Cyber Creatures

  Hackers are abusing the Windows Problem Reporting (WerFault.exe) error reporting tool for Windows to load malware into a compromised system's memory using a DLL sideloading technique . The use of this Windows executable is to stealthy infect devices without raising any alarms on the breached system by launching the malware through a legitimate Windows executable . The new campaign was spotted by K7 Security Labs , which could not identify the hackers , but they are believed to be based in China . Abusing WerFault.exe The malware campaign starts with the arrival of an email with an ISO attachment . When double-clicked , the ISO will mount itself as a new drive letter containing a legitimate copy of the Windows WerFault.exe executable, a DLL file ('faultrep.dll') , an XLS file ('File.xls') , and a shortcut file ('inventory & our specialties.lnk') . The victim starts the infection chain by clicking on the shortcut file , which uses 'scr...

We should always think if we’re using software that has the Log4j component , it could be affected . We’re sharing some useful tools for you to help detect Log4j vulnerabilities . However, we want to clarify one thing: If these tools could not find anything at the moment , it does not mean that we’re safe. All tools and systems are still updating , new CVEs are being added . So, we need to follow updates, news, and details every day. a. log4j-scan You can use the Log4j scanning tool to check your system . This tool is a fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 . You can download from the Github repository and install the requirements easily . Installation : You need to clone the Github repository and install the required dependencies. $ git clone https://github.com/fullhunt/log4j-scan $ pip3 install -r requirements.txt Usage : You can run your log4j-scan script now if everything works fine. If you want to scan a single URL : $ pytho...