Cloud Security Alliance News Clipping Site

Tag: infection chain

  • Cisco Talos Blog: Threat Spotlight: WarmCookie/BadSpace

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/warmcookie-analysis/ Source: Cisco Talos Blog Title: Threat Spotlight: WarmCookie/BadSpace Feedly Summary: WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.  AI Summary and Description: Yes Summary: The text discusses the emergence and operational characteristics of the WarmCookie malware family, which has…

  • Cisco Talos Blog: Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/gophish-powerrat-dcrat/ Source: Cisco Talos Blog Title: Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Feedly Summary: Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. AI Summary and Description: Yes Summary: The text details the analysis of a sophisticated phishing campaign…

  • Cloud Blog: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/ Source: Cloud Blog Title: PEAKLIGHT: Decoding the Stealthy Memory-Only Malware Feedly Summary: Written by: Aaron Lee, Praveeth DSouza TL;DR Mandiant identified a new memory-only dropper using a complex, multi-stage infection process. This memory-only dropper decrypts and executes a PowerShell-based downloader. This PowerShell-based downloader is being tracked as PEAKLIGHT. Overview Mandiant Managed Defense…