Aggregator

Take control of pesky permission pop-ups and decide exactly which websites can access your camera, microphone, location, and send you notifications.

The post Browser Guard gets even better with Access Control  appeared first on Security Boulevard.

Dear blog readers,

I recently did something very interesting and I decided to share my results and findings.

What I did was the following. While doing a  technical collection round for malicious software I came across to Carberp's source where I decided to take a peek and found out some pretty interesting and relevant personally attributable IoCs (Indicators of Compromise) which led me to further pursue an OSINT enrichment process which led me to believe and conclude that there's a high probability that Aquilla (Dmitry) from the WASM forum community could be one of the main authors of the Carberp banking trojan.

The most interesting part of this technical collection round which then turned into IoCs extraction and then OSINT enrichment based on the successfully found hardcoded IoCs in Carberp's publicly accessible and leaked source code is that I think I have managed to establish a direct connection between the hardcoded C&Cs and Is Aquila (Dmitry) from the WASM forum community.

Here's the interesting part and the actual hardcoded C&C IoCs I found in Carberp's publicly accessible source code:

hxxp://178.63.11.137 (Primary test C2)
hxxp://94.240.148.127 (Alt configuration node parsing `/cfg/passw.plug`)

Payload Drop Zones & Telemetry:
hxxp://apartman-adriana.com (http://.../temp/DrClient.dll) - Email: [email protected]
hxxp://56tgvr.info

We then have an interesting connection for one of the IoCs (hxxp://178.63.11.137) which appears to have been known to be responding to the email server for the WASM forum community which based on additional analysis appear to have been managed and operated and actually owned by Aquila also known as Dmitry (Email: [email protected]; [email protected]; hxxp://dimon.ru).

Related domain registrations for Aquila:

hxxp://symbolographia.com
hxxp://wasm.site
hxxp://posthumanism.info

Related screenshot:

The post Is Aquila (Dmitry) from WASM Forum Community the Author of the Carberp Banking Malware? appeared first on Security Boulevard.

You must login to view this content

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-34197 Apache ActiveMQ Improper Input Validation Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea (DPRK) and its weapons programs. Kejia Wang, 42, received a 108-month prison sentence, while his […]

The post Two U.S. Nationals Sentenced for Running Laptop Farm for DPRK Remote Workers appeared first on Cyber Security News.