Mark Lubbat’s Post

Blog post alert! In this one - I take an INC Linux ransomware sample (targets ESXi), submit it to the ELFEN sandbox and get solid insights within 2m. For completeness, I also dive into IDA's decompilation and describe the encryption mechanism. The main goal of this analysis is to demonstrate to analysts that they have powerful open-source sandboxing software at their disposal. Gone are the days of only static detection of Linux malware! Link: https://lnkd.in/gURK9tYW #linux #ransomware #esxi #sandbox

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion https://lnkd.in/dtr2Piin

#Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. Tracked as CVE-2024-21338, the #security flaw was found by Avast Senior Malware Researcher Jan Vojtěšek in the appid.sys Windows AppLocker driver and reported to Microsoft last August as an actively exploited zero-day. The vulnerability impacts systems running multiple versions of Windows 10 and Windows 11 (including the latest releases), as well as Windows Server 2019 and #2022. Microsoft explains that #successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. "To exploit this vulnerability, an attacker would #first have to log on to the system

Password stealer malware has been on the rise since last year, and these info stealers are consistently good at bypassing or beating Windows Defender. Check out The PC Security Channel's latest video to see how your stolen data is used on the dark web: https://lnkd.in/ge5iNUgh #cyber #infosec #cybersecurity #infostealer #malware

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists https://lnkd.in/g9hKCqcb New, Linux, Variant, FASTCash, Malware, Targets, Payment, Switches, ATM, Heists

🚀 New Blog Post Alert! 🚀🚀 Check out the different techniques malware employs to conceal its goals, and learn how to develop network signatures for malware using actual samples in Part 5 of our Dissecting Windows Malware Series - https://lnkd.in/dinpwEJP #MalwareAnalysis #Windows #ReverseEngineering #DFIR

In Linux, any file created under '/dev/shm' directory will remain in RAM (memory) and never touch the disk. So, malware like Frog4Shell leverages this technique for fileless malware execution.

We are seeing more Linux targeted malware, the good old days when we thought Linux was safer than windows because there weren’t many Linux viruses are gone. It’s time to protect our Linux servers with a tool that allows you to remote access them while keeping them isolated from other assets, such a tool is #visulox from #amitego. Learn how you could protect your Linux servers at www[.]amitego[.]com https://lnkd.in/e5gyk2F3?

Stuck with a #Windows BSOD? While you wait, want to go through something that's not all about the #Crowdstrike IT outage? Read our blog series on Dissecting Windows Malware: https://lnkd.in/dzxiFeZy. Stay tuned for a new post next week! #reverseengineering #DFIR

All you need to know to keep your AV over IP system safe is our ZyPer Management Platform 3.x. It mitigates malware attacks on your network by hardening Linux servers for maximum security. What else can it do? ZeeVee’s Joe Chordas answers that question in the interview segment below with AVNation Media’s Tim Albright: