Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-12-02 00:00   Operation(верность)mercenary:陷阵于东欧平原的钢铁洪流    #奇安信威胁情报中心 #威胁情报 奇安信威胁情报中心一直在对俄语威胁者以及活跃的地下论坛保持高强度的跟踪,最近我们观察到闻名全球的Conti Group在这半年内使用Exchange漏洞对风险投资公司、奢侈品企业、芯片制造业、外企合资制造业发起定向性攻击活动,这些被攻击的企业都有一个共同的特点:“富有”。除了Conti Group,我们也观察到其他俄语威胁者通过爆破主流数据库或者利用Nday漏洞的形式植入CobaltStrike或者anydesk远程控制软件,等到时机成熟后下发GlobeImposter或者Leakthemall勒索软件,我们将其命名为BruteSql Group。

2022-12-01 23:47   Vulnerability Spotlight: Lansweeper directory traversal and cross-site scripting vulnerabilities    #Talos #威胁情报 Marcin ‘Icewall’ Noga of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered several directory traversal and cross-site scripting vulnerabilities in Lansweeper.Lansweeper is an IT Asset Management solution that gathers hardware and software information of compu

2022-12-01 22:23   BlackCat    #DarkFeed #威胁情报 pro office Büro + Wohnkultur GmbH

2022-12-01 22:19   The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques    #SentinelOne Lab #威胁情报 Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

2022-12-01 22:18   LABScon Replay | The Mystery of Metador    #SentinelOne Lab #威胁情报 An elusive APT is attacking telcos, ISPs and Universities with custom backdoors and attack chains designed to bypass native security solutions.

2022-12-01 22:14   Analysis of Lazarus attack activities using recruitment information    #alienvault #威胁情报 The Lazarus group has been keeping a close eye on the financial industry, attacking it with the aim of making money. Its attack methods are complex and changeable, and judging from this attack, the malware has good anti-killing performance, detects a variety of anti-software, and it has evasion capa

2022-12-01 21:45   Black Basta    #DarkFeed #威胁情报 Panolam Surface Systems

2022-12-01 19:06   Operation(호랑이머리깃발)ShadowTiger:盘踞在佛岩山上的过林之虎    #奇安信威胁情报中心 #威胁情报 2019年奇安信威胁情报中心发布《阻击“幻影”行动:奇安信斩断东北亚APT组织“虎木槿”伸向国内重要机构的魔爪》全网首次披露东亚APT团伙“虎木槿”,奇安信内部跟踪代号APT-Q-11,在此后的数年间我们一直对其保持高强度的跟踪,该团伙在2019-2021三年间使用了多个浏览器0day漏洞,使用多种攻击手法对目标进行渗透攻击,基于奇安信大数据平台捕获到的攻击手法如下:1. 普通鱼叉邮件钓鱼2. 浏览器0day+鱼叉邮件3. 内网水坑攻击4. 内网0day横向移动

2022-12-01 19:05   Redline Stealer being Distributed via Fake Express VPN Sites    #alienvault #威胁情报 A malicious Redline Stealer is being distributed via phishing sites impersonating Express VPN websites, according to research by Cyble Research & Intelligence Labs (CRIL). Redline Stealer is one of the most prominent InfoStealer. According to the authors' blog, there has been an increase in the numb

2022-12-01 19:00   Nine Cybersecurity Predictions for 2023    #cybereason #威胁情报 In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organizations and software supply chains. The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organizations worldwide. The cyber gang Conti w

2022-12-01 18:58   Erbium Stealer Malware Report    #alienvault #威胁情报 CyFIRMA’s research team has identified and identified the Erbium stealer malware, which is being used by cyber-criminals to gather sensitive data, such as passwords, credit card numbers, and crypto wallet information. The malware is spread through several tactics, including spear-phishing, malicious

2022-12-01 18:30   Top tips to save energy used by your electronic devices    #welivesecurity(ESET) #威胁情报 With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets?The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity

2022-12-01 18:25   Fraudulent Digital Lending Android App steals sensitive data    #alienvault #威胁情报 Cyble Research & Intelligence Labs (CRIL) discovered leaked data of over 26500 Android users from India through the backend server of an Android application called LoanBee. LoanBee is a digital lending application that steals users’ sensitive data. This application was primarily hosted on Google Pl

2022-12-01 17:23   LockBit 3.0 attacks and leaks reveal wormable capabilities and tooling    #alienvault #威胁情报 LockBit 3.0 attacks and leaks reveal a number of similarities between the latest generation of the ransomware and the BlackMatter ransomware family, and how the malware has been developed. The threat actors behind this ransomware also use a package from GitHub called Backstab. As the name implies, t

2022-12-01 17:11   Cuba    #DarkFeed #威胁情报 Boss-inc