Tag: detection
-
New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems.”Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls),” Zscaler ThreatLabz researcher Muhammed Irfan V…
-
Das gehört in Ihr Security-Toolset
Tags: access, ai, antivirus, authentication, backup, breach, business, cloud, compliance, control, cyberattack, cybersecurity, data, data-breach, defense, detection, edr, firewall, gartner, governance, iam, identity, incident response, intelligence, iot, malware, mfa, ml, mobile, network, password, ransomware, risk, saas, service, software, spyware, threat, tool, update, vulnerability, vulnerability-managementLesen Sie, welche Werkzeuge essenziell sind, um Unternehmen gegen Cybergefahren abzusichern.Sicherheitsentscheider sind mit einer sich kontinuierlich verändernden Bedrohungslandschaft, einem zunehmend strengeren, regulatorischen Umfeld und immer komplexeren IT-Infrastrukturen konfrontiert. Auch deshalb wird die Qualität ihrer Sicherheits-Toolsets immer wichtiger.Das Problem ist nur, dass die Bandbreite der heute verfügbaren Cybersecurity-Lösungen überwältigend ist. Für zusätzliche Verwirrung sorgen dabei nicht…
-
Sliver Framework Customized Enhances Evasion and Bypasses EDR Detection
The Sliver Command & Control (C2) framework, an open-source tool written in Go, has been a popular choice for offensive security practitioners since its release in 2020. However, as detection mechanisms evolve, out-of-the-box Sliver payloads are increasingly flagged by Endpoint Detection and Response (EDR) solutions. Recent research demonstrates how minor yet strategic modifications to the…
-
ReliaQuest Closes $500M Round to Boost Agentic AI Security
Security Operations Firm Gets $3.4B Valuation, Expands AI Threat Detection Platform. Security operations firm ReliaQuest announced more than $500 million in funding led by EQT, valuing the company at $3.4 billion. The investment will expand its GreyMatter platform and advance Agentic AI to speed threat response and reduce operational burdens on security teams. First seen…
-
HijackLoader Evolves with New Modules for Stealth and Malware Analysis Evasion
HijackLoader, a malware loader first identified in 2023, has undergone significant evolution with the addition of new modules designed to enhance its stealth capabilities and evade malware analysis environments. Recent research by Zscaler ThreatLabz reveals that these updates include advanced techniques such as call stack spoofing, virtual machine (VM) detection, and persistence mechanisms, marking a…
-
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.”Its scalable, First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html
-
Trend Micro Open Sources AI Tool Cybertron
The cybersecurity artificial intelligence (AI) model and agent will help organizations improve threat detection and incident response. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/trend-micro-cybertron-open-source-ai
-
New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
Are your security tokens truly secure?Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here. By implementing Reflectiz’s recommendations, the…
-
Infostealer malware poses potent threat despite recent takedowns
How CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Hiding WordPress malware in the mu-plugins directory to avoid detection
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
-
Privacy Roundup: Week 13 of Year 2025
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Weaponized Zoom Installer Used by Hackers to Gain RDP Access and Deploy BlackSuit Ransomware
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors utilized a trojanized Zoom installer to infiltrate systems, gain remote desktop protocol (RDP) access, and ultimately deploy the BlackSuit ransomware. The operation demonstrates a highly coordinated, multi-stage malware delivery chain designed to evade detection and maximize impact. Multi-Stage Malware Deployment The attack began with…
-
Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack Steal Data
Konni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant cybersecurity threat, leveraging Windows Explorer limitations to execute multi-stage attacks. This malware employs a combination of batch files, PowerShell scripts, and VBScript to infiltrate systems, exfiltrate sensitive data, and maintain persistence. Its ability to evade detection through obfuscation and stealth makes…
-
CoffeeLoader uses a GPU-based packer to evade detection
CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spoofing, sleep obfuscation, and…
-
Hackers Distributing Phishing Malware Via SVG Format To Bypass File Detection
Cybersecurity experts at the AhnLab Security Intelligence Center (ASEC) have uncovered a novel phishing malware distribution method leveraging the Scalable Vector Graphics (SVG) file format to bypass detection mechanisms. SVG, an XML-based vector image format widely used for icons, logos, charts, and graphs, enables the embedding of CSS and JavaScript scripts. However, attackers are now…
-
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/31/cisa-reveals-new-malware-variant-used-on-compromised-ivanti-connect-secure-devices/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
Tags: android, detection, framework, Hardware, international, malware, marketplace, microsoft, ransomware, serviceSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Raspberry Robin: Copy…
-
Babuk Locker 2.0 vs Seceon Platform: MITRE ATTCK Mapping and Early-Stage Detection Remediation
Overview of Babuk Locker 2.0 Babuk Locker 2.0 is a ransomware strain that employs double extortion, where attackers encrypt victim files and exfiltrate sensitive data for ransom. It targets organizations by exploiting RDP vulnerabilities, unpatched systems, weak credentials, and phishing attacks. MITRE ATT&CK Mapping of Babuk Locker 2.0 & Seceon’s Early Detection & Remediation MITRE…
-
Malware in Lisp? Now you’re just being cruel
Miscreants warming to Delphi, Haskell, and the like to evade detection First seen on theregister.com Jump to article: www.theregister.com/2025/03/29/malware_obscure_languages/
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
aiSIEM-Cguard: Revolutionizing Cybersecurity with AI-Powered Threat Detection
In today’s evolving digital landscape, cyber threats are becoming increasingly sophisticated, targeting organizations of all sizes. Traditional security measures struggle to keep up with the sheer volume and complexity of modern cyberattacks. To counter these challenges, businesses need a proactive, AI-driven security solution that offers real-time threat detection, automated responses, and comprehensive security analytics. Seceon’s…
-
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to download and execute secondary payloads.The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. “The purpose of the malware is to download and execute second-stage payloads while evading First seen on thehackernews.com Jump…
-
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
Microsoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-malware-microsoft-net-maui/
-
OT-Sicherheit ohne Beeinträchtigung der Systemstabilität
TXOne Networks, ein führendes Unternehmen im Bereich der Sicherheit von Cyber-Physical Systems (CPS), hat die Version 3.2 seiner Stellar-Endpunktlösung veröffentlicht, um seine Fähigkeiten, vom Endpunktschutz bis hin zu umfassenderen Erkennungs- und Reaktionsmöglichkeiten in OT-Umgebungen (Operational-Technology), auszubauen. Stellar vereinfacht die Suche nach und Erkennung von Bedrohungen und überwindet gleichzeitig die Einschränkungen herkömmlicher IT-Lösungen für Endpoint-Detection and…
-
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used…
-
Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection
The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation lies in its exploitation of Rich Communication Services (RCS) and Apple’s iMessage protocol to circumvent…
-
Advanced CoffeeLoader Malware Evades Security to Deliver Rhadamanthys Shellcode
Security researchers at Zscaler ThreatLabz have identified a new sophisticated malware family called CoffeeLoader, which emerged around September 2024. This advanced loader employs numerous techniques to bypass security solutions and evade detection while delivering second-stage payloads, particularly the Rhadamanthys stealer. CoffeeLoader utilizes a specialized packer named Armoury that leverages the GPU to execute code, hindering…