HackDig : Dig high-quality web security articles for hacker

New Malicious Macro Evasion Tactics Exposed in URSNIF Spam Mail

by John Anthony Bañes Malicious macros are commonly used to deliver malware payloads to victims, usually by coercing victims into enabling the macro sent via spam email. The macro then executes a PowerShell script to download ransomware or some other malware. Just this September EMOTET, an older banking malware, leveraged this method in a campaign that saw i
Publish At:2017-10-21 18:05 | Read:88 | Comments:0 | Tags:Malware macro sandbox Spam

A Cybersecurity Proof: The Application is the Endpoint

Vulnerable applications and browsers are the persistent data breach entry points—it’s not about the files Isolation is the only solution that can absolutely eliminate kernel-level exploits and malware escapes It’s time to rethink information security defense around fewer, smarter, yet more effective layers You have many more endpoints than you think. How m
Publish At:2017-10-21 16:25 | Read:26 | Comments:0 | Tags:Threats access points application attack vector endpoint End

Russian spies pilfered data from NSA Contractor’s home PC running a Kaspersky AV

Russian hackers allegedly exploited Kaspersky AV to hack into NSA contractor and steal the NSA exploit code. It complicates Kaspersky’s position. Anonymous sources have claimed Russian intelligence extracted NSA exploits from a US government contractor’s home PC using Kaspersky Lab software. Sources told the Wall Street Journal that a malicious c
Publish At:2017-10-06 11:30 | Read:184 | Comments:0 | Tags:Breaking News Hacking Intelligence Malware antivirus cyber e

SYSCON Backdoor Uses FTP as a C&C Channel

By Jaromir Horejsi (Threat Researcher) Bots can use various methods to establish a line of communication between themselves and their command-and-control (C&C) server. Usually, these are done via HTTP or other TCP/IP connections. However, we recently encountered a botnet that uses a more unusual method: an FTP server that, in effect, acts as a C&C se
Publish At:2017-10-05 23:30 | Read:194 | Comments:0 | Tags:Malware backdoor FTP SYSCON

CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware

The CSE CybSec Z-Lab Malware Lab analyzed the Hospitality malware used by the Russian APT28 group to target hotels in several European countries. The Russian hacker group APT28, also known as Sofacy or Fancy Bear, is believed to be behind a series of attacks in last July against travelers staying in hotels in Europe and Middle East. This attack is performed
Publish At:2017-10-05 17:05 | Read:111 | Comments:0 | Tags:APT Breaking News Cyber warfare Malware APT28 cyber espionag

Experts discovered a SYSCON Backdoor using FTP Server as C&C

Security researchers with Trend Micro discovered a backdoor dubbed SYSCON that uses an FTP server for command and control (C&C) purposes. The SYSCON backdoor is spreading through tainted documents that refer North Korea and target individuals connected to the Red Cross and the World Health Organization. The use of an FTP server as C&C is uncommon fo
Publish At:2017-10-05 17:05 | Read:175 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware backdoor botnet Cy

Intezer researchers link CCleaner hack to Chinese APT17 hackers

Researchers from security firm Intezer speculate that the attack was powered by nation-state actor, likely the Chinese APT17 group. Security experts continue to investigate the recent attack against the supply chain of the popular software CCleaner. The hackers first compromised in July a CCleaner server, then exploited it to deliver a backdoored version of
Publish At:2017-10-04 22:40 | Read:506 | Comments:0 | Tags:APT Breaking News Hacking Malware APT17 CCleaner version 5.3

POS Malware Breach Sees Payment Cards Hit Underground Shops

News about POS malware breaches affecting two retailers hit the headlines last week, this time featuring a fast-food restaurant chain in the U.S. that operates around 3,500 locations across the country, most of which are franchised, and a popular supermarket. Both entities, like others before them, were notified of suspicious activity by a third-party servic
Publish At:2017-10-04 03:05 | Read:237 | Comments:0 | Tags:Data Protection Fraud Protection Malware Retail Threat Intel

Vxers abused legitimate VMware binary to spread Banking Trojan Distribution

Cisco researchers discovered a malware campaign abusing a legitimate VMware binary to spread a banking Trojan. The threat actor behind the campaign uses multiple methods of re-direction when infecting the victims’ machines in order to remain under the radar, it also implemented a variety of anti-analysis techniques. The malware is written in Delphi, a novelt
Publish At:2017-10-01 20:55 | Read:152 | Comments:0 | Tags:Breaking News Cyber Crime banking trojan Cybercrime malware

60% of institutions in Saudi Arabia hit by malware-based attacks

According to Kaspersky Lab, sixty percent of institutions in Saudi Arabia have experienced malware-based attacks over the past 12 months. Malware continues to be one of the most dangerous threats for organizations worldwide, and data recently disclosed by security firms. According to Kaspersky Lab, Saudi Arabia is under a constant malware-based attack, the e
Publish At:2017-10-01 20:55 | Read:179 | Comments:0 | Tags:Breaking News Cyber Crime Cyber warfare Hacking APT malware

Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs
Publish At:2017-09-30 07:30 | Read:216 | Comments:0 | Tags:Breaking News Hacking Malware backdoor fake plugin Wordpress

DNA virus brings malware full circle

In what sounds like a science fiction story, scientists have successfully infected a computer using a virus encoded in DNA. The experiment was designed to prove that DNA could be used to successfully infect computers in the future. During the test, engineers created an artificial strand of DNA and “programmed” malicious code inside it. The strand was then in
Publish At:2017-09-29 04:10 | Read:95 | Comments:0 | Tags:Malware Mobile News Antivirus cybersecurity Virus

‘Illusion Gap’ attack method bypasses Windows Defender and executes malware

Researchers have developed an attack method dubbed Illusion Gap for bypassing Windows Defender that will allow avoiding antivirus detection. Researchers from security firm CyberArk have devised a new technique dubbed ‘Illusion Gap’ that allows attackers to bypass Windows Defender. The technique leverages on the fact that Windows Defender detectio
Publish At:2017-09-28 18:25 | Read:80 | Comments:0 | Tags:Breaking News Hacking Illusion Gap malware Windows Defender

Experts analyzed an Advanced ‘all in memory’ CryptoWorm

The popular security expert Marco Ramilli shared the analysis of a cryptoworm having significant capabilities, enjoy the report! Introduction. Today I want to share a nice Malware analysis having an interesting flow. The “interesting” adjective comes from the abilities the given sample owns. Capabilities of exploiting, hard obfuscations and usage
Publish At:2017-09-27 23:55 | Read:194 | Comments:0 | Tags:Breaking News Cyber Crime Malware cryptoworm Cybercrime Hack

What Do Recent Attacks Mean for OT Network Security?

Security management can be proactive or reactive depending on each organization’s risk appetite. When attacks are made public, things change, and learning from threats becomes a requirement for both C-suite members and security leaders. WannaCry, NotPetya and Industroyer are some of the most recently analyzed malware pieces. Apart from corporate networ
Publish At:2017-09-27 22:46 | Read:161 | Comments:0 | Tags:Endpoint Energy & Utility Incident Response Network Critical


Share high-quality web security related articles with you:)


Tag Cloud