3701

BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/

3702

AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits

3703

The important thing to notice is that Avast is one of the 6 Security companies that
detects this vulnerability.

3704

QAKBOT Loader Returns With New Techniques and Tools
https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html

3705

A Peek into Top-Level Domains and Cybercrime
https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/

3706

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

3707

BrazKing Android Malware Upgraded and Targeting Brazilian Banks
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/

3708

Blacksmith
https://comsec.ethz.ch/research/dram/blacksmith/
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf

3709

Uncovering MosesStaff techniques: Ideology over Money
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/

3710

Guess who’s back
https://cyber.wtf/2021/11/15/guess-whos-back/

3711

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/

3712

Linux malware agent hits eCommerce sites
https://sansec.io/research/ecommerce-malware-linux-avp

3713

New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/

3714

What’s not explained is how the payload got to the system in the first place. Unless I missed that?

3715

Seeing Red
https://www.domaintools.com/resources/blog/seeing-red?

3716

Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf

3717

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html

3718

Threat actors find and compromise exposed services in 24 hours
https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/

3719

You Overtrust Your Printer
https://arxiv.org/pdf/2111.10645.pdf

3720

RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/