Anton on Security

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). But if you’re still using an outdated SIEM, you’re putting your organization at risk [A.C. — are not magic, to be sure — but very useful!

Threat Detection 100

Threat Detection Engineering Artificial Intelligence Risk 100

SecureList

NOVEMBER 10, 2023

An important feature that sets it apart is that, unlike previous campaigns, which relied on.NET applications, this one used Delphi as the programming language. The choice of victims and the distinctive means used by the threat actor led us to assume early on that the campaign was about spreading a new version of Ducktail.

Malware 98

Malware Authentication Accountability Marketing 98

SecureList

APRIL 22, 2024

This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it. In most cases, the adversary connected, transferred and run all required tools with the help of PsExec or Impacket.

VPN 105

VPN Passwords Encryption Malware 105

Veracode Security

JULY 14, 2021

After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static. The key takeaway?

Software 111

Software Risk 111

Security Boulevard

DECEMBER 15, 2021

About 80% of companies run their operations on OSS and 96% of applications are built using open source components. Most of today’s commercial products are shipped with some OSS libraries. Is the vulnerable library used by the application in any way? Can user input reach the code required to trigger the vulnerability?

Software 144

Software Security Intelligence Accountability Technology 144

SecureList

NOVEMBER 15, 2022

DTrack is a backdoor used by the Lazarus group. Initially discovered in 2019 , the backdoor remains in use three years later. It is used by the Lazarus group against a wide variety of targets. To get it, there are two approaches: offset based; resource based. Introduction. Second stage – shellcode. Infrastructure.

Malware 133

Malware Telecommunications Encryption Manufacturing 133

Security Boulevard

JANUARY 10, 2022

As Picus, we published a detailed blog post about the Tactics, Techniques, and Procedures (TTPs) used by HAFNIUM to target Microsoft Exchange Servers. In the case of the Microsoft Exchange Server vulnerabilities listed above, patches were effective to remediate the vulnerabilities and block new exploitation attempts.

Cyber threats 141

Cyber threats Ransomware Risk Architecture 141

SecureList

FEBRUARY 8, 2024

What caught our attention was the sophisticated infection chain that makes use of various advanced technologies, setting it apart from known banking Trojan infections. Forget old Delphi and MSI In the banking Trojan landscape, the use of the Delphi language or MSI installers is a recurring trend among malware creators.

Banking 102

Banking Encryption Malware Technology 102

Thales Cloud Protection & Licensing

APRIL 16, 2024

Case in point is the ransomware known as Sugar which has around 200 versions, so 200 different signatures. Binary Inspection Based Other ransomware protection products detect ransomware by scouring the binary executable for trademarks of a ransomware process, such as text that appears to be a ransom note, or links to cryptographic libraries.

Encryption 62

Encryption Ransomware Antivirus Government 62

McAfee

DECEMBER 10, 2021

Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The impact of this vulnerability has the potential to be massive due to its effect on any product which has integrated the log4j library into its applications. What is it?

DNS 125

DNS Architecture Internet Internet 125

Security Boulevard

FEBRUARY 5, 2024

If you are like us, you may be surprised that, in 2024, traditional security information and event management (SIEM) systems are still the backbone of most security operations centers (SOC). But if you’re still using an outdated SIEM, you’re putting your organization at risk [A.C. — are not magic, to be sure — but very useful!

Threat Detection 67

Threat Detection Engineering Artificial Intelligence Risk 67

Malwarebytes

SEPTEMBER 12, 2023

The malware being used in this campaign is BatLoader, a type of loader that is very good at evading detection. However, it can also be abused in a way where the tracking template URL is used as a filtering and redirection mechanism. Google describes the tracking template as a place where you put URL tracking information.

Antivirus 113

Antivirus Advertising Malware Engineering 113

SecureList

JULY 14, 2021

Most notably though, we observed the capability of the culprit to spread to other hosts through the use of USB drives. In some cases, this was followed by deployment of a signed, but fake version of the popular application Zoom, which was in fact malware enabling the attackers to exfiltrate files from the compromised systems.

