PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Security Feeds

NEW TOOLS

Fud 100% services packages ready for sales

We offer a monthly Crypter service to make your files undetectable encrypted! this is how it works: You zip the files you want to encrypt and send them to our email cybersec@cybeseclabs.com then we will encrypt and make your files/file fud 100% (undetectable by any antivirus) and send them back to your email! We offer 3 packages: Standard Prenium Ultimate All those packages offer some unique futures to encrypt your file!  

Windows10

Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

APTAPT reportsCyber espionageFeaturedMalware DescriptionsSecurity FeedsTargeted Attacks

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

Executive Summary Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation. This malware has previously been associated with an APT actor that Symantec calls Chafer. The malware can exfiltrate keystrokes, screenshots, browser-related data like cookies and history, decrypted when possible. The attackers rely heavily on Microsoft…

Browser PluginsJavaScriptSecurity FeedsSpoofing

Razy in search of cryptocurrency

Last year, we discovered malware that installs a malicious browser extension on its victim’s computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the malicious program as Trojan.Win32.Razy.gen – an executable file that spreads via advertising blocks on websites and is distributed from free file-hosting services under the guise of legitimate software. Razy serves several purposes, mostly related to the theft of cryptocurrency. Its…

APTAPT reportsCyber espionageIndustrial threatsSecurity FeedsSofacySpear PhishingTargeted AttacksVulnerabilities and exploits

GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has been detected attacking industrial and ICS targets, mainly in Ukraine. Kaspersky Lab ICS CERT has identified an overlap between GreyEnergy and a Sofacy subset called “Zebrocy”. The…

APTAPT reportsDropperFeaturedMalware DescriptionsSecurity FeedsSofacySpear PhishingTargeted Attacks

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, “Masha and these Bears” included discussion of a subset of Sofacy activity and malware that we call “Zebrocy”, and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was initially introduced as a Sofacy backdoor package in 2015, but the Zebrocy cluster has carved a new approach to malware development and delivery to the world of Sofacy. In line with this approach, we will present more on this…

Security conferenceSecurity Feeds

The world’s southernmost security conference

When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they attract people who really seek knowledge, both to receive and to share it. In November I had the privilege of participating in a conference that can rightfully be labelled the world’s southernmost. It…

connected carInternet of ThingsSecurity FeedsWi-Fi

Remotely controlled EV home chargers – the threats and vulnerabilities

We are now seeing signs of a possible shift in the field of personal transport. Recent events such as the ‘dieselgate’ scandal undermine customer and government confidence in combustion engines and their environmental safety. At the same time there has been a big step forward in the development of electric vehicles. In addition to favorable media coverage, modern EVs have evolved a lot in terms of battery endurance, driving speeds and interior and exterior design. To stimulate growth in the personal EV segment some…

APTFeaturedMicrosoft WindowsProof-of-ConceptSecurity FeedsTargeted AttacksZero-day vulnerabilities

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Executive summary In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8611. Microsoft just released a patch, part of its December update, crediting Kaspersky Lab researchers Boris Larin (Oct0xor) and Igor Soumenkov (2igosha) with the discovery. This is the third consecutive exploited Local…

Featuredfileless malwareFinancial malwareSecurity FeedsSecurity PoliciesTargeted Attacks

DarkVishnya: Banks attacked through direct connection to local network

While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network. In some cases, it was…

APTAPT reportsIndustrial threatsLazarusNation State Sponsored EspionageOlympic DestroyerSecurity FeedsSofacyTargeted AttacksTurla

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it’s never possible to really understand the motivations of some attacks or the developments behind them. Still, with the benefit of hindsight, let’s try to approach the problem from different angles to get a better understanding of what went on. On big actors There are a few ‘traditional’ actors that are very…