Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
Hackaday

Building An IBM PCjr BIOS From Source Using Original Printed Source Code

As unloved as IBM’s PCjr was, with only a one-year production run, it’s hard to complain about the documentation available ...
TechJuice

Hackers Deploy SNOW Malware Suite via Microsoft Teams

A cyber group is impersonating IT helpdesk staff via Microsoft Teams to deploy malware and target corporate systems.
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
GitHub

windows_exfiltration_over_c2_via_invoke_restmethod.yml

description: The following analytic detects potential data exfiltration using PowerShell's Invoke-RestMethod. It leverages PowerShell Script Block Logging to identify scripts that attempt to upload ...
GitHub

disable_uac_remote_restriction.yml

description: The following analytic detects the modification of the registry to disable UAC remote restriction by setting the "LocalAccountTokenFilterPolicy" value to "0x00000001". It leverages data ...

Do not fall for this fake Windows update support site. It’s spreading a password-stealing ...

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installer ...