Malware

Emerging Rust Malware Uses PowerShell to Evade UAC and Steal Data

Jun 24, 2024 By Foresiet In Foresiet

A new Rust-based information-stealing malware named Fickle Stealer has been identified, using multiple attack vectors to compromise systems and extract sensitive information. According to Fortinet FortiGuard Labs, Fickle Stealer is being distributed through four different methods: VBA dropper, VBA downloader, link downloader, and executable downloader. Some of these methods employ a PowerShell script to bypass User Account Control (UAC) and execute the malware.

Read Post

Foresiet

Read more about Emerging Rust Malware Uses PowerShell to Evade UAC and Steal Data

Novel Technique Combination Used In IDATLOADER Distribution

Jun 24, 2024 By Kroll In Kroll

Kroll’s Managed Detection and Response (MDR) team responded to an incident in which suspected malware was exhibiting strange download behavior. After successfully containing and resolving the incident, Kroll’s Cyber Threat Intelligence (CTI) team investigated further.

Read Post

Kroll

Read more about Novel Technique Combination Used In IDATLOADER Distribution

Deep Dive into Application Security: Understanding Firewalls, Malware, and APIs

Jun 21, 2024 By Cloudflare In Cloudflare

In this week’s episode, we explore how Cloudflare handles application security, current trends, vulnerabilities, and future expectations. Host João Tomé is joined by Michael Tremante, Director of Product from our Application Security team. We discuss the evolution of application security and its increasing relevance today. We also go into specific use cases, covering firewall security, malware, supply chain risks, and the critical task of monitoring various vulnerabilities, including zero-day threats.

View Video

Cloudflare

Read more about Deep Dive into Application Security: Understanding Firewalls, Malware, and APIs

Evaluating dependence on NVD

Jun 20, 2024 By Ben Edwards In BitSight

As I mentioned at the beginning of this year, I am trying to do a monthly blog post on what might be termed “Major Security Events”. In particular this year, I’ve written about the Ivanti meltdown, Lockbit ransomware, and the xz backdoor. These events usually emerge cacophonously and suddenly into the cybersecurity landscape, and generally get everyone’s attention “real quick”.

Read Post

BitSight

Read more about Evaluating dependence on NVD

Qilin Ransomware: What You Need To Know

Jun 20, 2024 By Graham Cluley In Tripwire

Qilin (also known as Agenda) is a ransomware-as-a-service criminal operation that works with affiliates, encrypting and exfiltrating the data of hacked organisations and then demanding a ransom be paid.

Read Post

Tripwire

Read more about Qilin Ransomware: What You Need To Know

Destructive Malware: Threat Detection and Incident Response

Jun 20, 2024 By The Graylog Team In Graylog

Imagine that you have a snack you want to eat while watching a movie on a Friday night. You look in your kitchen, only to find the snack missing. Whether a roommate hid the snack or ate it, you no longer have access to it, disrupting your evening plans. This destructive behavior interrupts your weekend objectives, but it’s pretty low stakes overall.

Read Post

Graylog

Read more about Destructive Malware: Threat Detection and Incident Response

Why Manufacturers are in the Crosshairs of Threat Actors

Jun 19, 2024 By Chris Jacob, Vice President, Threat Intelligence Engineering In ThreatQuotient

In today's modern digitised environment, the manufacturing industry faces multiple interwoven challenges that can have a serious impact on their overall performance and sustainability. These challenges include supply chain disruptions, with events such as natural disasters, geopolitical issues, and pandemics disrupting the global supply chain, affecting the timely delivery of raw materials and components. These disruptions put pressure on manufacturing organisations to better plan for potential supply chain uncertainty, while responding quickly to changes in customer demand, and also trying to keep costs low.

Read Post

ThreatQuotient

Read more about Why Manufacturers are in the Crosshairs of Threat Actors

Endpoint malware detection rises by 75%

Jun 19, 2024 By The Editor In WatchGuard

Cybersecurity continues to be unfinished business for many companies. In a context where digitalization reigns in almost all areas, cybercriminals have more and more resources to draw on and continue to threaten the cybersecurity of millions of organizations. To guide companies and industry professionals through the ever-changing habits of malware, WatchGuard has released a new edition of our Internet Security Report (ISR).

Read Post

WatchGuard

Read more about Endpoint malware detection rises by 75%

LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations

Jun 19, 2024 By Fernando Dominguez In LevelBlue

LevelBlue Labs recently discovered a new highly evasive loader that is being delivered to specific targets through phishing attachments. A loader is a type of malware used to load second-stage payload malware onto a victim’s system. Due to the lack of previous samples observed in the wild, LevelBlue Labs has named this malware “SquidLoader,” given its clear efforts at decoy and evasion.

Read Post

LevelBlue

Read more about LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations

Rubrik Announces Integration With Microsoft Information Protection (MIP) Sensitivity Labels

Jun 18, 2024 By Filip Verloy In Rubrik

We are excited to announce that Rubrik DSPM now supports Microsoft Information Protection (MIP) sensitivity labels. This integration helps our joint customers to better track and secure files with sensitive data – both within and outside of Microsoft environments. MIP labels are used by organizations to map sensitive data within their Microsoft environment, control access to that data, and enable protection settings such as encryption.

Read Post