Security Affairs newsletter Round 310

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Is the recent accident at Iran Natanz nuclear plant a cyber attack? Joker malware infected 538,000 Huawei Android devices Personal data of 1.3 million Clubhouse users leaked online Fitch Ratings: […]

Continue Reading

Decoding Cobalt Strike Traffic, (Sun, Apr 18th)

In diary entry "Example of Cleartext Cobalt Strike Traffic (Thanks Brad)" I share a capture file I found with unencrypted Cobalt Strike traffic. The traffic is unencrypted since the malicious actors used a trial version of Cobalt Strike. This weekend I carried on with the analysis of that traffic, you can see my findings in […]

Continue Reading

BazarLoader Malware: Abuses Slack and BaseCamp Clouds

  The primary feature of the BazarLoader downloader, which is written in C++, is to download and execute additional modules. BazarLoader was first discovered in the wild last April, and researchers have discovered at least six variants since then “signaling active and ongoing development”. According to researchers, the BazarLoader malware is leveraging worker trust in […]

Continue Reading

The Code Testing Company CodeCov Suffers a Data Breach Which Went Undetected for Months

  U.S. federal authorities are investigating a safety violation at Codecov, which works on selling a tool that allows developers to calculate their codebase coverage and works for more than 29,000 clients worldwide. The organization acknowledged the violation and reported that for months it remained unnoticed.  The violation impacted an unaccompanied number of customers, including […]

Continue Reading

Is BazarLoader malware linked to Trickbot operators?

Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers observed malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. The campaigns aimed at employees of large organizations, the messages attempt to trick the victims that they contain important information […]

Continue Reading

Week in review: New DNS vulnerabilities, benefits of cyber threat intelligence, FBI removes web shells

Here’s an overview of some of last week’s most interesting news, articles and podcast: New DNS vulnerabilities have the potential to impact millions of devices Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. FBI removes web shells from hacked Microsoft Exchange servers Authorities have executed a court-authorized […]

Continue Reading

Operation Overtrap – Hackers Attack Online Banking Users Via Bottle Exploit Kit & Banking Malware

Cybersecurity experts at Trend Micro have recently found a new malicious campaign, through which threat actors can trap or infect its victims with its several sophisticated payloads. This new malicious campaign is entitled as “Operation Overtrap,” and analysts have asserted that the attackers are using the three-pronged attack in this campaign. In this campaign, they […]

Continue Reading

Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model

Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before disclosing associated technical details. The Google Project Zero security team announced an update to its vulnerability disclosure policy, it could include additional 30 days to the disclosure process for some bugs to give end-users enough […]

Continue Reading