company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Bulk IP/Domain Lookup

Threatspy

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO/CTO

DevOps Engineer

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Windows

OOB

OneDrive

loading..
loading..
loading..

OneDrive crashes fixed with out-of-band updates by Microsoft

Microsoft addresses OneDrive crashes following the installation of new Windows 10 updates with out-of-band updates…

30-Oct-2022
2 min read

Related Articles

loading..

Lua Bytecode

New RedLine Stealer variant uses Lua bytecode to disguise itself within game che...

The resurgence of [RedLine Stealer](https://www.secureblink.com/cyber-security-news/redline-stealer-malware-responsible-for-stealing-majority-of-the-credentials) presents a grave threat to the online security of unsuspecting users, particularly gamers. This cunning malware employs a deceitful tactic, shrewdly camouflaging itself as coveted game cheats. Lured by the prospect of gaining an illicit advantage in their favorite games, gamers are more susceptible to downloading the malware, unwittingly compromising their systems. This manipulative strategy underscores the need for heightened vigilance within the gaming community. Gamers must exercise sound judgment and resist the allure of these deceptive game cheats, for the potential consequences far outweigh any perceived benefits. #### What's that Stealthy Weapon: Lua Bytecode & Command-and-Control Servers To further complicate detection and thwart security measures, the new [RedLine Stealer](https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer) variant craftily leverages Lua bytecode. Yes!!! A lightweight scripting language often employed for game development as discovered by [McAfee Labs](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/). By incorporating Lua bytecode, the malware can potentially bypass conventional antivirus software designed to identify malicious code patterns. ![chart.webp](https://sb-cms.s3.ap-south-1.amazonaws.com/chart_219fbd286d.webp) ***infection chain*** This technical proficiency highlights the evolving nature of cyber threats, demanding the continuous development of robust security solutions that can effectively counter these increasingly sophisticated tactics. In its nefarious quest to pilfer sensitive data, the malware establishes a clandestine communication channel with a command-and-control (C2) server. This server acts as the malware's central hub, orchestrating its actions and relaying stolen information back to the attackers. The identification of a C2 server previously associated with prior RedLine Stealer campaigns strengthens the attribution of this new variant to the same malicious actors. Dismantling these C2 servers is paramount in disrupting the malware's operations and mitigating the risks it poses. #### Malicious Payload of RedLine Stealer RedLine Stealer's capacity to inflict harm extends far beyond mere game-related advantages. This malware possesses a formidable arsenal, designed to pilfer a comprehensive range of sensitive data, including: - **Login credentials:** usernames and passwords, forming the first line of defense for many online accounts. Their compromise can grant unauthorized access to a plethora of sensitive information and services. - **Saved credit card information:** Financial data is a prime target for cybercriminals. Stealing credit card details empowers them to make fraudulent purchases, incurring financial losses for the victims. - **Cryptocurrency wallet data:** The burgeoning realm of cryptocurrency has not escaped the attention of cybercriminals. RedLine Stealer can target cryptocurrency wallets, draining virtual assets from unsuspecting users. - **System and browser information:** Information about a user's system and browsing habits can be exploited for further malicious activities. It can be used to launch targeted attacks, personalize phishing scams, or even sold on the dark web. The sheer volume and sensitivity of the data targeted by RedLine Stealer underscore the severity of the threat it poses. Stringent security measures are essential to safeguard against this malware and its ilk. #### Essential Strategies to Combat RedLine Stealer The [Threatfeed](https://www.secureblink.com/cyber-security-news) emphasizes the importance of fortifying defenses against the RedLine Stealer menace, especially how they have crippled the [2K Games Support System](https://www.secureblink.com/cyber-security-news/2-k-game-support-system-exploited-to-circulate-redline-malware) to circulate malware. Here, we expound upon some critical strategies that can be incorporated into a robust security posture: - **1️⃣Scrutinize Game Cheats with a Critical Eye** Gamers must cultivate a healthy dose of skepticism towards game cheats. If an offer appears too enticing to be true, it most likely is. Refrain from downloading game cheats or cracks from untrusted sources. Legitimate game publishers rarely, if ever, endorse or distribute third-party cheats. Opting for official channels and reputable sources is paramount for safeguarding your system. - **2️⃣The Power of Robust Security Software** Employ a dependable antivirus and anti-malware solution, and ensure it remains up-to-date. These security applications function as the gatekeepers of your system, meticulously scanning for and neutralizing potential threats. Regularly updating them furnishes them with the latest threat signatures and bolsters their ability to effectively combat emerging malware variants. - **3️⃣Navigating the Digital Landscape with Caution** Approach emails and downloads with a critical eye, particularly those originating from unknown senders or sources. Phishing emails often masquerade as legitimate communications, attempting to trick recipients into clicking on malicious links or downloading malware attachments. Always exercise caution and verify the sender's legitimacy before engaging with any email content. - **4️⃣An Undeniable Strength For Unique Passwords** The utilization of strong, unique passwords for each online account is an essential security practice. Refrain from the temptation to reuse passwords across multiple platforms. A data breach on one site can then provide cybercriminals with a master key to unlock your other accounts. Consider employing a password manager Malware continually evolves, incorporating new techniques and strategies to outpace security defenses. Consequently, individuals and organizations alike must maintain a proactive stance towards online security. This vigilance entails embracing best practices, nurturing a sense of digital skepticism, and investing in robust security solutions.

