Biztonsági szemle

While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together:

The campaign heavily uses Dropbox folders and PowerShell scripts to evade detection and quickly scrapped infrastructure components after researchers began poking around.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Acquisition strengthens Deepwatch Platform capabilities with actionable insights and risk-based prioritization.

Security consultancy Quarkslab said that the flaw could allow threat actors to bypass USB lockouts.

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.

If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.

Attackers stole data from U.S. military and Lockheed Martin, Boeing and Honeywell employees for as little as $10 per computer.