Category: Uncategorized

As I’d recently written about a Lazarus group first stage implant (see: “Pass the AppleJeus”), I was intrigued to analyze this sample! We’ll see while there are some clear overlaps, this (new) sample contains a rather sophisticated capabilities, which I’ve never seen before in (public) macOS malware! Continue reading

We discovered an authentication-bypass vulnerability in OpenBSD’s authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms. Continue reading

Hi all,

I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Continue reading

For several years, Proofpoint researchers have been tracking the use of first-stage downloaders, which are used by threat actors to install other forms of malware during and after their malicious email campaigns. In particular, over the last two years, these downloaders have become increasingly robust, providing advanced profiling and targeting capabilities. Continue reading

IBM® X-Force® has been researching and tracking destructive malware in the Middle East, particularly in the industrial and energy sector. Since the first Shamoon attacks that started affecting organizations in the region in summer of 2012, we have been following the evolution of destructive, disk-wiping malware deployed to cause disruption. Continue reading

The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable: Continue reading

ThreatFabric analysts have recently investigated an interesting new strain of banking malware. The malware was first spotted by Tatyana Shishkova from Kaspersky by end October 2019, but actually dates back to June 2019. It is still under active development, with at least 5 different versions of the Trojan released within the last 5 months (June – November 2019). Continue reading

Huawei continues to expand its operations in Brazil with the launch of some smartphones and products aimed at the technology market. The company recently announced the arrival of FreeBuds Lite wireless headsets while selling the P30 and P30 Lite in their stores. But Huawei’s Twitter account seems to be moving in another direction Continue reading

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a breached database belonging to the American communications company, TrueDialog. Continue reading

Cyber attacks continue to evolve at an ever-increasing pace. Threats have become more sophisticated and dangerous compared to just a few years ago. The velocity of malware evolution, an increasing number of end-user devices, networks and technologies that need protection, Continue reading