Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

[SANS ISC] RedLine Stealer Delivered Through FTP

published on 2022-01-20 12:26:41 UTC by Xavier
Content:

I published the following diary on isc.sans.edu: “RedLine Stealer Delivered Through FTP“:

Here is a piece of malicious Python script that injects a RedLine stealer into its own process. Process injection is a common attacker’s technique these days (for a long time already). The difference, in this case, is that the payload is delivered through FTP! It’s pretty unusual because FTP is today less and less used for multiple reasons (lack of encryption by default, complex to filter with those passive/active modes). Support for FTP has even been disabled by default in Chrome starting with version 95! But FTP remains a common protocol in the IoT/Linux landscape with malware families like Mirai. My honeypots still collect a lot of Mirai samples on FTP servers. I don’t understand why the attacker chose this protocol because, in most corporate environments, FTP is not allowed by default (and should definitely not be!)… [Read more]

The post [SANS ISC] RedLine Stealer Delivered Through FTP appeared first on /dev/random.

Article: [SANS ISC] RedLine Stealer Delivered Through FTP - published almost 3 years ago.

https://blog.rootshell.be/2022/01/20/sans-isc-redline-stealer-delivered-through-ftp/   
Published: 2022 01 20 12:26:41
Received: 2022 01 20 12:44:05
Feed: /dev/random
Source: /dev/random
Category: Cyber Security
Topic: Cyber Security
Views: 2

Custom HTML Block

Click to Open Code Editor