Malware 144

Malware Phishing Technology Encryption 144

SecureList

MARCH 12, 2024

More than a third (39%) used the microservice architecture. Distribution of programming languages used in writing web applications, 2021–2023 ( download ) We analyzed data obtained through web application assessments that followed the black, gray and white box approaches.

Passwords 100

Passwords Authentication Architecture Risk 100

Security Boulevard

MARCH 12, 2023

In this example, attackers could have used a BOLA vulnerability to take over any Ferrari owner's online account and perform any actions on his or her behalf. In authentication cases – as opposed to authorization cases – many more standard (and less standard) options exist to perform the function.

Authentication 97

Authentication Risk Accountability DDOS 97

Google Security

FEBRUARY 21, 2023

LLVM’s 1 CFI across shared libraries scheme (cross-DSO) is the exception as it requires a runtime to be defined for the target. LLVM does not provide this runtime for any target , so bare-metal users would need to define that runtime to use it. Notes LLVM - is a compiler framework used by multiple programming languages ↩

Firmware 98

Firmware Software Authentication Technology 98

Security Boulevard

MARCH 7, 2023

This powerful and versatile tool can be used for everything from answering simple questions to instantly composing written works to developing original software programs, including malware — the latter of which introduces the potential for a dangerous new breed of cyber threats.

Malware 113

Malware Artificial Intelligence Social Engineering Architecture 113

Security Boulevard

APRIL 16, 2024

Case in point is the ransomware known as Sugar which has around 200 versions, so 200 different signatures. Binary Inspection Based Other ransomware protection products detect ransomware by scouring the binary executable for trademarks of a ransomware process, such as text that appears to be a ransom note, or links to cryptographic libraries.

Encryption 57

Encryption Ransomware Antivirus Government 57

eSecurity Planet

JUNE 21, 2022

Microsoft services are widely used in enterprises for cloud-based collaboration, and the Proofpoint research report revealed that cloud infrastructures are not immune to ransomware attacks. Many IT and security teams think that cloud drives should be more resilient to ransomware attacks, but that’s not the case.

Backups 117

Backups Ransomware Accountability Phishing 117

Security Affairs

SEPTEMBER 12, 2019

According to the experts, the attacks are part of a large campaign that hit at least 380 universities in more than 30 countries, in many cases the organizations have been hit multiple times. “The messages contain links to spoofed login pages for resources associated with the targeted universities. and Switzerland.

Phishing 79

Phishing Advertising Hacking Accountability 79

SecureList

MAY 17, 2023

The case described below is one such occurrence. The.NET DLL extracts and decrypts three files from its resources: two DLLs and an encrypted payload. This.NET binary (which we will refer to as “the installer”) is responsible for the subsequent installation of the malware components contained in the resources of.NET DLL.

Encryption 86

Encryption Malware Cryptocurrency Technology 86

SecureList

MARCH 10, 2021

This article analyzes only fake AdShield app, but all the other cases follow the same scenario. The mining module is made up of legitimate auxiliary libraries, an encrypted miner file named data.pak, the executable file flock.exe and the “license” file lic.data. dll library. Technical details. The bxsdk64.dll

DNS 142

DNS Antivirus Malware Encryption 142

Security Boulevard

DECEMBER 15, 2022

A: Indeed, the challenges with using the analysts for creating detection content and pursuing threats implies that they have the skills to study the threats and to create detection content. Q: Could you please explain a bit more on the use case library? your SOC, rather than using the dreaded “O word” — outsourcing.

Risk 52

Risk Engineering Technology Information Security 52

Security Affairs

MARCH 23, 2022

Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. The implant uses public cloud hosting services (such as Google Drive) for C2 to evade detection. Big Sur) that was compromised with a previously unknown macOS malware tracked as GIMMICK.

Malware 90

Malware Hacking Information Security 90

SC Magazine

JUNE 10, 2021

An academic-private sector partnership reported favorable results from research exploring how machine learning models could be used to improve static malware analysis to better detect zero-day exploits and untracked malware. University College of London). cybersecurity company NCC Group. cybersecurity company NCC Group.

