The hottest Malware Substack posts right now

And their main takeaways
Category
Top Technology Topics

The KQL Mysteries: Chapter 3

Rod’s Blog 456 implied HN points 05 Jan 24
🕹 Technology Cybersecurity Data Analysis Threat intelligence Cryptocurrency Malware
  1. Jon and Sofia's financial accounts were compromised by hackers, leading them to investigate the breach and work towards recovering the stolen funds.
  2. Through KQL queries and Microsoft Sentinel workspace, Jon and Sofia uncovered details about the malware used in the cyberattack and the group of threat actors behind it.
  3. Jon and Sofia utilized Microsoft Defender Threat Intelligence and various online resources to track the remote servers, cryptocurrency wallets, and patterns involved in the financial heist, narrowing down their search for the threat actors.

Sophisticated StripedFly Spy Platform Masqueraded for Years as Crypto Miner

Zero Day 899 implied HN points 26 Oct 23
🕹 Technology Malware Ransomware
  1. The StripedFly malware was initially thought to be a crypto miner but turned out to be a sophisticated spy platform that infected over a million victims worldwide since 2017.
  2. One unique aspect of StripedFly is the custom-coded TOR client used for communication and data transfer, which shows the attackers' high level of skill and security consciousness.
  3. StripedFly includes a ransomware component named ThunderCrypt, raising questions about the intent behind including ransomware in an espionage tool and how it fits into the overall operation.

Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack

Zero Day 1139 implied HN points 20 Apr 23
🕹 Technology Cybersecurity Software Supply Chain Malware
  1. Hackers compromised a software maker by embedding malware in another company's program, leading to a chain of infections.
  2. This breach shows the potential for threaded supply-chain hacks to infect multiple software suppliers and customers.
  3. Financially motivated North Korean hackers were behind the attack on 3CX and it's recommended that compromised software be deleted immediately.

i-SOON: Another Company in the APT41 Network

Natto Thoughts 219 implied HN points 27 Oct 23
🕹 Technology Cybersecurity Hacking Surveillance Malware
  1. A lawsuit revealed potential business ties between Chengdu 404 linked to APT41 and Sichuan i-SOON, shedding light on the ecosystem of IT companies in which these hackers operate.
  2. Sichuan i-SOON has strong connections with universities, offers training programs, and possesses qualifications to work for state security, raising questions about its potential involvement in APT activities.
  3. The similarities between Sichuan i-SOON and Chengdu 404, along with i-SOON's capabilities in surveillance-related technologies, suggest a possible link to APT41 activities and other Chinese APT groups like RedHotel/Earth Lusca.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Russian Hacking Group MidnightBlizzard Stole Emails From Microsoft Execs, Employees

Metacurity 39 implied HN points 22 Jan 24
🕹 Technology Cybersecurity Hacking Data Breach Malware Digital Security
  1. Russian hacking group MidnightBlizzard, also known as Nobelium, breached Microsoft networks and stole emails from executives and employees.
  2. The breach was detected in November but Microsoft began notifying affected staff in January.
  3. Hackers used a password spray attack on an old test account to access multiple email streams.

Risky Biz News: Canada's tax revenue agency tries to ToS itself out of hacking liability

Risky Business News 359 HN points 08 Mar 23
🕹 Technology Cybersecurity Vulnerabilities Hackers Malware
  1. Canada Revenue Agency (CRA) updated its terms to avoid liability if personal information is stolen from their online service portal.
  2. There are concerns about CRA's basic web application security features being missing, despite their claims of taking all reasonable security steps.
  3. The offloading of responsibility by CRA through a benign Terms of Service update is harmful, especially considering the sensitive data they hold.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Keylogger Attacks with Microsoft Sentinel

Rod’s Blog 59 implied HN points 02 Oct 23
🕹 Technology Cybersecurity AI Malware Detection Mitigation
  1. Keyloggers are commonly used by cybercriminals to steal sensitive data, so it's crucial for organizations to detect and mitigate keylogger attacks to safeguard their information and finances.
  2. Microsoft Sentinel, a cloud-native SIEM system, can help in detecting keylogger attacks by collecting logs from endpoints, analyzing them using advanced analytics, and providing tools to investigate alerts and respond to threats.
  3. To mitigate keylogger attacks, organizations can implement multi-factor authentication, educate users about keylogger risks, and utilize endpoint protection software like Microsoft Defender for Endpoint.

