Patch Tuesday, October 2024 Edition

https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/

#OpenSSHforWindows;PowerBI;WindowsHyper-V;WindowsMobileBroadband #AdobeSubstance3DPainter #ElasticSecurityLabs #Substance3DStager #NikolasCemerikic #AdobeFramemaker #LatestWarnings #CVE-2024-43572 #CVE-2024-43573 #SecurityTools #ImmersiveLabs #GrimResource #SatnamNarang #VisualStudio #TimetoPatch #Dimension #Lightroom #Commerce #InDesign #Animate #macOS15 #Sequoia #Tenable #InCopy #.NET

"👻 GHOSTPULSE: A New Evasion Technique in the Wild 🌐"

Elastic Security Labs has unveiled details of a new campaign named GHOSTPULSE. This campaign employs defense evasion capabilities to compromise victims using malicious MSIX executables. The stealthy loader, GHOSTPULSE, decrypts and injects its payload to dodge detection. MSIX, a Windows app package format, is being exploited by adversaries, especially those with above-average resources, as it requires access to code signing certificates. The campaign tricks users into downloading malicious MSIX packages, often masquerading as popular software installers like Chrome, Brave, and WebEx. Once executed, a covert PowerShell script activates GHOSTPULSE on the victim's system. 🚫🔍

The GHOSTPULSE loader operates in multiple stages, with the final payload typically being an information stealer. Notably, payloads like SectopRAT, Rhadamanthys, and Lumma have been observed. The malware also employs techniques like "module stomping" and "Process Doppelgänging" for its operations. 🕵️‍♂️💼

For those in the research community, Elastic Security has provided a configuration extractor to aid in further investigations of this campaign. 🛠️🔬

Source: Elastic Security Labs

Tags: #GHOSTPULSE #CyberSecurity #EvasionTechniques #MSIX #MalwareAnalysis #ElasticSecurityLabs

Authors: Salim Bitam, Joe Desimone. Twitter Reference

Malware analysis of malware family SOMNIRECORD, a backdoor malware that conceals identity masquerading as DNS using C2 (Command and Control) methods.

https://www.elastic.co/security-labs/not-sleeping-anymore-somnirecords-wakeup-call

#ElasticSecurityLabs #malware
#malwareanalysis #malwarebackdoor #dnshack

#NAPLISTENER Analysis by #elasticsecuritylabs

https://www.elastic.co/de/security-labs/naplistener-more-bad-dreams-from-the-developers-of-siestagraph?ultron=esl:_threat_research%2Besl_blog_post&blade=twitter&hulk=social&utm_content=9216526986&linkId=206234931

#infosec #malware #elastic

🔥🔥🤩 Check out this malware analysis report from Elastic Security Labs on a recent variant from the malware family ICEDID written by the MARE (Malware Analysis and Reverse Engineering) Team Senior Security Researchers Cyril F. and Daniel Stepanic !

#malwareanalysis #elastic #ElasticSecurityLabs #malware

https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary

Check 🔥🔥out the latest #ElasticSecurityLabs research blog on Exploring the future of ChatGPT from Senior Security Researcher Mika Ayenson

https://www.elastic.co/security-labs/exploring-applications-of-chatgpt-to-improve-detection-response-and-understanding?oemf

#ElasticSecurityLabs #Elastic #chatgpt #DetectionAndResponse

Check out Elastic Security Labs for the latest security research and malware analysis! 🤩🙌

#ElasticSecurityLabs #elastic #malwareanalysis #securityresearch

https://twitter.com/elasticseclabs/status/1620436756121194501?t=a8IYwSrb5HqxtJE2QTweXg&s=09