How to Build a Custom Malware Analysis Sandbox

How to Build a Custom Malware Analysis Sandbox,

Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Why do you need a malware

,

Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service.
Why do you need a malware

, ,
https://thehackernews.com/2022/03/how-to-build-custom-malware-analysis.html

Le cerveau du terrible groupe Lapsus$ serait un ado anglais qui habite chez sa maman

Le cerveau du terrible groupe Lapsus$ serait un ado anglais qui habite chez sa maman,

Ses hacks seraient tellement rapides que les chercheurs en sécurité – qui l’ont pisté – pensaient qu’ils étaient automatisés. Son identification s’est appuyée sur la divulgation d’informations faites par des hackers rivaux.

,

Ses hacks seraient tellement rapides que les chercheurs en sécurité – qui l’ont pisté – pensaient qu’ils étaient automatisés. Son identification s’est appuyée sur la divulgation d’informations faites par des hackers rivaux.

, ,
https://www.01net.com/actualites/le-cerveau-du-terrible-groupe-lapsusdollar-serait-un-ado-anglais-qui-habite-chez-sa-maman-2055634.html

Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England

Researchers Trace LAPSUS$ Cyber Attacks to 16-Year-Old Hacker from England,

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the « 

,

Authentication services provider Okta on Wednesday named Sitel as the third-party linked to a security incident experienced by the company in late January that allowed the LAPSUS$ extortion gang to remotely take over an internal account belonging to a customer support engineer.
The company added that 366 corporate customers, or about 2.5% of its customer base, may have been impacted by the « 

, ,
https://thehackernews.com/2022/03/researchers-trace-lapsus-cyber-attacks.html

Over 200 Malicious NPM Packages Caught Targeting Azure Developers

Over 200 Malicious NPM Packages Caught Targeting Azure Developers,

A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information.
« After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts

,

A new large scale supply chain attack has been observed targeting Azure developers with no less than 218 malicious NPM packages with the goal of stealing personal identifiable information.
« After manually inspecting some of these packages, it became apparent that this was a targeted attack against the entire @azure NPM scope, by an attacker that employed an automatic script to create accounts

, ,
https://thehackernews.com/2022/03/over-200-malicious-npm-packages-caught.html

Lockbit, champion incontesté des ransomwares ! Il chiffre vos données dix fois plus vite que la concurrence

Lockbit, champion incontesté des ransomwares ! Il chiffre vos données dix fois plus vite que la concurrence,

Ce logiciel malveillant peut verrouiller 17 000 fichiers par minute. C’est dix fois plus que la vitesse de chiffrement moyenne constatée au sein des rançongiciels.

,

Ce logiciel malveillant peut verrouiller 17 000 fichiers par minute. C’est dix fois plus que la vitesse de chiffrement moyenne constatée au sein des rançongiciels.

, ,
https://www.01net.com/actualites/lockbit-champion-inconteste-des-ransomwares-il-chiffre-vos-donnees-dix-fois-plus-vite-que-la-concurrence-2055628.html

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control,

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems.
Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.

,

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems.
Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system.

, ,
https://thehackernews.com/2022/03/vmware-issues-patches-for-critical.html

Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware

Chinese ‘Mustang Panda’ Hackers Spotted Deploying New ‘Hodur’ Malware

,

A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021.
« Most

,

A China-based advanced persistent threat (APT) known as Mustang Panda has been linked to an ongoing cyberespionage campaign using a previously undocumented variant of the PlugX remote access trojan on infected machines.
Slovak cybersecurity firm ESET dubbed the new version Hodur, owing to its resemblance to another PlugX (aka Korplug) variant called THOR that came to light in July 2021.
« Most

, ,
https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html

Okta : le mystère de son piratage s’éclaircit, mais des centaines de sociétés sont toujours menacées

Okta : le mystère de son piratage s’éclaircit, mais des centaines de sociétés sont toujours menacées

,

Microsoft et Okta ont confirmé le piratage qui, dans les deux cas, provient de la compromission d’un unique compte d’utilisateur. L’éditeur de Redmond minimise l’impact. Chez Okta, c’est une autre affaire.

,

Microsoft et Okta ont confirmé le piratage qui, dans les deux cas, provient de la compromission d’un unique compte d’utilisateur. L’éditeur de Redmond minimise l’impact. Chez Okta, c’est une autre affaire.

, ,
https://www.01net.com/actualites/okta-le-mystere-de-son-piratage-s-eclaircit-mais-des-centaines-de-societes-sont-toujours-menacees-2055615.html

New Variant of Chinese Gimmick Malware Targeting macOS Users

New Variant of Chinese Gimmick Malware Targeting macOS Users,

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a « feature-rich, multi-platform malware family that uses public cloud

,

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia.
Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new malware, dubbed Gimmick, a « feature-rich, multi-platform malware family that uses public cloud

, ,
https://thehackernews.com/2022/03/new-variant-of-chinese-gimmick-malware.html

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

Use This Definitive RFP Template to Effectively Evaluate XDR solutions,

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.

Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.

XDR has been referred to as the next step in the evolution of Endpoint

,

A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response.

Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions.

XDR has been referred to as the next step in the evolution of Endpoint

, ,
https://thehackernews.com/2020/07/extended-detection-response.html