intelligence gathering

"This malware family is written using the .NET framework and leverages the Domain Name Service (DNS) protocol to create...

Espionage groups invest time and effort in avoiding detection and persisting on compromised networks.
The Mantis cyber espionage group (aka Arid Viper, Desert Falcon, APT-C-23), a threat actor believed to operate within the Palestinian territories, is conducting ongoing attacks, deploying an updated toolset and sparing no effort in targeting targets. Maintain a persistent presence on the web.
The group is known for targeting organizations in the Middle East, but the recent activity discovered by Symantec, a subsidiary of Broadcom Software, is focused on organizations in the Palestinian territories. The malicious activity began in September 2022 and continued until at least February 2023. moon. This kind of targeting is not unprecedented for the Mantis group, which previously revealed attacks against individuals located in the Palestinian territories in 2017.

Google Chrome is a web browser developed by Google. It is based on an open source kernel (such as WebKit) and aims to improve stability, speed and security, with a simple and efficient interface. However, by using XSL stylesheets and external entity references in SVG image links, an attacker can read arbitrary files on the victim's computer.

The latest analysis released by Kaspersky security researcher Mert Degirmenci shows that the Web Shell is a dynamic link library (DLL) named "hrserv.dll" with complex functions, such as custom encoding methods for client communication and memory execution. . An investigation by the Russian cybersecurity firm Kaspersky found artifacts dating back to early 2021 based on their compilation timestamps...

Recently, a new research report released by Duke University has attracted widespread attention, which reveals how cyber attackers can easily obtain sensitive information about U.S. military personnel at a low price, thus posing serious risks to national security. This study found that cyberattackers can start from several...

Terminology explanation: SDK is the abbreviation of English Software Development Kit, that is, software development tool kit, which has various types. If developing a software system is compared to building a house with "three bedrooms and one living room", then different SD...

The Lazarus group is a highly active cyber threat actor that reports may be related to the North Korean government. It has been continuously improving its attack techniques and finding new targets and vulnerabilities to exploit. They are known for their attacks against software vendors, financial institutions, and cryptocurrency exchanges, using social engineering, phishing emails, and malware distribution to steal sensitive information and funds.

Kubernetes is a popular container orchestration platform used to manage and deploy containerized applications. NGINX is a commonly used open source reverse proxy and load balancer that is widely used in Kubernetes clusters as an ingress controller.

Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack.

Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…