Tag: detection
-
Sliver Framework Customized Enhances Evasion and Bypasses EDR Detection
by
in SecurityNewsThe Sliver Command & Control (C2) framework, an open-source tool written in Go, has been a popular choice for offensive security practitioners since its release in 2020. However, as detection mechanisms evolve, out-of-the-box Sliver payloads are increasingly flagged by Endpoint Detection and Response (EDR) solutions. Recent research demonstrates how minor yet strategic modifications to the…
-
ReliaQuest Closes $500M Round to Boost Agentic AI Security
by
in SecurityNewsSecurity Operations Firm Gets $3.4B Valuation, Expands AI Threat Detection Platform. Security operations firm ReliaQuest announced more than $500 million in funding led by EQT, valuing the company at $3.4 billion. The investment will expand its GreyMatter platform and advance Agentic AI to speed threat response and reduce operational burdens on security teams. First seen…
-
HijackLoader Evolves with New Modules for Stealth and Malware Analysis Evasion
by
in SecurityNewsHijackLoader, a malware loader first identified in 2023, has undergone significant evolution with the addition of new modules designed to enhance its stealth capabilities and evade malware analysis environments. Recent research by Zscaler ThreatLabz reveals that these updates include advanced techniques such as call stack spoofing, virtual machine (VM) detection, and persistence mechanisms, marking a…
-
Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android.Lucid’s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms.”Its scalable, First seen on thehackernews.com Jump to article: thehackernews.com/2025/04/lucid-phaas-hits-169-targets-in-88.html
-
Trend Micro Open Sources AI Tool Cybertron
by
in SecurityNewsThe cybersecurity artificial intelligence (AI) model and agent will help organizations improve threat detection and incident response. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/trend-micro-cybertron-open-source-ai
-
New Case Study: Global Retailer Overshares CSRF Tokens with Facebook
by
in SecurityNewsAre your security tokens truly secure?Explore how Reflectiz helped a giant retailer to expose a Facebook pixel that was covertly tracking sensitive CSRF tokens due to human error misconfigurations. Learn about the detection process, response strategies, and steps taken to mitigate this critical issue. Download the full case study here. By implementing Reflectiz’s recommendations, the…
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
Hiding WordPress malware in the mu-plugins directory to avoid detection
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
-
Privacy Roundup: Week 13 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, application-security, breach, browser, cctv, chrome, cloud, cve, cybersecurity, data, detection, exploit, firmware, google, group, leak, linux, malware, microsoft, mobile, phishing, privacy, regulation, router, scam, service, software, technology, threat, tool, update, virus, vpn, vulnerability, zero-dayThis is a news item roundup of privacy or privacy-related news items for 23 MAR 2025 – 29 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Konni RAT Exploit Windows Explorer Limitations To Launches a Multi-Stage Attack Steal Data
by
in SecurityNewsKonni RAT, a highly advanced Remote Access Trojan (RAT), has emerged as a significant cybersecurity threat, leveraging Windows Explorer limitations to execute multi-stage attacks. This malware employs a combination of batch files, PowerShell scripts, and VBScript to infiltrate systems, exfiltrate sensitive data, and maintain persistence. Its ability to evade detection through obfuscation and stealth makes…
-
Weaponized Zoom Installer Used by Hackers to Gain RDP Access and Deploy BlackSuit Ransomware
by
in SecurityNewsCybersecurity researchers have uncovered a sophisticated attack campaign where threat actors utilized a trojanized Zoom installer to infiltrate systems, gain remote desktop protocol (RDP) access, and ultimately deploy the BlackSuit ransomware. The operation demonstrates a highly coordinated, multi-stage malware delivery chain designed to evade detection and maximize impact. Multi-Stage Malware Deployment The attack began with…
-
CoffeeLoader uses a GPU-based packer to evade detection
by
in SecurityNewsCoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spoofing, sleep obfuscation, and…
-
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
by
in SecurityNewsCISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/31/cisa-reveals-new-malware-variant-used-on-compromised-ivanti-connect-secure-devices/
-
Hackers Distributing Phishing Malware Via SVG Format To Bypass File Detection
by
in SecurityNewsCybersecurity experts at the AhnLab Security Intelligence Center (ASEC) have uncovered a novel phishing malware distribution method leveraging the Scalable Vector Graphics (SVG) file format to bypass detection mechanisms. SVG, an XML-based vector image format widely used for icons, logos, charts, and graphs, enables the embedding of CSS and JavaScript scripts. However, attackers are now…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
by
in SecurityNews
Tags: android, detection, framework, Hardware, international, malware, marketplace, microsoft, ransomware, serviceSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI Raspberry Robin: Copy…
