HackDig : Dig high-quality web security articles for hackers

Zeus Sphinx: What it is, how it works and how to prevent it | Malware spotlight

IntroductionWhen something is described as “rising from the ashes,” the mythological creature known as the phoenix normally comes to mind. For those that research malware, they may soon want to swap “phoenix” for “Zeus Sphinx.” This malware used to be a persistent threat for banks and financial institutions in 2015 and seemingly died out. As of Decembe
Publish At:2020-08-12 09:53 | Read:98 | Comments:0 | Tags:Malware Analysis

How to detect and prevent web shells: New guidance from the NSA and the Australian government

IntroductionIt’s not every day that governments of different countries draft guidance rules about any subject together. It is even rarer that they create joint guidance for cybersecurity reasons. It may come as a surprise to many that the United States government (NSA) and the Australian government (Australian Signals Directorate or ASD) have issued jo
Publish At:2020-08-11 10:31 | Read:50 | Comments:0 | Tags:Malware Analysis

Tesla Model 3 vulnerability: What you need to know about the web browser bug

IntroductionIn 2020, Jacob Archuleta, a researcher nicknamed Nullze, discovered an important information security vulnerability on the web browser of the Tesla Model 3 automobile. If a user of the car’s boarding computer visits a specific website, the entire touchscreen becomes unusable.The vulnerability was quickly reported to Tesla in accordance with
Publish At:2020-08-05 10:20 | Read:99 | Comments:0 | Tags:Malware Analysis Vulnerability

Analysis of ransomware used in recent cyberattacks on health care institutions

IntroductionIn recent years, there has been a steady increase in the number of ransomware attacks on healthcare institutions. The pressure such institutions experienced as a result of the COVID-19 crisis certainly exacerbated some of the reasons for the proliferation of such attacks. Fraudsters believe that the chaos created by the COVID-19 crisis will
Publish At:2020-07-21 14:11 | Read:169 | Comments:0 | Tags:Malware Analysis

Spamdexing (SEO spam malware)

Introduction: About SEO spam — is my website a target?You’ve spent time and energy in positioning your website high in search engine rankings through good SEO practices. You realize, however, that someone has hijacked your site by inserting their own spam. You are a victim of SEO spam, otherwise known as spamdexing, web spam, search engine spam and mor
Publish At:2020-07-15 12:46 | Read:171 | Comments:0 | Tags:Malware Analysis

Become The Malware Analyst Series: Malicious Code Extraction and Deobfuscation

In this video, Senior Incident Response & Research Consultant Scott Nusbaum demonstrates a method to extract and deobfuscate code from a malicious document. Upon rendering the code readable, Nusbaum works to gain an understanding of the goals the malware was attempting to accomplish and the processes by which it undertook that effort. This video
Publish At:2020-07-07 09:43 | Read:98 | Comments:0 | Tags:Incident Response Incident Response & Forensics Malware Anal

Agent Tesla: What it is, how it works and why it’s targeting energy companies

Introduction to Agent TeslaAgent Tesla appeared for the first time in 2014, but it has been just recently used for attacks on energy companies operating in various fields. These fields include charcoal processing, manufacturing of raw materials, oil and gas and hydraulic plants. Such attacks are based on spearphishing messages impersonating reputable c
Publish At:2020-07-02 15:54 | Read:144 | Comments:0 | Tags:Malware Analysis

SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT

Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disa
Publish At:2020-05-03 08:13 | Read:597 | Comments:0 | Tags:Government Malware Threat Hunting Credentials Theft Email IB

TrickBot Campaigns Targeting Users via Department of Labor FMLA Spam

IBM X-Force monitors billions of spam emails a year, mapping trending, malicious campaigns and their origins. Recent analysis from our spam traps uncovered a new Trickbot campaign that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA), w
Publish At:2020-05-03 08:13 | Read:521 | Comments:0 | Tags:Malware Threat Intelligence Banking Trojan Cybercrime Fraud

New Android Banking Trojan Targets Spanish, Portuguese Speaking Users

IBM X-Force research recently analyzed a new Android banking Trojan that appears to be targeting users in countries that speak Spanish or Portuguese, namely Spain, Portugal, Brazil and other parts of Latin America. This Trojan, which was created atop an existing, simpler SMSstealer.BR, was supplemented with more elaborate overlay capabilities. That portion o
Publish At:2020-04-21 06:45 | Read:742 | Comments:0 | Tags:Malware Mobile Security Android Android Malware Banking Malw

TA505 Continues to Infect Networks With SDBbot RAT

IBM X-Force Incident Response and Intelligence Services (IRIS) responds to security incidents around the globe. During analysis and comparison of malicious activity on enterprise networks, our team identified attacks likely linked to Hive0065, also known as TA505. We observed that Hive0065 continues to spread the SDBbot remote-access Trojan (RAT) alongside o
Publish At:2020-04-14 12:36 | Read:664 | Comments:0 | Tags:Advanced Threats Incident Response Command-and-Control (C&C)

Malware spotlight: Sodinokibi

IntroductionRansomware is not new at this point in time and will be with us for the foreseeable future, as new types of ransomware are constantly emerging. And sometimes, new ransomware makes a big impact fast. Sodinokibi is one of these strains of malware that needs to be taken seriously. Within four months of its discovery, it had managed to become t
Publish At:2020-04-09 14:10 | Read:538 | Comments:0 | Tags:Malware Analysis

ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework

The past two years have borne witness to the increasing collaboration between organized cybercrime groups to avoid duplication of efforts and maximize profits. Although this collaboration has primarily occurred between gangs developing and distributing well-known banking Trojans, such as Emotet, TrickBot and IcedID, it does not stop there. In a new and dange
Publish At:2020-04-07 08:25 | Read:583 | Comments:0 | Tags:Advanced Threats Threat Intelligence Banking Trojan Collabor

Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy

The recent months have created a new reality in the world as the novel Coronavirus pandemic spread from country to country raising concerns among people everywhere. With spammers and malware distributors already being accustomed to riding trending news, the COVID-19 theme has been exploited thoroughly by a large variety of spam and malspam campaigns. It appe
Publish At:2020-03-30 02:05 | Read:646 | Comments:0 | Tags:Malware Threat Intelligence Banking Malware Banking Trojan C

Malware spotlight: Nemty

IntroductionIf the last five years or so have proven anything, it is that ransomware is here to stay as a threat in the cybersecurity wild. This should not be used as rationale to simply ignore the deluge of new types of malware that are discovered weekly, as the recently discovered malware family Nemty has demonstrated. While appearing at first like a
Publish At:2020-03-26 10:44 | Read:474 | Comments:0 | Tags:Malware Analysis

Tools

Tag Cloud