New BYOVD loader behind DeadLock ransomware attack

A new loader exploiting a Baidu Antivirus driver vulnerability (CVE-2024-51324) has been discovered in connection with DeadLock ransomware attacks. The threat actor uses the Bring Your Own Vulnerable Driver (BYOVD) technique to terminate endpoint detection and response processes. A PowerShell script is employed to bypass User Account Control, disable Windows Defender, terminate security services, and delete volume shadow copies. DeadLock ransomware targets Windows machines using a custom stream cipher encryption algorithm with time-based cryptographic keys. The attack involves initial access through compromised accounts, system registry modifications, remote access establishment, reconnaissance, lateral movement, and defense impairment. The ransomware's sophisticated encryption process includes recursive directory traversal, memory-mapped file I/O, and multi-threaded processing.

Pulse ID: 693940b7880240f017419d5c
Pulse Link: https://otx.alienvault.com/pulse/693940b7880240f017419d5c
Pulse Author: AlienVault
Created: 2025-12-10 09:43:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Encryption #Endpoint #EndpointDetectionandResponse #InfoSec #Mac #OTX #OpenThreatExchange #PowerShell #RansomWare #Vulnerability #Windows #bot #AlienVault

Threat Spotlight: Storm-0249 Moves from Mass Phishing to Precision EDR Exploitation

Storm-0249, a seasoned initial access broker, has evolved from mass phishing to sophisticated post-exploitation tactics. The group now abuses legitimate Endpoint Detection and Response processes, particularly SentinelOne's SentinelAgentWorker.exe, through DLL sideloading. This allows them to conceal malicious activity as routine operations, bypass defenses, and maintain persistence. Their new tactics include Microsoft domain spoofing, curl-to-PowerShell piping, and fileless execution. Storm-0249's ability to weaponize trusted processes and conduct stealthy reconnaissance poses significant challenges for security teams. The group's evolution represents a broader trend in the ransomware-as-a-service ecosystem, lowering the technical barrier for attackers and accelerating the spread of ransomware across sectors.

Pulse ID: 69393ab7f0d78ccb11a14d9a
Pulse Link: https://otx.alienvault.com/pulse/69393ab7f0d78ccb11a14d9a
Pulse Author: AlienVault
Created: 2025-12-10 09:17:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #Endpoint #EndpointDetectionandResponse #ICS #InfoSec #Microsoft #OTX #OpenThreatExchange #Phishing #PowerShell #RAT #RansomWare #RansomwareAsAService #Rust #SentinelOne #SideLoading #bot #AlienVault

North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads

The Contagious Interview operation continues to weaponize the npm registry with a repeatable playbook. Since our July 14, 2025 update, we have identified and analyzed more than 338 malicious packages with over 50,000 cumulative downloads.

25 of these packages remain live on the npm registry at the time of writing. We have submitted takedown requests to the npm security team and petitioned for suspension of the associated publisher accounts.

In this latest wave, North Korean threat actors used more than 180 fake personas tied to new npm aliases and registration emails, and ran over a dozen command and control (C2) endpoints (see IOCs). Their tooling has evolved from direct BeaverTail malware droppers to HexEval, XORIndex, and encrypted loaders. Each executes at install or import, reconstructs obfuscated BeaverTail in memory, then typically fetches the InvisibleFerret backdoor for persistence. New malicious packages appear weekly, including this week.

Pulse ID: 6937a6785aada092d832512e
Pulse Link: https://otx.alienvault.com/pulse/6937a6785aada092d832512e
Pulse Author: Tr1sa111
Created: 2025-12-09 04:32:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Email #Endpoint #InfoSec #Korea #Malware #NPM #NorthKorea #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

Digital Toolbox: Endpoint Security
The practice of protecting devices like laptops, smartphones, and servers from cybersecurity threats by securing them as entry points to a network.

https://wadebach.blackcatwhitehatsecurity.com/?#Endpoint%20Security

#Digital #Toolbox #Endpoint #Security #Technology #Engineering

Windows Endpoint Protection
Endpoint protection is the name of the game, and we play to win.

https://blackcatwhitehatsecurity.com?#Endpoint

#BCWH #Windows #Endpoint #Protection #Governance #Risk #Compliance #Programming

Dragons in Thunder

This report details the activities of two hacker groups, QuietCrabs and Thor, targeting Russian companies. QuietCrabs exploited RCE vulnerabilities in Microsoft SharePoint and Ivanti Endpoint Manager Mobile, using KrustyLoader and Sliver malware. Thor employed more common tools and techniques, attacking around 110 Russian companies across various sectors. Both groups utilized recent vulnerabilities, with QuietCrabs acting within hours of exploit publications. The report highlights the groups' tactics, tools, and targeted industries, emphasizing the need for robust cybersecurity measures to counter such sophisticated attacks.

