eSecurity Planet

AUGUST 16, 2021

In a blog post , researchers with the Microsoft 365 Defender Threat Intelligence Team outlined how the cybercriminals changed tactics to evade detection, going so far as to change their obfuscation and encryption mechanisms an average of every 37 days – including using older encryption methods like Morse code.

Phishing 109

Phishing Social Engineering Passwords Engineering 109

Fox IT

NOVEMBER 1, 2023

Another development is that its developers started obfuscating the first stage of Blister, making it more evasive. It used valid code signatures referencing the company Blist LLC to pose as a legitimate executable, likely leading to the name Blister. Elastic Security recently wrote about this version 7.

Computers and Electronics 92

Computers and Electronics Encryption DNS Ransomware 92

Malwarebytes

JANUARY 29, 2021

This blog post was authored by Hasherezade and Jérôme Segura. On January 27, Europol announced a global operation to take down the botnet behind what it called the most dangerous malware by gaining control of its infrastructure and taking it down from the inside. In this blog we will review this update and how it is meant to work.

Malware 106

Malware System Administration Banking Accountability 106

Troy Hunt

JULY 12, 2018

Does it do any good? What's it actually protecting? So that's precisely what I've done - intercepted my own traffic passed over an insecure connection and put together a string of demos in a 24-minute video explaining why HTTPS is necessary on a static website. Is it needed?

DNS 276

DNS Wireless Risk Banking 276

Security Boulevard

JANUARY 17, 2024

This blog post describes methods that SpecterOps consultants have researched to successfully circumvent this technology during offensive assessments. What is RBI and Why Use It? In this function, it does an excellent job. In this function, it does an excellent job. Why Do We Care? Why should I care?” Why should I care?”

DNS 64

DNS Penetration Testing Passwords Encryption 64

Security Boulevard

MARCH 17, 2021

How to scan for PII leaks, credentials, and other sensitive data leaks using data flows. Last time, I talked about the perils of leaving secrets in open-sourced code and how to detect those secrets using regex and entropy analysis. Scanning for Secrets in Source Code. How should you discover these sensitive data leaks?

Accountability 72

Accountability Banking Risk Software 72

Security Boulevard

SEPTEMBER 30, 2021

The Humanitarian Costs of Insecure Code. After all, these situations are eventually worked out, and it’s not as if anyone’s life is in danger. What is Pegasus? How Does Pegasus Compromise Code? A look at the nature and effects of legal, advanced spyware on application security. Pegasus attacks are different.

Spyware 52

Spyware Government Surveillance Mobile 52

Malwarebytes

FEBRUARY 12, 2021

In our last blog, Barcode Scanner app on Google Play infects 10 million users with one update , we wrote about a barcode scanner found on the Google Play store that was infected with Android/Trojan.HiddenAds.AdQR. Why did we find evidence of LavaBird being the owner during our last blog prior to the transfer date?

Malware 123

Malware Accountability Mobile Passwords 123

Security Affairs

DECEMBER 29, 2019

x and also specially crafted codes make it difficult to analyze both on a sandbox environment or manually. zip, that is a DLL file with additional code on C2 and how the trojan gets details from the user’s computers. The malware was named ‘Lampion’ as this is the name used as part of its internal name. Lampion trojan (P-19-2.dll)

Malware 98

Malware Internet Internet Antivirus 98

SecureList

JANUARY 11, 2021

On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In a previous blog, we dissected the method used by Sunburst to communicate with its C2 server and the protocol by which victims are upgraded for further exploitation.

Malware 61

Malware Media Internet Internet 61

Elie

MAY 30, 2018

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. This post is the fourth, and last, post in a series of four dedicated to providing a concise overview of how to use AI to build robust anti-abuse protections. first post. slides here.

Accountability 107

Accountability Artificial Intelligence Engineering Retail 107

Elie

MAY 30, 2018

This blog post survey the attacks techniques that target AI (artificial intelligence) systems and how to protect against them. This post is the fourth, and last, post in a series of four dedicated to providing a concise overview of how to use AI to build robust anti-abuse protections. first post. slides here.

Accountability 91

Accountability Artificial Intelligence Engineering Retail 91

Fox IT

MARCH 19, 2020

This blogpost will go into detail about the development process, how the tool works and provides mitigation advice. This is what it looked like from a high-level overview. To route data over LDAP we need to get code execution privileges first on workstations in both segments. But what if the payload exceeds that size?

