Security researchers have found that social engineering campaigns that drop Emotet botnet are using "unconventional" IP address formats for the first time to bypass security solutions. Emotet spam campaigns aim to trick users into enabling document that uses Excel 4.0 Macros, a feature that has been repeatedly abused by hackers, and to automate malware execution. Once the victim enables the macros, it invokes an embedded URL that is obfuscated with carets and coded with an IP address with hexadecimal representation - "h^tt^p^[:]/^/0xc12a24f5/cc[.]html". In addition, other campaigns also utilized the same modus operandi with the difference of using an IP address coded in the octal format - "h^tt^p^[:]/^/0056.0151.0121.0114/c[.]html". The unique utilization of hexadecimal and octal IP addresses in these campaigns, as per analysts, indicates that attackers are continuing to innovate to avoid pattern-based detection techniques.
The US government has issued a warning about the North Korea-linked hacking group known as Kimsuky, which has been exploiting weak email Domain-based Message Authentication, Report...
Czechia and Germany disclosed being targeted by a long-term cyber espionage campaign by the Russia-linked APT28, drawing condemnation from the EU, NATO, the UK, and the US. The Cze...
A recent study conducted by five Chinese researchers from the Harbin Institute of Technology has revealed concerning lapses in the security configurations of nearly 14,000 governme...