loading..   22-Apr-2024
loading..   5 min read
loading..

APT44

Russian state-backed hackers, Sandworm, are targeting water utilities. Learn how...

APT44, also known as Sandworm, poses an alarming and dynamic threat, particularly highlighted in the context of Russia's ongoing invasion of Ukraine. Mandiant's research underscores the group's adaptability, operational maturity, and integration with Russia’s military objectives. Notably, APT44's activities extend beyond Ukraine, impacting global political, military, and economic landscapes, with a heightened concern during national elections due to its history of interference. ## Tactical Evolution Sandworm's evolution is marked by its transition from disruptive cyber sabotage to intelligence collection, aligning closely with Russia's military campaign objectives. This strategic shift emphasizes APT44's role in providing battlefield advantages to Russian forces, exemplified by its efforts in exfiltrating communications from captured mobile devices. APT44's multifaceted approach underscores its pivotal role in shaping and supporting Russia's military endeavors. ## Operational Scope APT44's operations span a spectrum of activities, ranging from espionage to influence operations, underpinned by its sponsorship by Russian military intelligence. Notably, the group's actions extend beyond traditional military targets to encompass broader national interests, including political signaling and crisis responses. APT44's involvement in consequential cyber attacks, such as disruptions to Ukraine's energy grid and the global NotPetya attack, underscores its significant impact on geopolitical dynamics. ## Threat Landscape The persistent and high-severity threat posed by APT44 extends globally, targeting governments and critical infrastructure operators where Russian interests converge. Moreover, APT44's actions contribute to a proliferation risk, as its disruptive capabilities may inspire emulation by other state and non-state actors. Mandiant's assessment underscores the urgent need for enhanced cybersecurity measures to counter APT44's sophisticated tactics and mitigate potential fallout. ## Future Outlook Looking ahead, APT44 is poised to remain a formidable cyber threat, with a continued focus on Ukraine amid Russia's ongoing war. However, the group's adaptability and expansive mandate suggest potential shifts in operational priorities, influenced by changing geopolitical dynamics and emerging issues. Mandiant's analysis underscores the imperative for proactive measures to safeguard against APT44's multifaceted cyber activities, particularly during significant political events and elections worldwide. ## Community Protection Measures In response to the APT44 threat, collaborative efforts are essential to protect communities and critical infrastructure. Google's Threat Analysis Group (TAG) and Mandiant play crucial roles in identifying and mitigating APT44's activities. Through initiatives like the Victim Notification Program and the release of threat intelligence, proactive steps are taken to raise awareness and enhance cybersecurity resilience.

loading..   18-Apr-2024
loading..   3 min read
loading..

steganography

Beware! Hackers are now hiding malware in images using steganography. Learn how ...