Must Learn AI Security Part 4: Trojan Attacks Against AI

Rod’s Blog 79 implied HN points 21 Aug 23
🕹 Technology Security AI Malware Data
  1. Trojan attacks against AI involve disguising malware as legitimate software to gain unauthorized access, steal data, or manipulate algorithms, leading to dangerous outcomes.
  2. Common steps in a Trojan attack against AI include reconnaissance, delivery of the Trojan, installation, establishing command and control, exploitation, and covering up tracks to avoid detection.
  3. Mitigation of Trojan attacks against AI involves measures like using antivirus software, regular software updates, strong access controls, employee education on social engineering, and implementing monitoring strategies like real-time monitoring, intrusion detection, and machine learning for anomaly detection.

The PyPI lockdown of 2023

Deploy Securely 98 implied HN points 02 Jun 23
🕹 Technology Cybersecurity Malware Security Measures
  1. PyPI, a popular repository for Python developers, suspended new uploads and user registrations due to an influx of malicious code.
  2. Malicious packages on PyPI pose severe security threats, like running unintentional malware in your system.
  3. Security measures to take include verifying package provenance, checking package names for accuracy, and using trusted hosts with pip.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Fileless Malware Attacks with Microsoft Sentinel

Rod’s Blog 39 implied HN points 09 Oct 23
🕹 Technology Cybersecurity Cloud Computing AI Threat Detection Malware
  1. Fileless malware attacks are increasing and can be a serious threat to organizations as they evade traditional antivirus solutions by not relying on executable files.
  2. Microsoft Sentinel, a cloud-native security information and event management solution, can help detect and mitigate fileless malware attacks by collecting data at scale, utilizing analytics rules, and automating incident response.
  3. To prevent fileless malware attacks, consider using web filtering to block phishing emails, managed threat hunting for early detection, and indicators of attack (IOAs) analysis to identify malicious activities.

🥟 Chao-Down #78 Hackers use generative AI to create malware, Google introduces AI-powered privacy platform, ChatGPT begins giving therapy

Chaos Theory 19 implied HN points 04 May 23
🕹 Technology AI Privacy Malware Therapy Cybersecurity
  1. Hackers are using generative AI to create malware, making it harder for cybersecurity professionals to detect and defend against these attacks.
  2. Google introduces an AI-powered privacy platform called Checks.
  3. ChatGPT is starting to give therapy, potentially revolutionizing mental health care.

Red Apollo and Operation Cloud Hopper

Espionage& 2 implied HN points 16 Jun 23
🕹 Technology Cybersecurity Espionage Malware
  1. Red Apollo conducted a technology theft campaign starting in 2006, targeting various sectors and institutions using spearphishing techniques.
  2. Operation Cloud Hopper, launched in 2014, expanded Red Apollo's activities to targeting a Managed Service Provider and client organizations in 12 countries.
  3. Red Apollo, also known as APT10, is a Chinese state-sponsored cyberespionage group involved in stealing confidential data and intellectual property.

Risky Biz News: Two Iranian cyber groups get doxed in a week

Risky Business News 0 implied HN points 05 Feb 24
🕹 Technology Cybersecurity Malware Vulnerabilities Open Source
  1. Two Iranian cyber groups were recently exposed in a week, indicating increased cyber activity from Iran.
  2. Cyber Av3ngers attacked Israeli critical infrastructure, mainly targeting Unitronics devices.
  3. Various cybersecurity incidents, such as Cloudflare breach and Clorox ransomware attack, demonstrate ongoing threats in the digital landscape.

Risky Biz News: Brazilian police arrest Grandoreiro malware gang

Risky Business News 0 implied HN points 31 Jan 24
🕹 Technology Cybersecurity Malware Vulnerabilities Infosec Industry Threat intelligence
  1. Brazilian police arrested members of the Grandoreiro malware gang, known for stealing millions from bank customers in Brazil, Mexico, and Spain.
  2. Ukraine's GUR conducted a hack wiping 60TB of data from Russian company IPL Consulting and worked to cripple Akado-Telekom infrastructure.
  3. Various cybersecurity incidents, including crypto-heists, ransomware attacks on companies like Schneider Electric, Romanian government, and details on malware strains like Trigona and Ermac.

Risky Biz News: SVR hackers also breached HPE

Risky Business News 0 implied HN points 26 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Malware Espionage Tools
  1. HPE and Microsoft faced breaches by the same Russian state-sponsored hacking group, highlighting the ongoing cyber threats to tech giants.
  2. SEC's new breach disclosure rules are leading to faster reporting of incidents and more detailed disclosures from affected companies, changing the cybersecurity landscape.
  3. Various new cybersecurity incidents and threats, including DDoS attacks, ransomware incidents, and insider threats, continue to impact organizations globally.

