Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

Threat actors have compromised thousands of websites for the purpose of engineering industrialized ClickFix and FakeUpdate attacks in an organized malware delivery operation aimed at selling initial ...
The Hacker News

Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader.
LinkedIn

FROM ALERT TO ACTION: HOW SOC ANALYSTS USE EDR TOOLS TO INVESTIGATE ENDPOINT THREATS

It's 07:42 on a Tuesday. You just grabbed your coffee. Then your SIEM screams. High-severity alert. Finance department. Multiple detection rules fired. The alert is vague—something about "suspicious ...
GitHub

powershell_fileless_script_contains_base64_encoded_content.yml

description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
GitHub

registry_keys_used_for_persistence.yml

description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...