'Duri' makes use of HTML smuggling to deliver malware
An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies, and firewalls. The campaign, uncovered on Tuesday, has been ongoing since July.
CISA: Phishing eMails used to deploy KONNI malware
The Cybersecurity and Infrastructure Security Agency has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.
Microsoft Defender ATP adds new malicious behavior blocking feature
Endpoint detection and response (EDR) in block mode is currently in public preview and it uses behavioral blocking to block and contain malware, malicious attacks, and malicious artifacts following post-breach detection or if they're missed by the main antivirus solution.