Risky Biz News: AU, UK, US sanction Russian behind Medibank ransomware attack

Risky Business News 0 implied HN points 24 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Threat intelligence Malware Tech Updates
  1. Australia, UK, and US have sanctioned a Russian individual for ransomware attack on Medibank.
  2. Various cybersecurity incidents like data breaches, ransomware attacks, and malware discoveries are on the rise.
  3. Significant security updates and patches have been released for vulnerabilities in various platforms and software.

Risky Biz News: Congress considers making CSRB permanent and more independent and transparent

Risky Business News 0 implied HN points 19 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Malware Incident Response
  1. Congress is considering making the CSRB permanent and more independent and transparent for cybersecurity issues.
  2. Various cybersecurity incidents occurred, such as DDoS attacks in Switzerland and cyberattacks on companies like Kyivstar.
  3. Important developments include new Samsung phones promising 7 years of security updates and Google updating Chrome Incognito Mode text.

Risky Biz News: Cybercrime crew infects 172,000 smart TVs and set-top boxes

Risky Business News 0 implied HN points 17 Jan 24
🕹 Technology Cybersecurity Vulnerabilities Malware Government Tech news
  1. A cybercrime group infected 172,000 smart TVs and set-top boxes to carry out DDoS attacks.
  2. Bigpanzi botnet targeted Spanish and Portuguese-speaking users by spreading malware through social engineering.
  3. The security industry faces challenges like unpatched vulnerabilities in SonicWall firewalls and sophisticated malware targeting various platforms.

Risky Biz News: Chinese APT exploits two Pulse Secure zero-days

Risky Business News 0 implied HN points 12 Jan 24
🕹 Technology Security Malware Cybercrime Vulnerabilities Infosec Industry
  1. Chinese state-sponsored hacking group exploited two zero-days in Ivanti Connect Secure VPN appliances.
  2. FTC banned data broker Outlogic from selling precise location data of American citizens due to privacy violations.
  3. A member of the ShinyHunters hacking group was sentenced to three years in prison for hacking and selling data on underground forums.

Risky Biz News: Turkish APT group Sea Turtle returns

Risky Business News 0 implied HN points 08 Jan 24
🕹 Technology Cybersecurity Malware Vulnerabilities Acquisitions Tools
  1. Hackers associated with the Turkish government in the Sea Turtle group have resumed cyber-espionage operations targeting governments and IT service providers.
  2. Recent cyber incidents include Russian hackers targeting Ukraine, hacks in the telecom sector, and cyberattacks on US museums and crypto platforms.
  3. New malware discoveries, ransomware attacks, and cybercrime incidents underscore the importance of strong passwords, security updates, and vigilance against cyber threats.

Risky Biz News: Last of the Twitter hackers to be extradited to the US

Risky Business News 0 implied HN points 20 Feb 23
🕹 Technology Cybercrime Vulnerabilities Malware Infosec Industry
  1. Spain's National Court agreed to extradite a 23-year-old UK national to the US for his role in the 2020 Twitter hack.
  2. GoDaddy and the FBI experienced breaches in their systems, while crypto platforms like Platypus and Dexible were hacked for millions of dollars.
  3. Various cybercrime incidents and threat intelligence reports emerged, including seizure of cryptocurrency funds by Norwegian authorities and dismantling of CEO fraud and IMSI catcher gangs.

Risky Biz News: EPA releases cybersecurity guidance for US public water sector

Risky Business News 0 implied HN points 06 Mar 23
🕹 Technology Cybersecurity Malware Vulnerabilities Infosec Industry Tech Updates
  1. The US EPA has released cybersecurity guidance for public water systems, aiming to improve cybersecurity resilience and address recent high-profile hacks.
  2. Recent cyber breaches include hacks on GunAction.com, Flutterwave, BitBNS, TheSandbox, Chick-fil-A, and Mastodon.
  3. Various cybersecurity incidents involve BEC phishing campaigns, malware like FiXS in ATMs, and vulnerabilities found in DJI drones and Intel processors.

Risky Biz News: CISA establishes ransomware warning pilot program

Risky Business News 0 implied HN points 15 Mar 23
🕹 Technology Cybersecurity Vulnerabilities Malware
  1. CISA launched a ransomware warning program to proactively scan and secure vulnerable systems in critical infrastructure.
  2. Several cyber incidents include the $197 million crypto-heist on Euler Finance, an extortion attempt on GSC Game World and potential breaches at Amazon Ring, Marshall Amps, and Saint Kitts and Nevis government.
  3. Tech updates feature Kali Linux Purple edition, the creation of UK National Protective Security Authority, and the development of a Russian GitHub alternative.

The RESTRICT Act Is Not About TikTok

Seriously Risky Business 0 implied HN points 16 Mar 23
🕹 Technology Cyber Security Legislation Reports Malware Incident Response
  1. The RESTRICT Act is bipartisan legislation aimed at enhancing the US government's ability to address threats from foreign technology companies.
  2. Governments like Australia implement laws for cyber incidents, but it can be controversial due to potential overreach.
  3. Global efforts are being made to combat cybersecurity threats, such as the CISA's Ransomware Vulnerability Warning Pilot program.

Risky Biz News: FTC looks at cloud providers, their business practices, and data security

Risky Business News 0 implied HN points 24 Mar 23
🕹 Technology Cybersecurity Government Malware Vulnerabilities Tech Events
  1. The US Federal Trade Commission is seeking public comments on the business practices and data security of cloud computing providers.
  2. The FTC's action is a response to concerns about the predatory business practices of cloud providers and potential cybersecurity risks.
  3. The FTC is focusing on issues such as negotiating cloud contracts, secure storage competition, breach notifications, and customer lock-in incentives.

Risky Biz News: Microsoft addresses OneNote malspam problem, promises fixes through the year

Risky Business News 0 implied HN points 03 Apr 23
🕹 Technology Cybersecurity Malware Vulnerabilities Infosec Industry
  1. Microsoft is addressing a malspam problem in OneNote by blocking execution of certain embedded files.
  2. Several major breaches and cyber incidents have been reported in various countries.
  3. Various new cyber threats, malware strains, and cybersecurity vulnerabilities have been discovered and analyzed recently.

UK's National Cyber Force: A Bunch of Mindf-ckers

Seriously Risky Business 0 implied HN points 06 Apr 23
🕹 Technology Cybersecurity Malware Hacking Tech industry
  1. The UK's National Cyber Force aims to disrupt adversary behavior by exploiting their reliance on digital technology.
  2. Offensive cyber operations by the NCF focus on cognitive effects and disrupting adversary systems over a period.
  3. The response to the 3CX supply chain attack was quicker compared to past breaches, showing improvement in addressing cyber threats.

Risky Biz News: Almost 9 million Android phones sold pre-infected with malware

Risky Business News 0 implied HN points 22 May 23
🕹 Technology Cybersecurity Malware Vulnerabilities Infosec Industry
  1. A cybercrime group named Lemon Group has pre-installed malware in almost 9 million Android devices, planting it inside the firmware.
  2. The Lemon Group's malware, known as Guerrilla, is hidden inside the Zygote process and can download plugins for various malicious activities.
  3. The lack of security practices in the Android OEM ecosystem and the presence of pre-installed malware highlight the risk of buying low-cost devices from unknown vendors.

Risky Biz News: New Chinese APT attacks US critical infrastructure

Risky Business News 0 implied HN points 26 May 23
🕹 Technology Cybersecurity Malware Vulnerabilities Tools
  1. New Chinese APT group Volt Typhoon detected targeting US critical infrastructure with stealth techniques.
  2. Recent focus of Chinese APTs on stealth operations explained by pressure to avoid detection due to increased scrutiny.
  3. Breaches and hacks include Chinese cyber-spies targeting Kenyan government, crypto-heists, and exit scams affecting investors.

Risky Biz News: Move aside RowHammer, the RowPress attack is here

Risky Business News 0 implied HN points 28 Jun 23
🕹 Technology Cybersecurity Malware Vulnerabilities Tools Conferences
  1. A new memory attack named RowPress has been discovered as an alternative to RowHammer, making DRAM chips vulnerable.
  2. Software-level mitigations can help protect against the RowPress attack by limiting the time a memory row can stay open.
  3. Various notable breaches, hacks, and incidents have occurred recently, emphasizing the ongoing importance of cybersecurity measures and vigilance.

Risky Biz News: US and Canada warn of new Truebot malware variant

Risky Business News 0 implied HN points 07 Jul 23
🕹 Technology Cybersecurity Vulnerabilities Malware Privacy Government
  1. US and Canada issue joint security alert about new Truebot malware variant being spread through phishing campaigns
  2. Cybersecurity incidents include ransomware attack on Japan's largest cargo port, DDoS attack on Russian railway company, and data leak of Indonesian passports
  3. Privacy concerns arise with inability to delete Instagram Threads account and secret blocklist feature in Firefox

Risky Biz News: FTC orders MoneyGram to return $115 million to scammed victims

Risky Business News 0 implied HN points 15 Feb 23
🕹 Technology Cybercrime Data security Vulnerabilities Malware Infosec Industry
  1. The FTC ordered MoneyGram to return $115 million to scam victims due to system abuse
  2. Cybercriminals are developing new ransomware like MortalKombat and using phishing campaigns for attacks
  3. Various cybersecurity vulnerabilities and exploits have been detected, addressed, and reported by different companies and security researchers