Accountability 74

Accountability Architecture Penetration Testing Authentication 74

Security Boulevard

APRIL 5, 2022

At the beginning of this journey I had no idea what Random Forests were, the tradeoffs of underfitting and overfitting, what “deep learning” actually entailed, nor what pretty much any machine learning terms or concepts were. So What Is Machine Learning? Obligatory meme.

Architecture 69

Architecture InfoSec Risk Technology 69

Security Boulevard

MAY 24, 2023

Within the cybersecurity industry, many of us have a natural inclination towards digging into technical concepts and understanding what is going on under the hood. Most recently this has meant an interest in digging into what lies beneath the level of “Procedure.” In my case, this seemed a little daunting at first. Let’s begin!

Engineering 59

Engineering InfoSec Information Security Accountability 59

Malwarebytes

MARCH 4, 2022

This blog post was authored by Hasherezade, Ankur Saini and Roberto Santos. First, what we see is a 32 bit Windows executable with an icon resembling a gift. It has to be run as Administrator in order to work, and does not involve any UAC bypass techniques. Once run, the sample works silently in the background.

Malware 98

Malware Data collection Backups Ransomware 98

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. In default mode, it works as a console application reporting details about its progress on screen. New ransomware, looking for partners.

Ransomware 133

Ransomware Encryption Malware Backups 133

Troy Hunt

FEBRUARY 21, 2018

Now all of this was great advice from NIST, but they stopped short of providing the one thing organisations really need to make all this work: the passwords themselves. Here's what it's all about: There's Now 501,636,842 Pwned Passwords. Last August, I launched a little feature within Have I Been Pwned (HIBP) I called Pwned Passwords.

Passwords 279

Passwords Data breaches Mobile Risk 279

McAfee

AUGUST 4, 2021

Additionally, it shines a light onto a spot that is often left illuminated: the inner workings of loaders. This blog is split up into several segments, starting with a brief preface regarding the coverage of loaders in reports. Loaders and their Coverage in Blogs. To conceal the malware, actors often use a loader.

Malware 77

Malware Encryption Software 77

Malwarebytes

JULY 23, 2021

This blog post was authored by Hasherezade. In this blog we will take a look at AvosLocker a solid, yet not too fancy new ransomware family that has already claimed several victims. In default mode, it works as a console application reporting details about its progress on screen. New ransomware, looking for partners.

Ransomware 87

Ransomware Encryption Malware Backups 87

Fox IT

JUNE 30, 2020

Cyber security is an arms race where both attackers and defenders continually update and improve their tools and ways of working. In this blog post we will revisit CVE-2019-19781, a Remote Code Execution vulnerability affecting Citrix NetScaler / ADC. On 10th January 2020, the first public exploits were released on GitHub.

Engineering 64

Engineering VPN Passwords Malware 64

Security Affairs

MARCH 19, 2020

Governments are doing their best to mitigate such a virus while people are stuck home working remotely using their own equipment. Today, many reports are describing how infamous attackers are abusing such an emergency time to lure people by sending thematic email campaigns or by using thematic IM within Malware or Phishing links.

Computers and Electronics 104

Computers and Electronics Penetration Testing Malware Cyber Attacks 104

Malwarebytes

MARCH 7, 2023

million in January 2023 alone Working with a leading ad buying platform, we were able to confirm there were hundreds of millions of bid requests generated for these domains between January and February 2023 Introduction Online video streaming sites have always been some of the most visited destinations on the web. top (or adtrue[.]info)

Advertising 86

Advertising Internet Internet Accountability 86

Scary Beasts Security

NOVEMBER 16, 2020

Can we reverse engineer a detailed understanding of how it works? What wonders will we find? Credits The work described here represents the efforts of a virtual team that came together in an impromptu way to investigate the chip. Byte ordering permuted fairly arbitrarily -- obfuscation?

Engineering 181

Engineering Architecture Banking Computers and Electronics 181

Troy Hunt

FEBRUARY 11, 2018

One of their developers embedded this code in the campaign's donation website: <script src="[link] type="text/javascript></script> See the problem? This tag was in the source code over at secure.donaldjtrump.com/donate-homepage yet it was pulling script directly off Igor Escobar's GitHub repository for the project.

Government 244

Government Risk Software Technology 244