Blog - Cyber Security Informer

VIPRE Endpoint Security and Encrypted DNS

Vipre

JANUARY 27, 2021

Most of you have probably heard about encrypted DNS (DNS-over-HTTPS or DoH, and DNS-over-TLS or DoT) and have noticed that several of the major browser vendors have rolled out support for these newer protocols. Well, we’ll try to answer that question in this blog post. is the OS’s problem.

DNS

DNS Encryption

bA Data-Centric Approach to DEFEND

Thales Cloud Protection & Licensing

DECEMBER 18, 2019

The topic of my presentation at this summit was a “Data-centric approach to DEFEND”. The key focus of this phase is data security. I follow that path down to where that data is stored. Along the way, I highlight where and why industry best practices for encryption, policy and access controls can be applied.

Digital transformation

Digital transformation CISO Government Cybersecurity

New variant of Konni malware used in campaign targetting Russia

Malwarebytes

AUGUST 20, 2021

This blog post was authored by Hossein Jazi. In this blog post we provide on overview of this campaign that uses t wo different UAC bypass techniques and clever obfuscation tricks to remain under the radar. is used to store the data of the first decoded content and y.ps1 is used to store the data of the second decoded content.

Malware

Malware Encryption Phishing Authentication

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Duo Makes Verifying Device Trust as Easy as 1-2-3

Duo's Security Blog

AUGUST 16, 2021

Unknown devices offer the lowest level of trust because they’re beyond the control of the IT department. Enforcing security requirements such as OS updates and disk encryption help organizations set a baseline for healthy and compliant devices. For critical applications and environments with sensitive data (e.g.,

Authentication

Authentication Data breaches Encryption Retail

My Philosophy and Recommendations Around the LastPass Breaches

Daniel Miessler

DECEMBER 24, 2022

It started back in August of 2022 as a fairly common breach notification on a blog, but it, unfortunately, turned into more of a blog series. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.

Password Management

Password Management Passwords Encryption Architecture

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

Malwarebytes

MAY 31, 2023

In this blog, we'll review Volt Typhoon, dig into how they evade detection, discuss CISA's protective recommendations, and see how Malwarebytes EDR can help eliminate such threats. Enable consistent logging on edge devices and network-level logging to identify potential exploitation and lateral movement. Who is Volt Typhoon?

Passwords

Passwords Government Firewall Accountability

McAfee Enterprise & FireEye 2022 Threat Predictions

McAfee

OCTOBER 26, 2021

“With the evolving threat landscape and continued impact of the global pandemic, it is crucial that enterprises stay aware of the cybersecurity trends so that they can be proactive and actionable in protecting their information.”. Potential misuse of the APIs to launch attacks on enterprise data. Lazarus Wants to Add You as a Friend.

Cybercrime

Cybercrime Ransomware Risk B2C

Abusing cloud services to fly under the radar

Fox IT

JANUARY 12, 2021

NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry. The objective in these cases appear to be stealing sensitive data from the victim’s networks.

VPN

VPN Accountability Passwords DNS

Millions of Samsung Android Phones Shipped with Encryption Flaw [Report]

Security Boulevard

MARCH 1, 2022

Millions of Samsung Android Phones Shipped with Encryption Flaw [Report]. These “severe” cryptographic design flaws could let attackers extract hardware-protected keys, according to a paper describing the problem. In most mobile devices, the Android OS runs the nonsecure Normal World. Bane of encryption. brooke.crothers.

Encryption

Encryption Government Mobile Media

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

The high-level workflow this campaign is illustrated below. EMOTET was protected with an extreme commercial packer dubbed Themida. Themida introduced an additional protection layer that made it harder to analyze. Data includes date/hour of infection , remote IP from victim’s computer , OS version and antivirus name.

Banking

Banking Malware Antivirus Cyber threats

Operation TunnelSnake

SecureList

MAY 6, 2021

Usually deployed as drivers, such implants have high privileges in the system, allowing them to intercept and potentially tamper with core I/O operations conducted by the underlying OS, like reading or writing to files or processing incoming and outgoing network packets. The user agent dumps an embedded VBoxDrv.sys image of version 1.6.2

Malware

Malware Architecture Engineering Technology

Turning every Android device into a trusted companion

CyberSecurity Insiders

MAY 24, 2021

In this blog, I am joined by my colleagues Stéphane Quetglas, Marketing Director, Embedded Products and Jean-François Rubon, Strategy and Partnership, as well as Sudhi Herle, Head of Android TM Platform Security at Google, to discuss the latest innovation in embedded secure element (eSE). Could you explain the recent announcement about eSE?

Mobile

Mobile Marketing Manufacturing Encryption

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Cisco Security

JULY 5, 2021

It protects Endpoints (Windows, Mac, Linux, Android, and iOS) and prevents breaches, blocks malware at the point of entry and continuously monitors and analyses files and processes to quickly detect, contain, and remediate threats that can evade other security control mechanisms. PROTECT – Data Security (data leak protection).

Malware

Malware Risk Mobile Technology

Protecting Against Ransomware 3.0 and Building Resilience

Duo's Security Blog

JUNE 27, 2023

According to the 2022 Verizon Data Breach Investigations Report, ransomware has increased by 13% over the previous year — a jump greater than the last five years combined. evolved the double-extortion technique of threatening data release in addition to locking systems, Ransomware 3.0 The Rise of Ransomware 3.0 Ransomware 3.0

Ransomware

Ransomware Healthcare Phishing Authentication

Granular Security at the App Level

Thales Cloud Protection & Licensing

SEPTEMBER 25, 2018

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys. This blog returns to the “SDK” flavor of Vormetric Application Encryption. Securing a Security Product.

