Over the last 2 weeks we saw A new parasitic malware targets the popular Nginx web server, Sansec discovered. This novel code injects itself into a host Nginx application and is nearly invisible. Sansec also discovered a sophisticated threat that is packed with never-seen stealth techniques.

For more articles, check out our #onpatrol4malware blog.

APWG Report: Phishing Smashes All Previous Records in Q3, 2021; Phishing Attacks Double Since Early 2020

Source: LinkedIn

Attacks Remain Costly, Rising and Maintaining Intensity of Focus Against Cryptocurrency Coins and Services Brands. Read more.

What is Protective DNS?

Source: Open Data Science

Protective DNS is an umbrella term for security solutions that examine DNS queries and implement safeguards to prevent systems from accessing internet resources that contain malicious C2 botnets, malware, ransomware, phishing, and more. Read more.

NginRAT parasite targets Nginx

Source: Sansec

A new parasitic malware targets the popular Nginx web server, Sansec discovered. This novel code injects itself into a host Nginx application and is nearly invisible. The parasite is used to steal data from eCommerce servers, also known as “server-side Magecart”. Read more.

CronRAT malware hides behind February 31st

Source: Sansec

In the run-up to Black Friday, Sansec discovered a sophisticated threat that is packed with never-seen stealth techniques. This malware, dubbed “CronRAT”, hides in the Linux calendar system on February 31st. Read more.

The benefits of external threat hunting

Source: Bleeping Computer

Have you heard of external threat hunting or threat reconnaissance? If you have, you’re in the 1 percent of the 1 percent. This article will help you to learn more. Read more.

Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors

Source: Proofpoint

Proofpoint threat researchers have observed the adoption of a novel and easily implemented phishing attachment technique by APT threat actors in Q2 and Q3 of 2021. Read more.

Tracking a P2P network related to TA505

Source: NCC Group

For the past few months NCC Group has been closely tracking the operations of TA505 and the development of their various projects (e.g. Clop). During this research we encountered a number of binary files that we have attributed to the developer(s) of ‘Grace’ (i.e. FlawedGrace). Read more.