Andy's News Roundup

Ransomware Roundup – Monti, BlackHunt, and Putin Ransomware


On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and across the OSINT community. The Ransomware Roundup report provides brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This latest edition of the Ransomware Roundup covers Monti, BlackHunt, and Putin ransomware. Affected platforms: Microsoft WindowsImpacted parties: Microsoft Windows UsersImpact: Encrypts files on the compromised machine and demands ransom for file decryptionSeverity level: High Monti Ransomware Monti is a relatively new ransomware designed to encrypt files on Linux systems. Files encrypted by Monti ransomware have a...

Creating AWS security efficiencies in IT


As we enter 2023, both security and digital transformation efforts (e.g. cloud migration) continue to be important priorities for organizations. This combination brings huge challenges for IT teams, who are not only required to facilitate major digital changes and increase developer productivity but also ensure that this transformation is secure by default.  When using AWS in particular, it’s challenging to understand how to strike this balance between accelerated cloud growth and security. AWS’ ecosystem is vast — almost overwhelmingly so.  But luckily, there are several steps that your teams can take to create AWS efficiencies and streamline cloud security.  Three...

BitRAT Now Sharing Sensitive Bank Data as a Lure


Introduction In June of 2022 Qualys Threat Research Unit (TRU) wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their evolving capabilities. In this blog, we will highlight our findings on another commercial off the shelf malware – BitRAT. BitRAT is a fairly recent, notorious remote access trojan (RAT) marketed on underground cybercriminal web markets and forums since Feb 2021. The RAT is particularly well known for its social media presence and functionality such...

Persistence and LOLBins


Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out.First, the Registry modification:reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\Utilities\query" /v LOLBin /t REG_MULTI_SZ /d 0\01\0LOLBin\0calc.exeThen the command to launch calc.exe:query LOLBinNow, I've tried this on a Windows 10 system and it works great, even though Terminal Services isn't actually running on this system. Running just the "query" command on both Windows 10 and Windows 11 systems (neither with Terminal Services running) results in the same output on both:C:\Users\harlan>queryInvalid parameter(s)QUERY { PROCESS | SESSION...

Previous page   Next page