-
Babuk Locker 2.0 vs Seceon Platform: MITRE ATTCK Mapping and Early-Stage Detection Remediation
by
in SecurityNewsOverview of Babuk Locker 2.0 Babuk Locker 2.0 is a ransomware strain that employs double extortion, where attackers encrypt victim files and exfiltrate sensitive data for ransom. It targets organizations by exploiting RDP vulnerabilities, unpatched systems, weak credentials, and phishing attacks. MITRE ATT&CK Mapping of Babuk Locker 2.0 & Seceon’s Early Detection & Remediation MITRE…
-
Malware in Lisp? Now you’re just being cruel
by
in SecurityNewsMiscreants warming to Delphi, Haskell, and the like to evade detection First seen on theregister.com Jump to article: www.theregister.com/2025/03/29/malware_obscure_languages/
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
by
in SecurityNewsCrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
aiSIEM-Cguard: Revolutionizing Cybersecurity with AI-Powered Threat Detection
by
in SecurityNewsIn today’s evolving digital landscape, cyber threats are becoming increasingly sophisticated, targeting organizations of all sizes. Traditional security measures struggle to keep up with the sheer volume and complexity of modern cyberattacks. To counter these challenges, businesses need a proactive, AI-driven security solution that offers real-time threat detection, automated responses, and comprehensive security analytics. Seceon’s…
-
Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands
by
in SecurityNewsCybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed >>Morphing Meerkat,
-
CoffeeLoader Uses GPU-Based Armoury Packer to Evade EDR and Antivirus Detection
by
in SecurityNewsCybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that’s designed to download and execute secondary payloads.The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader. “The purpose of the malware is to download and execute second-stage payloads while evading First seen on thehackernews.com Jump…
-
Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection
Microsoft’s .NET MAUI lets developers build cross-platform apps in C#, but its use of binary blob files poses new risks by bypassing Android’s DEX-based security checks. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-malware-microsoft-net-maui/
-
OT-Sicherheit ohne Beeinträchtigung der Systemstabilität
by
in SecurityNewsTXOne Networks, ein führendes Unternehmen im Bereich der Sicherheit von Cyber-Physical Systems (CPS), hat die Version 3.2 seiner Stellar-Endpunktlösung veröffentlicht, um seine Fähigkeiten, vom Endpunktschutz bis hin zu umfassenderen Erkennungs- und Reaktionsmöglichkeiten in OT-Umgebungen (Operational-Technology), auszubauen. Stellar vereinfacht die Suche nach und Erkennung von Bedrohungen und überwindet gleichzeitig die Einschränkungen herkömmlicher IT-Lösungen für Endpoint-Detection and…
-
Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks
by
in SecurityNewsA new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play.The connection stems from the use of a custom tool that’s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used…
-
Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection
by
in SecurityNewsThe cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation lies in its exploitation of Rich Communication Services (RCS) and Apple’s iMessage protocol to circumvent…
-
Advanced CoffeeLoader Malware Evades Security to Deliver Rhadamanthys Shellcode
by
in SecurityNewsSecurity researchers at Zscaler ThreatLabz have identified a new sophisticated malware family called CoffeeLoader, which emerged around September 2024. This advanced loader employs numerous techniques to bypass security solutions and evade detection while delivering second-stage payloads, particularly the Rhadamanthys stealer. CoffeeLoader utilizes a specialized packer named Armoury that leverages the GPU to execute code, hindering…
-
Die 10 häufigsten IT-Sicherheitsfehler
by
in SecurityNewsVon ungepatchten Sicherheitslücken bis hin zu unzureichenden Backups: Lesen Sie, wie sich die häufigsten IT-Sicherheitsfehler vermeiden lassen. Verschlüsselte Dateien und eine Textdatei mit einer Erpresser-Nachricht zeigen klar und deutlich: Ein Unternehmen ist einer Cyberattacke zum Opfer gefallen. Dabei ist das nur das Ende einer langen Angriffskette. Die Tätergruppe bewegt sich oft seit mehreren Wochen oder Monaten…
-
CoffeeLoader: A Brew of Stealthy Techniques
by
in SecurityNewsIntroductionZscaler ThreatLabz has identified a new sophisticated malware family that we named CoffeeLoader, which originated around September 2024. The purpose of the malware is to download and execute second-stage payloads while evading detection by endpoint-based security products. The malware uses numerous techniques to bypass security solutions, including a specialized packer that utilizes the GPU, call…
-
Malicious Android Apps Evade Detection: McAfee
by
in SecurityNewsCybersecurity Firm Finds Rash of Apps Coded With Microsoft .NET MAUI. Cybercriminals are using a Microsoft cross-platform app development framework to create Android malware that bypasses security measures, evades detection and steals user data. Malicious apps spotted by McAfee researchers aren’t traditional Android malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/malicious-android-apps-evade-detection-mcafee-a-27836