Malware 132

Malware Antivirus Ransomware Software 132

Hot for Security

MAY 26, 2021

The group uses threat emulation software like Cobalt Strike and the infamous Emotet banking Trojan, and weaponizes Word documents with embedded Powershell scripts to ultimately deploy Conti ransomware. In some cases where additional resources are needed, the actors also use Trickbot.

Healthcare 111

Healthcare Ransomware System Administration DNS 111

NetSpi Technical

AUGUST 12, 2023

When deploying an Azure Function App, you’re typically prompted to select a Storage Account to use in support of the application. Azure Function Apps use Access Keys to secure access to HTTP Trigger functions. The master key should be protected and should not be used for regular activities.

Encryption 52

Encryption Accountability Penetration Testing 52

Google Security

MAY 15, 2023

The competitors’ fuzzers were judged on code coverage and their ability to discover bugs: HasteFuzz took the $11,337 prize for code coverage PASTIS and AFLrustrust tied for bug discovery and split the $11,337 prize Competitors were evaluated using FuzzBench , Google’s open source platform for testing and comparing fuzzers.

Software 86

Software Engineering Authentication 86

Thales Cloud Protection & Licensing

JUNE 19, 2023

madhav Tue, 06/20/2023 - 06:29 Numerous breaches and malicious malware attacks have used fraudulent code signing certificates to cause significant damage of the certificate owner’s reputation and business. New CA/B Forum Code Signing Requirements in Effect – Is Your Organization Compliant?

Software 62

Software Marketing Malware Risk 62

eSecurity Planet

MAY 10, 2022

During a “very targeted” campaign, hackers used Windows Event Logs to inject shellcode payloads and operate stealthily. Kaspersky researchers discovered that the attackers used various tools, including custom and commercial solutions like Cobalt Strike and a new toolset used by the hackers. Hackers Focused on Evasion.

Malware 116

Malware Architecture Encryption Antivirus 116

eSecurity Planet

MAY 23, 2023

Best for Deployment and Ease of Use: Splunk Ease of use and deployment aren’t typically terms you’ll hear in reference to SIEM solutions, and both Splunk and LogRhythm have their challenges here. It requires a high level of skilled internal resources as well as vendor support to deploy and operate.

Software 97

Software Small Business Threat Detection Marketing 97

CyberSecurity Insiders

MAY 30, 2023

AWS Transit Gateway (TGW) – A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure. Use the AWS Free Tier.

Architecture 108

Architecture Threat Detection Technology Internet 108

Security Boulevard

JUNE 13, 2022

The loader is a.NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software products. PureCrypter is actively being developed by a threat actor using the moniker “PureCoder”. These tools are likely used for the initial infection vector. EpicGames.jpg”).

Malware 52

Malware Encryption Antivirus Advertising 52

Security Affairs

JULY 14, 2021

Threat actors were able to spread to other hosts through the use of USB drives, experts also noticed the deployment of a signed, but fake version of the application Zoom, which was a data stealing malware. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files.

Government 98

Government Phishing Malware Hacking 98

NetSpi Technical

MARCH 11, 2024

Underneath, forms are MAPI synced using IPM.Microsoft.FolderDesign.FormsDescription objects. These objects carry special properties and attachments which are used to “install” the form when it’s first used on a client. In newer forms, Outlook-specific MsgClass keys are used to bond the form to an OLE object extracted to disk.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Security Affairs

AUGUST 27, 2019

Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data. The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced.

Malware 97

Malware Advertising Mobile Hacking 97

Malwarebytes

APRIL 6, 2021

On March 5th 2021, we reported an actor that used steganography to drop a new.Net Remote Administration Trojan. The document targets the government of Azerbaijan using a SOCAR letter template as lure. interpreter, NetTools Python library, Python Rat, the RAT C2 config, as well runner.bat. Document Analysis. Python RAT Analysis.

Cyber Attacks 112

Cyber Attacks Phishing Government Malware 112