Also Node.js has been used to perform a Living off the Land (LotL) attack

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”

New version of FinFisher spyware used to spy on iOS and Android users in 20 countries

Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices.

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human rights.

Continue reading “New version of FinFisher spyware used to spy on iOS and Android users in 20 countries”

‘Agent Smith’ malware has infected Android apps on 25 million devices

According to security firm Check Point, a newly discovered Android malware that replaces portions of apps with its own code has infected more than 25 million devices.

Continue reading “‘Agent Smith’ malware has infected Android apps on 25 million devices”

Windows Security Event Logs: my own cheatsheet

During a forensic investigation, Windows Event Logs are the primary source of evidence.
Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.

Continue reading “Windows Security Event Logs: my own cheatsheet”