Encryption

Encryption Architecture Passwords

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

McAfee

SEPTEMBER 14, 2021

Within ATR we typically monitor many adversaries for years and collect and store data, ranging from indicators of compromise (IOCs) to the TTPs. McAfee customers are protected from the malware/tools described in this blog. Adding [data from location]. Data Exfiltration.

Malware

Malware DNS Accountability Manufacturing

Detecting Credential Stealing Attacks Through Active In-Network Defense

McAfee

SEPTEMBER 22, 2021

Post initial compromise, to be able to execute meaningful attacks, attackers would need to steal credentials to move laterally inside the network, access critical network assets and eventually exfiltrate data. Seed a target system with credentials (such as username/password, browser tokens, and other forms of authentication data).

Authentication

Authentication Accountability Encryption Passwords

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

At the time, Live CDs were the “in thing” They would allow you to run a Linux OS completely off a disk, using RAM as a temporary HDD, without leaving a trace behind. Knoppix was chosen as the base OS which is Debian-based. Even with persistence for USBs, it is more for user data, rather than packages.

InfoSec

InfoSec Penetration Testing Architecture Software

Preparing for IT/OT convergence: Best practices

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by a colleague from Tenable. With no data traveling outside the environment, and nothing from outside coming in, this buffer is viewed as the ultimate methodology in securing an organization from security threats. • Vulnerability management that tracks and scores patch and risk levels of ICS devices.

Energy and Utilities

Energy and Utilities Threat Detection Manufacturing Technology

New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts

Security Boulevard

OCTOBER 13, 2022

This blog will show the attack chain, decipher and explain the stages of execution, and provide technical analysis of the PHP code of Ducktail Infostealer. Earlier versions (observed by WithSecure Labs) were based on a binary written using.NetCore with Telegram as its C2 Channel to exfiltrate data. Executive summary.

Accountability

Accountability Malware Encryption Passwords

Black Hat Europe 2022 NOC: When planning meets execution

Cisco Security

DECEMBER 22, 2022

In this blog about the design, deployment and automation of the Black Hat network, we have the following sections: Designing the Black Hat Network, by Evan Basta. The mission: Deploy 100+ Meraki access points to provide Wi-Fi to four conference levels, a dozen plus training courses, dozens of briefings, keynotes and the business hall.

Engineering

Engineering Mobile Malware Wireless

PHP Variant of Ducktail Targets Facebook Business Accounts

Security Boulevard

OCTOBER 13, 2022

This blog will show the attack chain, decipher and explain the stages of execution, and provide technical analysis of the PHP code of Ducktail Infostealer. Earlier versions (observed by WithSecure Labs) were based on a binary written using.NetCore with Telegram as its C2 Channel to exfiltrate data. Executive summary.

Accountability

Accountability Malware Encryption Passwords

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

The following schema is an effort to present in a single high-level diagram the workflow of the most popular Latin American trojans. Figure 2: High-level diagram of the modus operandi of the most popular Latin American banking trojans. Figure 5: High-level diagram of Javali trojan banker.

Antivirus

Antivirus Malware Banking Internet

Extended Validation Certificates are Dead

Troy Hunt

SEPTEMBER 17, 2018

In other words, seeing the company name results in higher levels of trust or if we invert that statement, not seeing the company name results in decreased trust, right? DV is easy and indeed automation is a cornerstone of Let's Encrypt which is a really important attribute of it.

Marketing

Marketing Encryption Phishing Banking

API Security 101

Security Boulevard

NOVEMBER 18, 2021

The current API top ten are Broken Object-Level Authorization , Broken User Authentication , Excessive Data Exposure , Lack of Resources & Rate Limiting , Broken Function-Level Authorization , Mass Assignment , Security Misconfiguration , Injection , Improper Assets Management , and Insufficient Logging & Monitoring.

Authentication

Authentication Accountability Passwords Engineering

RM3 – Curiosities of the wildest banking malware

Fox IT

MAY 4, 2021

But if you would like to understand the rather tortured history of this particular malware a little better, the research and blog posts on the subject by Check Point are a good starting point. Otherwise, the banking malware was configured as an advanced infostealer, designed to steal data and intercept all keyboard interactions.

Banking

Banking Malware Encryption Architecture

Cyber Security Informer

VIPRE Endpoint Security and Encrypted DNS

bA Data-Centric Approach to DEFEND

Webinars

Trending Sources

New variant of Konni malware used in campaign targetting Russia

Webinars

Duo Makes Verifying Device Trust as Easy as 1-2-3

My Philosophy and Recommendations Around the LastPass Breaches

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

McAfee Enterprise & FireEye 2022 Threat Predictions

Abusing cloud services to fly under the radar

Millions of Samsung Android Phones Shipped with Encryption Flaw [Report]

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Operation TunnelSnake

Turning every Android device into a trusted companion

Mapping Secure Endpoint (and Malware Analytics) to NIST CSF Categories and Sub-Categories

Protecting Against Ransomware 3.0 and Building Resilience

Granular Security at the App Level

Operation ‘Harvest’: A Deep Dive into a Long-term Campaign

Detecting Credential Stealing Attacks Through Active In-Network Defense

Happy 10th anniversary & Kali's story.so far

Preparing for IT/OT convergence: Best practices

New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts

Black Hat Europe 2022 NOC: When planning meets execution

PHP Variant of Ducktail Targets Facebook Business Accounts

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Extended Validation Certificates are Dead

API Security 101

RM3 – Curiosities of the wildest banking malware

Stay Connected