Hackers are abusing the MSBuild environment to embedded malicious code into applications to evade detection. Attackers are abusing MSBuild to evade defences and implant Cobalt Strike beacons – SANS Internet Storm Centre
Installing crypto miners using Log4Shell vulnerabilities
Example of how attackers are trying to push crypto miners via Log4Shell – SANS Internet Storm Centre
Phishing campaigns – Indeed
One of the things we advise people to do on our Phishing and Social Engineering training, is to be very aware of the look and feel of any login pages and web sites they are directed to, as bad actors may not get it completely right – so if they …
Beware of contact forms – of course the hackers abuse these as well!
Contact forms are everywhere – no one puts email addresses on website because “people” just harvest those for spam/phishing campaigns – we have a contact form on this site. Here is a description on the SANS Internet Storm Diary explaining how these scam attacks are carried. It is not very …
Continue reading “Beware of contact forms – of course the hackers abuse these as well!”
Why “just anti-virus” is not the whole solution
Obfuscated backdoor attack: Simple but Undetected PowerShell Backdoor – SANS This is a more complex read but if you are in the business it is a real help to see how these old school attacks still work.
