TruKno’s Post

A new botnet is targeting a D-Link vulnerability from nearly a decade ago, CVE-2015-2051. This vulnerability allows remote attackers to execute arbitrary commands via a GetDeviceSettings action on the HNAP interface. As a result, an attacker can create a crafted HTTP request with a malicious command embedded in the header. (14TTPs with 'Procedure' level details on the TruKno blog) #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalysis

Between November 2023 and March 2024, multiple domains were registered by a threat actor spoofing legitimate IP scanners and other software typically used by IT security and network administration teams in enterprises. The threat actor abused Google Ads to conduct a malvertising campaign in an attempt to push their malicious sites to the top of search results. A successful infection results in the delivery of a previously unseen backdoor that we named “MadMxShell”. The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively. In addition, the backdoor uses evasive techniques like anti-dumping to prevent memory analysis and hinder forensics security solutions. (26TTPs with 'Procedure' level details on the TruKno blog) #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalysis

Between November 2023 and March 2024, multiple domains were registered by a threat actor spoofing legitimate IP scanners and other software typically used by IT security and network administration teams in enterprises. The threat actor abused Google Ads to conduct a malvertising campaign in an attempt to push their malicious sites to the top of search results. A successful infection results in the delivery of a previously unseen backdoor that we named “MadMxShell”. The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively. In addition, the backdoor uses evasive techniques like anti-dumping to prevent memory analysis and hinder forensics security solutions. (26TTPs with 'Procedure' level details on the TruKno blog) #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalysis

Between November 2023 and March 2024, multiple domains were registered by a threat actor spoofing legitimate IP scanners and other software typically used by IT security and network administration teams in enterprises. The threat actor abused Google Ads to conduct a malvertising campaign in an attempt to push their malicious sites to the top of search results. A successful infection results in the delivery of a previously unseen backdoor that we named “MadMxShell”. The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively. In addition, the backdoor uses evasive techniques like anti-dumping to prevent memory analysis and hinder forensics security solutions. (26TTPs with 'Procedure' level details on the TruKno blog) #trukno #mitreattack #threathunting #threatdetection #cyberattack #ciso #threatintel #threatintelligence #cybersecurity #infosec #malwarehunting #malwareanalysis #malware #ThreatAnalysis https://lnkd.in/g546hBUv

10 Types of Cyberattacks Targeting Organizations Nowhttps://lnkd.in/dY4dEvsG

Semperis has a new identity-threat offering that is backed by the power of machine learning. I sat down with Semperis' VP of Products, Darren Mar-Elia who breaks down how ML helps with identity-based security and why the new offering is a fit for midmarket organizations' cyber resilience strategies. Great information for anyone in #cybersecurity, #IT and #riskmanagement

Unpatched TP-Link routers are under attack by botnets including Moobot, Miori & Mirai variants! #FortiGuardLabs identified the vulnerability (CVE-2023-1389) and various botnet campaigns targeting it. Learn more: http://ftnt.me/54B360 via #DarkReading

Unpatched TP-Link routers are under attack by botnets including Moobot, Miori & Mirai variants! #FortiGuardLabs identified the vulnerability (CVE-2023-1389) and various botnet campaigns targeting it. Learn more: http://ftnt.me/9BEBD6 via #DarkReading

Unpatched TP-Link routers are under attack by botnets including Moobot, Miori & Mirai variants! #FortiGuardLabs identified the vulnerability (CVE-2023-1389) and various botnet campaigns targeting it. Learn more: http://ftnt.me/4CFE01 via #DarkReading

Unpatched TP-Link routers are under attack by botnets including Moobot, Miori & Mirai variants! #FortiGuardLabs identified the vulnerability (CVE-2023-1389) and various botnet campaigns targeting it. Learn more: http://ftnt.me/FB1816 via #DarkReading