Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes - Check Point Research [Ed: Microsoft Windows TCO]

    In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities themselves became an attractive target for spear-phishing campaigns that are exploiting the sanctions imposed on Russia by western countries. These sanctions have put enormous pressure on the Russian economy, and specifically on organizations in multiple Russian industries.

    [...]

    The malware creates a working directory %TEMP%\\OfficeInit and copies to it INIT and cmpbk32.dll files, as well as a legitimate 32-bit Windows executable cmdl32.exe from either System32 or SysWOW64 folder, depending on if the operating system is 32 or 64 bit.

  • Sandworm uses a new version of ArguePatch to attack targets in Ukraine [Ed: Microsoft Windows TCO]

    Filename: eset_ssl_filtered_cert_importer.exe
    SHA-1 hash: 796362BD0304E305AD120576B6A8FB6721108752
    ESET detection name: Win32/Agent.AEGY

  • Malicious Python Repository Package drops Cobalt Strike on Windows, macOS & Linux systems [Ed: It's not an OS issue; it's about people installing malicious software and greater threats are proprietary software's back doors]

    Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience.

  • 747 Hackathon | Pen Test Partners

    As is probably clear from our blog and public talks aviation cyber security is an area of huge interest to us. Some of us are also light aircraft pilots, so the crossover of two of our loves makes for some fascinating research.

    Over the last few years we’ve managed to get access to several airplanes that have been recently retired. As the various breakers yards are backed up with planes retired during the pandemic, many fully functional planes are available that will never fly again.

    However, a big problem for us is that the planes get dismantled, often between visits. On several occasions we’ve gone to an airframe to figure out the on board systems, go back to the lab to prepare custom connectors and tools, then come back a month later to find out that it’s been taken apart into many many pieces.

More in Tux Machines