TA558, a threat actor known for its sophisticated tactics, has recently been observed actively leveraging steganography to conceal malware payloads within images and text files. This technique, termed SteganoAmor, has facilitated the delivery of various malware strains including Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm. These attacks primarily target sectors such as industrial, services, public, electric power, and construction in Latin American countries, with some incidents reported in Russia, Romania, and Turkey. #### Steganography: A Stealthy Approach Steganography serves as a covert means to embed malicious payloads within seemingly innocuous files, such as images and text documents. [TA558](https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel) as originally described leverages steganography extensively, embedding VBSs, PowerShell code, and RTF documents with exploits into these files. By concealing malware within seemingly benign content, attackers evade detection by traditional security measures, facilitating wide-scale infiltration. #### Attack Vector and Malware Delivery Phishing remains a prominent vector for malware delivery, with TA558 employing tactics to exploit [CVE-2017-11882](https://nvd.nist.gov/vuln/detail/cve-2017-11882) in Microsoft Excel to download initial payloads. These payloads, often Visual Basic Scripts, fetch subsequent malware components from external sources. Notably, the use of legitimate but compromised SMTP servers lends credibility to phishing emails, enhancing their effectiveness in bypassing email gateways. #### Malware Functionality The malware payloads delivered by TA558 cater to a spectrum of malicious activities, including remote access, data theft, and secondary payload delivery. [Agent Tesla](https://www.proofpoint.com/us/blog/threat-insight/reservations-requested-ta558-targets-hospitality-and-travel), FormBook, [GuLoader](https://www.secureblink.com/cyber-security-news/guloader-s-latest-obfuscation-tactics-escalate-malware-analysis-complexity), LokiBot, Remcos RAT, Snake Keylogger, and XWorm are among the arsenal employed. These tools enable attackers to compromise systems, exfiltrate sensitive data, and establish footholds for further exploitation. #### LazyStealer: A Case Study in Credential Theft In addition to steganography-based attacks, TA558 has deployed LazyStealer, a primitive yet effective credential stealer. LazyStealer exhibits unsophisticated techniques, relying on PyInstaller, Pyarmor, and Cython to obfuscate its code and evade detection. By targeting Google Chrome credentials and forwarding stolen data to Telegram, LazyStealer underscores the threat posed by even rudimentary malware tools. #### Attribution and Victimology Positive Technologies' [analysis](https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/steganoamor-campaign-ta558-mass-attacking-companies-and-public-institutions-all-around-the-world/) links Lazy Koala, the actor behind LazyStealer, to TA558. Lazy Koala targets governmental, financial, medical, and educational institutions across Russia, Belarus, Kazakhstan, Tajikistan, Kyrgyzstan, Armenia, and Uzbekistan. The group's tactics, techniques, and procedures (TTPs) bear resemblance to those of YoroTrooper, as evidenced by similar toolsets and victim profiles. #### Key Takeaways and Recommendations The TA558 campaign underscores the efficacy of leveraging unsophisticated tools and tactics in cyberattacks. While sophisticated malware garners attention, attackers often achieve success through simplicity and stealth. Organizations must prioritize security measures to detect and mitigate threats like steganography-based attacks and credential stealers. Proactive defense strategies, including robust email filtering, endpoint protection, and user education, are essential in combating evolving cyber threats.

loading..   18-Apr-2024
loading..   3 min read
Company Logo
logo

Secure Blink automates the application and API security testing for developers and security teams, helping them to rapidly identify and mitigate vulnerabilities more effectively than they can today.

Find Us Online

Facebook Logo
Twitter Logo
LinkedIn Logo
Telegram Logo
YouTube Logo
contact@secureblink.com

This website uses cookies to ensure you get the best experience on our website. By continuing on our website, you consent to our use of cookies. To find out more about how we use cookies, please see our Cookies Policy.

contact@secureblink.com

@ Copyright 2024 Secure Blink. All rights reserved.

4th Floor, Plot No- 7-10 Sector 126, Noida, UP -201303