Pulse ID: 69295039f12135a4c2de7692
Pulse Link: https://otx.alienvault.com/pulse/69295039f12135a4c2de7692
Pulse Author: AlienVault
Created: 2025-11-28 07:33:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #ICS #InfoSec #Ivanti #Malware #Microsoft #OTX #OpenThreatExchange #RCE #Russia #Rust #Sliver #bot #AlienVault

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine

Arctic Wolf Labs identified a U.S.-based company targeted by the Russian-aligned threat group RomCom via SocGholish, operated by TA569. This marks the first observed instance of a RomCom payload being distributed through SocGholish. The attack chain involved compromising legitimate websites, using fake update lures to deliver malware, and executing malicious JavaScript on victim hosts. The targeted company had ties to Ukraine, aligning with RomCom's focus on entities supporting Ukraine. Evidence suggests Russia's GRU unit 29155 is leveraging SocGholish for targeting. The attack was thwarted by Arctic Wolf's Aurora Endpoint Defense, which detected and quarantined the RomCom loader upon delivery.

Pulse ID: 6925f15de6ea757941c36353
Pulse Link: https://otx.alienvault.com/pulse/6925f15de6ea757941c36353
Pulse Author: AlienVault
Created: 2025-11-25 18:11:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Endpoint #InfoSec #Java #JavaScript #Malware #Mythic #OTX #OpenThreatExchange #RAT #RomCom #Russia #SocGholish #UK #Ukr #Ukraine #bot #AlienVault

Windows Endpoint Protection
Endpoint protection is the name of the game, and we play to win.

https://blackcatwhitehatsecurity.com?#Endpoint

#BCWH #Windows #Endpoint #Protection #Governance #Risk #Compliance #Programming

Operação Endpoint: Autoridades brasileiras encerram serviços de IPTV pirata e detêm operadores
🔗 https://tugatech.com.pt/t74469-operacao-endpoint-autoridades-brasileiras-encerram-servicos-de-iptv-pirata-e-detem-operadores

#criptomoedas #digital #endpoint #hardware #judicial #marcas #online #pirataria #servidor #servidores #streaming #telegram #whatsapp #youtube 

GPT Trade: Fake Google Play Store drops BTMob Spyware and UASecurity Miner on Android Devices

A sophisticated Android dropper impersonating the Google Play Store was discovered, distributing an app called 'GPT Trade'. This malicious application, disguised as an AI trading assistant, actually deploys two dangerous payloads: BTMob spyware and UASecurity Miner. The dropper creates directories, unpacks components, and generates new APK files before silently installing the malware. BTMob grants extensive device access, enabling credential theft and surveillance. UASecurity Miner focuses on persistence and remote control. The attack chain involves social engineering, APK generation, third-party packer services, and multiple command and control endpoints, reflecting a growing trend in modular Android threats.

Pulse ID: 691d86562d76790b15750aa0
Pulse Link: https://otx.alienvault.com/pulse/691d86562d76790b15750aa0
Pulse Author: AlienVault
Created: 2025-11-19 08:56:54

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#APK #ASEC #Android #CyberSecurity #Endpoint #Google #GooglePlay #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SocialEngineering #SpyWare #bot #AlienVault

Botnet RondoDox explora falha crítica na plataforma XWiki para lançar ataques
🔗 https://tugatech.com.pt/t74401-botnet-rondodox-explora-falha-critica-na-plataforma-xwiki-para-lancar-ataques

#botnet #criptomoedas #cve #endpoint #grave #Groovy #Hacking #http #java #malware #partido #payload #segurança #servidor #servidores #vulnerabilidade #vulnerabilidades 

ClickFix: O ciberataque que o guia por vídeo para infetar o seu PC
🔗 https://tugatech.com.pt/t73979-clickfix-o-ciberataque-que-o-guia-por-video-para-infetar-o-seu-pc

