#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Shellcode | Breaking Cybersecurity News | The Hacker News

Category — Shellcode
China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

Jun 11, 2024 Malware / Cyber Attack
Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said . ValleyRAT was previously documented by QiAnXin and Proofpoint in 2023 in connection with a phishing campaign targeting Chinese-speaking users and Japanese organizations that distributed various malware families such as Purple Fox and a variant of the Gh0st RAT trojan known as Sainbox RAT (aka FatalRAT). The malware has been assessed to be the work of a China-based threat actor, boasting of capabilities to harvest sensitive information and drop additional payloads onto compromised hosts. The starting point is a downloader that utilizes an HTTP File Server (HFS) to fetch a file named
LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Jan 25, 2024 Fileless Malware / Endpoint Security
Cybersecurity researchers have uncovered an updated version of a backdoor called  LODEINFO  that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which  said  the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques." LODEINFO (versions 0.6.6 and 0.6.7) was  first documented  by Kaspersky in November 2022, detailing its capabilities to execute arbitrary shellcode, take screenshots, and exfiltrate files back to an actor-controlled server. A month later, ESET  disclosed attacks  targeting Japanese political establishments that led to the deployment of LODEINFO. The backdoor is the work of a Chinese nation-state actor known as Stone Panda (aka APT10, Bronze Riverside, Cicada, Earth Tengshe, MirrorFace, and Potassium), which has a history of orchestrating attacks targeting Japan since 2021. Attack chains commence with phishing emails bearing
NIST Cybersecurity Framework (CSF) and CTEM – Better Together

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

Sep 05, 2024Threat Detection / Vulnerability Management
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018's version 1.1 was designed for any organization looking to address cybersecurity risk management.  CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It's a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protec
Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Researchers Uncover Packer Used by Several Malware to Evade Detection for 6 Years

Jan 31, 2023 Threat Detection / Malware
A shellcode-based  packer  dubbed  TrickGate  has been successfully operating without attracting notice for over six years, while enabling threat actors to deploy a wide range of malware such as TrickBot, Emotet, AZORult, Agent Tesla, FormBook, Cerber, Maze, and REvil over the years. "TrickGate managed to stay under the radar for years because it is transformative – it undergoes changes periodically," Check Point Research's Arie Olshtein  said , calling it a "master of disguises." Offered as a service to other threat actors since at least late 2016, TrickGate helps conceal payloads behind a layer of wrapper code in an attempt to get past security solutions installed on a host. Packers can also function as crypters by encrypting the malware as an obfuscation mechanism. "Packers have different features that allow them to circumvent detection mechanisms by appearing as benign files, being difficult to reverse engineer, or incorporating sandbox evasion tec
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Expert Insights / Articles Videos
Cybersecurity Resources