red Canary revealed in its recent blog post that a malicious KMSPico installer is carrying malware that can steal user information from cryptocurrency wallets, […]
Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing […]
According to Cisco Talos, abusing the flaw would allow an attacker with limited access to get higher privileges and become an administrator. A Windows Installer security vulnerability, tracked as CVE-2021-41379, was patched by Microsoft, but according to a report from Cisco Talos, hackers already had created malware to exploit this privilege escalation flaw identified in the enterprise […]
A group of researchers has released unofficial security patches to address a zero-day vulnerability of local privilege escalation on Windows 10 systems versions 1809 and later. According to reports, this error resides in the “Access to work or school” configuration, and allows evading a patch implemented by the company to address the flaw tracked as […]
Zoom security teams announced the release of patches for two vulnerabilities that could affect Windows, iOS, macOS, Android and Linux users. Reported by Google Project Zero, the flaws reside in the Zoom client for major platforms and their exploitation would allow the deployment of code execution attacks. Tracked as CVE-2021-34423, the first of the flaws […]
Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file […]
Although some users still ignore it, it is a known fact that Windows systems store information about user logins locally for cases where the logon server is unavailable. According to network security specialists, this function is known as domain cache credential (also known as MSCACHE or MSCASH). To generate hashes the MSCACHE algorithm is used, […]
Cybersecurity specialists report the publication of an exploit for a critical zero-day vulnerability affecting Windows 10, Windows 11 and Windows Server systems. Described as a local privilege escalation, the flaw can be exploited to open the system prompt with SYSTEM privileges from a least-privilege account. Successful exploitation of the vulnerability would allow threat actors to […]
The prime target of this malware campaign is unsuspecting users on Windows 10. Rapid7 Managed Detection and Response team has shared details of their newly identified malware campaign, urging unsuspecting Windows users to remain cautious. This campaign is designed to steal sensitive data and cryptocurrency from infected PCs. In the latest campaign, the attackers install […]
A recent report details the steps to exploit a zero-day vulnerability in Windows systems whose exploitation would allow threat actors to escalate their privileges to system user under certain conditions. While this is a critical vulnerability, exploitation would require threat actors to know the username and password of two different users, making an attack very […]
A BazarLoader Windows malware campaign has been detected recently by the security firm, Unit42 of Plaalto Networks that was hosting one of their malicious files on Microsoft’s OneDrive service. This BazarLoader Windows malware enables the threat actors backdoor access and network reconnaissance. After the revelation of this incident, a former senior threat intelligence analyst of […]
The developers of Sonatype, an automated malware detection system, report the finding of a set of malicious packages in the npm registry; According to the report, these malicious payloads are hidden as legitimate JavaScript libraries but in reality they are software for mining cryptocurrency on Windows, Linux and macOS systems. These malicious packages were tracked […]
The Lyceum threat group (aka Hexane) again initiated an attack, but this time they have a weird variant of a remote-access trojan (RAT). This time they are using the PowerShell scripts and .NET RAT to deploy keylogger on the targeted Windows system and steal credentials. Since this trojan doesn’t have any specific method to communicate […]
Tianfu Cup is the Chinese version of the Pwn2own in which hackers from Kunlun Lab managed to secure first place by hacking iPhone 13 through a vulnerability in the Safari mobile browser. The Chinese version of the Pwn2own hacking competition called Tianfu Cup took place from Oct. 16 to Oct. 17 in Chengdu, China. The […]
System logs analysis is one of the most useful hacking tasks for researchers and specialists in digital forensics and reverse engineering, so a tool that facilitates this process can be fundamental in an investigation. This time, digital forensics experts from the International Institute of Cyber Security (IICS) will show you RegRipper, a tool for automatic […]
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems. Attacks mounted by the hacking group, dubbed GhostEmperor by Kaspersky, are also said to have used a “sophisticated multi-stage malware […]
Commercially developed FinFisher surveillanceware has been upgraded to infect Windows devices using a UEFI (Unified Extensible Firmware Interface) bootkit that leverages a trojanized Windows Boot Manager, marking a shift in infection vectors that allow it to elude discovery and analysis. Detected in the wild since 2011, FinFisher (aka FinSpy or Wingbird) is a spyware toolset […]