How ToddyCat tried to hide behind AV software ToddyCat APT组织利用恶意工具TCESB通过DLL代理技术绕过安全防护，在ESET扫描器中利用CVE-2024-11859漏洞加载恶意DLL，并使用BYOVD技术安装易受攻击的驱动程序以提升权限。... 2025-4-7 10:0:44 | 阅读: 14 | 收藏 | Securelist - securelist.com tcesb malicious payload eset library

A journey into forgotten Null Session and MS-RPC interfaces, part 2 文章探讨了Windows中无认证枚举域信息的问题及其原因，并通过逆向工程分析MS-RPC安全机制和WMI的工作原理。研究揭示组策略限制无认证访问的局限性，并提供检测方法如使用RPC-Firewall工具。... 2025-4-4 10:0:38 | 阅读: 9 | 收藏 | Securelist - securelist.com security client remote nrpc

TookPS: DeepSeek isn’t the only game in town 文章揭示了一起利用DeepSeek LLM作为诱饵的大规模网络攻击活动。攻击者分发伪装成流行软件的恶意程序TookPS，在受害者设备上建立SSH隧道并植入后门程序以获取完全控制权。建议用户避免从不可信来源下载软件，并加强安全意识培训。... 2025-4-2 10:0:5 | 阅读: 12 | 收藏 | Securelist - securelist.com software malicious powershell attackers c2

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain read file error: read notes: is a directory... 2025-3-25 21:30:22 | 阅读: 49 | 收藏 | Securelist - securelist.com chrome malicious attackers trojan dubbed

Financial cyberthreats in 2024 read file error: read notes: is a directory... 2025-3-25 08:0:33 | 阅读: 50 | 收藏 | Securelist - securelist.com phishing trojan banker security download

Threat landscape for industrial automation systems in Q4 2024 read file error: read notes: is a directory... 2025-3-21 10:0:29 | 阅读: 21 | 收藏 | Securelist - securelist.com malicious pp q4 decreased quarter

Arcane stealer: We want all your data read file error: read notes: is a directory... 2025-3-19 10:15:18 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com arcane stealer cheats loader

Head Mare and Twelve join forces to attack Russian entities read file error: read notes: is a directory... 2025-3-13 10:0:33 | 阅读: 41 | 收藏 | Securelist - securelist.com windows mare attackers username twelve

Incident response analyst report 2024 read file error: read notes: is a directory... 2025-3-12 08:0:21 | 阅读: 64 | 收藏 | Securelist - securelist.com security ransomware gert tendency

DCRat backdoor returns read file error: read notes: is a directory... 2025-3-11 10:0:13 | 阅读: 40 | 收藏 | Securelist - securelist.com dcrat c2 software attackers dubbed

SideWinder targets the maritime and nuclear sectors with an updated toolset read file error: read notes: is a directory... 2025-3-10 10:15:13 | 阅读: 41 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com loader security malicious attacker maritime

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity DeepSeek-R1发布后迅速流行,吸引了网络犯罪分子创建假冒网站分发恶意软件,窃取用户数据,甚至控制设备。部分攻击针对中文用户,伪装成AI客户端诱导下载。专家提醒用户谨慎访问来源不明的链接,避免泄露个人信息和设备被控风险。... 2025-3-6 10:0:4 | 阅读: 22 | 收藏 | Securelist - securelist.com deepseek malicious client python victim

Undercover miner: how YouTubers get pressed into distributing SilentCryptoMiner as a restriction bypass tool read file error: read notes: is a directory... 2025-3-5 10:0:38 | 阅读: 28 | 收藏 | Securelist - securelist.com malicious miner loader youtube strikes

Mobile malware evolution in 2024 2024年Kaspersky统计显示，全球共阻止3330万次恶意软件、广告软件等攻击，其中广告软件占35%。新型恶意软件如Mamont银行木马和NFC诈骗技术出现，部分恶意程序通过Google Play等官方应用商店传播。... 2025-3-3 10:0:49 | 阅读: 26 | 收藏 | Securelist - securelist.com trojan banker turkey triada unwanted

The SOC files: Chasing the web shell read file error: read notes: is a directory... 2025-2-28 04:0:11 | 阅读: 42 | 收藏 | Securelist - securelist.com memory 7e attackers analysis

Exploits and vulnerabilities in Q4 2024 2024年第四季度漏洞数量增加但公开 exploits 减少，攻击者利用未记录 RPC 接口和 Windows 认证机制。微软 Office 和 WinRAR 漏洞突出，Linux 系统需关注内核组件更新。... 2025-2-26 10:0:8 | 阅读: 30 | 收藏 | Securelist - securelist.com q4 software windows improper

The GitVenom campaign: cryptocurrency theft using GitHub GitVenom活动通过在GitHub上创建伪装成合法项目的恶意仓库来诱骗开发者下载并执行恶意代码。这些项目包含虚假功能描述和恶意脚本，旨在窃取敏感信息、控制设备或劫持加密货币交易。该活动已持续数年，并在全球范围内对开发者构成威胁。... 2025-2-24 09:26:58 | 阅读: 25 | 收藏 | Securelist - securelist.com malicious attackers github gitvenom python

Angry Likho: Old beasts in a new forest Angry Likho是一个APT组织，自2023年起活跃于网络攻击领域。该组织主要针对俄罗斯及白俄罗斯的政府机构和大型企业展开定向攻击。其常用手段包括发送钓鱼邮件，附件中包含恶意LNK文件及RAR档案。这些恶意软件通常会植入Lumma stealer等工具，用于窃取敏感数据如浏览器记录、密码及加密货币钱包信息。该组织在2024年6月及2025年1月期间展现了新的攻击活动迹象。... 2025-2-21 10:0:21 | 阅读: 37 | 收藏 | Securelist - securelist.com shop malicious likho angry payload

Managed detection and response in 2024 Kaspersky MDR服务提供全天候监控和威胁检测。2024年报告指出高严重性事件减少但复杂性增加，工业、金融和政府行业受攻击最多。Living off the Land技术广泛使用。... 2025-2-20 08:0:24 | 阅读: 17 | 收藏 | Securelist - securelist.com mdr security attackers threats equipped

Spam and phishing in 2024 read file error: read notes: is a directory... 2025-2-19 10:0:31 | 阅读: 46 | 收藏 | Securelist - securelist.com phishing malicious fraudsters victim facebook