Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan. Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts Read more…
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. Read more…
‘Top 10’ malware strain, Remcos RAT, now exploiting Microsoft Excel files A new phishing campaign that exploits a high-severity bug from 2017 has been discovered in the wild spreading a new variant of the Remcos remote access trojan (RAT), which was among the Top Ten malware strains of 2021. In Read more…
Toward greater transparency: Publishing machine-readable CSAF files | MSRC Blog Welcome to the third installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is Read more…
Russian spies using remote desktop protocol files to phish • The Register Microsoft says a mass phishing campaign by Russia’s foreign intelligence services (SVR) is now in its second week, and the spies are using a novel info-gathering technique. First spotted on October 22, Microsoft said in a report published Read more…
CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities Oct 26, 2024Ravie LakshmananCyber Attack / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. “The messages exploit the appeal of integrating popular services Read more…
Dump Lsass Using Only Native APIs By Hand-Crafting Minidump Files (Without MinidumpWriteDump!) NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams). NTOpenProcessToken and NtAdjustPrivilegeToken to get Read more…
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files Aug 12, 2024Ravie LakshmananCloud Security / Malware The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains Read more…
New Attack Technique Exploits Microsoft Management Console Files Jun 25, 2024NewsroomVulnerability / Threat Detection Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Read more…
N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at Read more…