#ataque #bots #ciberataque #cloudflare #computador #detetado #edr #endpoint #engenhariasocial #google #internet #javascript #linux #macos #navegador #online #payload #plugins #SEO #software #tutoriais #windows #WordPress 

Fim do Windows 10: Microsoft detalha requisitos das ESU para o Windows 365
🔗 https://tugatech.com.pt/t73972-fim-do-windows-10-microsoft-detalha-requisitos-das-esu-para-o-windows-365

#endpoint #IDS #microsoft #segurança #ti #windows 

Microsoft desliga o SmartScreen no Internet Explorer e Modo IE do Windows 11
🔗 https://tugatech.com.pt/t73887-microsoft-desliga-o-smartscreen-no-internet-explorer-e-modo-ie-do-windows-11

#Edge #endpoint #internet #intranet #microsoft #navegador #phishing #segurança #ti #web #windows 

Hackers russos usam o Hyper-V do Windows para criar um "esconderijo" Linux e escapar a antivírus
🔗 https://tugatech.com.pt/t73854-hackers-russos-usam-o-hyper-v-do-windows-para-criar-um-esconderijo-linux-e-escapar-a-antivirus

#ataque #cert #ciberespionagem #edr #endpoint #hackers #https #linux #malware #microsoft #proxy #segurança #servidores #ssh #tecnologia #windows 

Allo Digione Signature / Digital Transport

Inzwischen habe ich alle möglichen Varianten eines ROON Endpoints ausprobiert. Heute eine Allo Digione Signature zusammengebaut und in Betrieb genommen. Der Sound, den dieses kleine DIY-Gerät am S/PDIF Coaxial absondert, ist wirklich phänomenal. Das übertrifft alles, was ich bisher gehört habe und wird damit mein absoluter Favorit für die Soundausgabe.

#roon #allo #endpoint #music #raspberrypi

🚀 Master modern endpoint management with Mastering Microsoft Intune (2nd Edition)!
Written by Microsoft experts Christiaan Brinkhoff & Per Larsen, with forewords from Scott Manchester and Steve Dispensa, this guide covers Intune Suite, Windows 365, Autopatch, Defender & Copilot.

Perfect for IT pros looking to secure and simplify device management.

Now 15% OFF on Amazon.com – grab your copy today!

Buy Here- https://packt.link/0rLst

#intune #microsoft #tech #technology #books #endpoint

🚨 STOP GETTING HACKED BECAUSE OF A OPERATING SYSTEM USED BY 90% OF BUSINESSES...

💥 At @C2DITSolutions we have THE solution.

IGEL OS: an open-source and European alternative that revolutionizes endpoint security:
✅ 95% reduction in attack surfaces
✅ Seamless integration on your existing machines: no need to replace everything
✅ Centralized management: Control all your endpoints from a single interface for flawless, stress-free security

👉 www.c2d.eu/igel-os
#Cybersecurity #endpoint #OS #Igel

Endpoint Celebrate Legacy With Remastered ‘Catharsis (Deluxe Edition)’

Louisville hardcore veterans Endpoint announce Catharsis (Deluxe Edition), a fully remastered version of their 1992 classic, out November 19 via Equal Vision Records. Featuring 17 tracks — including the Idiots EP and split 7” songs with Sunspring — this expanded release captures the band’s raw intensity and evolving sound. Originally issued by Doghouse Records, Catharsis remains a defining statement in early-’90s hardcore: melodic yet aggressive, introspective yet rebellious. Available digitally and on double vinyl with an etched D-side, the reissue preserves Endpoint’s legacy as one of the most influential acts of their era.

https://youtu.be/OPQNvkvyR3w?si=49HaHEVRLjzFAPg7

#ENDPOINT #MUSIC #NEWS

Kaspersky descobre falha grave no ThrottleStop explorada em ataque de ransomware no Brasil
🔗 https://tugatech.com.pt/t73297-kaspersky-descobre-falha-grave-no-throttlestop-explorada-em-ataque-de-ransomware-no-brasil

#ataque #base #cpu #cve #edr #endpoint #grave #IDS #IPS #kernel #malware #mfa #Opera #processador #processadores #ransomware #segurança #servidores #software #tecnologia #vulnerabilidade #vulnerabilidades