22.11
Laut einer Studie bringen fast 500 der 50.000 am häufigsten besuchten Websites Software zum Einsatz, die Tastatureingaben und Mausbewegungen ihrer Nutzer aufzeichnet.
— the.Fischerman.ch
(@FischermanCH)
Laut einer Studie bringen fast 500 der 50.000 am häufigsten besuchten Websites Software zum Einsatz, die Tastatureingaben und Mausbewegungen ihrer Nutzer aufzeichnet.
— the.Fischerman.ch
(@FischermanCH)
Der chinesische Drohnenhersteller DJI startete vor kurzem ein Bug-Bounty-Programm, woraufhin sich der Sicherheitsexperte Kevin Finisterre auf die Suche nach Sicherheitslücken machte machte. Er wurde recht schnell fündig und deckte eine Schwachstelle auf, die es Angreifern erlaubte, hochsensible Kundendaten von den DJI-Servern abzugreifen. Darunter waren auch Flug-Logs von Konten, die Regierungen und Militär nahe stehen.
— the.Fischerman.ch
(@FischermanCH)
In recent weeks, Unit 42 has discovered three documents crafted to exploit the InPage program. InPage is a word processor program that supports languages such as Urdu, Persian, Pashto, and Arabic. The three InPage exploit files are linked through their use of very similar shellcode, which suggests that either the same actor is behind these attacks, or the attackers have access to a shared builder. The documents were found to drop the following malware families:
— the.Fischerman.ch
(@FischermanCH)
Recently, we observed a new version of the Clayslide delivery document used to install a new custom Trojan whose developer calls it “ALMA Communicator”. The delivery document also saved the post-exploitation credential harvesting tool known as Mimikatz, which we believe the threat actors will use to gather account credentials from the compromised system. While we do not have detailed telemetry, we have reason to believe this attack targeted an individual at a public utilities company in the Middle East.
— the.Fischerman.ch
(@FischermanCH)
Unit 42 has discovered a new malware family we’ve named “Reaver” with ties to attackers who use SunOrcal malware. SunOrcal activity has been documented to at least 2013, and based on metadata surrounding some of the C2s, may have been active as early as 2010. The new family appears to have been in the wild since late 2016 and to date we have only identified 10 unique samples, indicating it may be sparingly used. Reaver is also somewhat unique in the fact that its final payload is in the form of a Control panel item, or CPL file. To date, only 0.006% of all malware seen by Palo Alto Networks employs this technique, indicating that it is in fact fairly rare.
— the.Fischerman.ch
(@FischermanCH)