Mastodawn

#Malware: #Qakbot mit falschen #Captchas verteilt | Security https://www.heise.de/news/Malware-Qakbot-mit-falschen-Captchas-verteilt-10335589.html #FakeCaptcha #FakeCaptchas

Malware: Qakbot mit falschen Captchas verteilt

Längere Zeit war es still um die Qakbot-Trojaner. Nun verteilen Kriminelle neue Varianten mit Fake-Captchas.

heise online

Anonymous 🐈️🐾☕🍵🏴🇵🇸

Feb 27

A massive leak of #BlackBasta's 200,000+ chat messages reveals their tactics, key players, and internal conflicts.

The group uses #QakBot for access, exploits SMB misconfigurations, and faces growing instability. #leaking #Ransomware https://thehackernews.com/2025/02/leaked-black-basta-chat-logs-reveal.html

Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles

Leaked Black Basta chat logs expose internal conflicts, $107M in ransom earnings, and new attack tactics. Key members defect, leaving victims without

The Hacker News

Show thread

Émilio Gonzalez Feb 22

I wish every one of you to find someone who loves you like usernamegg loves #QakBot

Habr Jun 10, 2024

Трендовые уязвимости мая: лингвистический лесоруб и таинственный файл на ломаном английском

Хабр, привет! Уже по традиции я, Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center, рассказываю про трендовые уязвимости месяца. Всего их было четыре: 1️⃣ уязвимость, приводящая к удаленному выполнения кода в многоплатформенном опенсорсном инструменте для сбора и обработки журналов Fluent Bit (CVE-2024-4323); 2️⃣ уязвимость, приводящая к удаленному выполнения кода в корпоративной веб-вики Confluence (CVE-2024-21683); уязвимости Microsoft, связанные с 3️⃣ обходом функций безопасности в Windows MSHTML Platform (CVE-2024-30040) и 4️⃣ повышением привилегий в Windows DWM Core Library (CVE-2024-30051). Узнать самые опасные уязвимости мая

https://habr.com/ru/companies/pt/articles/820613/

#трендовые_уязвимости #cve #vulnerability_management #microsoft #эксплойт #confluence #dwm #qakbot #ole #патчи

Трендовые уязвимости мая: лингвистический лесоруб и таинственный файл на ломаном английском

Хабр, привет! Уже по традиции я, Александр Леонов, ведущий эксперт лаборатории PT Expert Security Center, рассказываю про трендовые уязвимости месяца. Мы с командой аналитиков Positive...

Хабр

The Spamhaus Project May 30, 2024

🚨#IcedID, #Smokeloader, #SystemBC, #Pikabot and #Bumblebee botnets have been disrupted by Operation Endgame!! This is the largest operation EVER against botnets involved with ransomware, with gargantuan thanks to a coordinated effort led by international agencies 👏👏

As with the #Qakbot and #Emotet takedowns, Spamhaus are again providing remediation support - those affected will be contacted from today with steps to take.

👉 For more information, read our write-up here: https://www.spamhaus.org/resource-hub/malware/operation-endgame-botnets-disrupted-after-international-action/

#OperationENDGAME

Malware | Operation Endgame | Botnets disrupted after international action | Resources

The Spamhaus Project

The Threat Codex May 15, 2024

QakBot attacks with Windows zero-day (CVE-2024-30051)
#CVE_2024_30051 #Qakbot
https://securelist.com/cve-2024-30051/112618/

QakBot attacks with Windows zero-day (CVE-2024-30051)

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QakBot and other malware.

Kaspersky

KrebsOnSecurity RSS May 15, 2024

Patch Tuesday, May 2024 Edition

https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/

#AdobeSubstance3DPainter #macOSSonoma14.5update #AdobeFramemaker #CVE-2024-30040 #CVE-2024-30044 #CVE-2024-30051 #ImmersiveLabs #AdobeAnimate #GoogleChrome #SatnamNarang #TimetoPatch #Illustrator #KevinBreen #Sharepoint #AdobeAero #acrobat #Tenable #MSHTML #Qakbot #reader

Patch Tuesday, May 2024 Edition – Krebs on Security

ITSEC News May 14, 2024

Patch Tuesday, May 2024 Edition - Microsoft today released updates to fix more than 60 security holes in Windows com... https://krebsonsecurity.com/2024/05/patch-tuesday-may-2024-edition/ #adobesubstance3dpainter #macossonoma14.5update #adobeframemaker #cve-2024-30040 #cve-2024-30044 #cve-2024-30051 #immersivelabs #adobeanimate #googlechrome #satnamnarang #timetopatch #illustrator #kevinbreen #sharepoint #adobeaero #acrobat #tenable #mshtml #qakbot #reader

Patch Tuesday, May 2024 Edition – Krebs on Security

🛡 H3lium@infosec.exchange/:~#

Mar 19, 2024

Cybercriminals are using #Scalable_Vector_Graphics (#SVG) files to deliver malware because SVG is an XML-based vector image format for two-dimensional graphics that supports interactivity and animation. SVG files can natively contain #JavaScript code, which can be executed by browsers when the SVG is loaded.
They do this by leveraging the #AutoSmuggle tool introduced in May 2022. This tool embeds malicious files into SVG/HTML content, bypassing security measures. Notably, SVG files were exploited to distribute #ransomware in 2015 and the #Ursnif malware in January 2017. A significant advancement occurred in 2022, with malware like #QakBot being delivered through SVG files containing embedded .zip archives. AutoSmuggle campaigns in December 2023 and January 2024 delivered the #XWorm #RAT and #Agent_Tesla #Keylogger, respectively, showcasing a shift towards embedding executable files directly within SVG files to evade detection by Secure Email Gateways (#SEGs). This evolution underscores the need for updated security measures to combat sophisticated malware delivery methods.
The misuse of SVG files for malware distribution dates back to 2015, with ransomware being one of the first to be delivered through this vector.
Original report: Cofense

SVG Files Abused in Emerging Campaigns | Cofense

Learn how threat actors are exploiting the use of SVG files for malware delivery and how to protect your organization from these emerging campaigns.

Cofense

Malcat Feb 16, 2024

#Qakbot came back with new tricks. In this new blog post, we will:

● unpack it
● decrypt it (strings + cnc)
● and write a config extractor in python

using only static analysis (and #malcat of course :). Link:

https://malcat.fr/blog/writing-a-qakbot-50-config-extractor-with-malcat

Writing a Qakbot 5.0 config extractor with Malcat

Starting from a (backdoored) MSI installer, we will unroll the infection to chain to get the final Qakbot sample. Sticking to pure static analysis, we will then decrypt Qakbot's configuration and finally write a script in Malcat to automate the process.

MALCAT