articles

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Posted on by Admin
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint By: Mohamed Fahmy, Sherif Magdy, Ahmed Samir October 25, 2022 Read time:  ( words) The Trend Micro research team recently analyzed an infection related to the LV ransomware group, a ransomware as a service (RaaS) operation that has been active since late 2020,…

Read More

Uncovering Security Blind Spots in CNC Machines

Posted on by Admin
Uncovering Security Blind Spots in CNC Machines

Uncovering Security Blind Spots in CNC Machines Industry 4.0 has given rise to smart factories that have markedly improved machining processes, but it has also opened the doors for cybercriminals looking to abuse networked industrial equipment such as CNC machines. Our research investigates potential cyberthreats to CNC machines and how manufacturers can mitigate the associated risks. By: Marco Balduzzi October 24, 2022 Read time:  ( words) The Fourth Industrial Revolution, more commonly known as Industry…

Read More

Attack Surface Management 2022 Midyear Review Part 1

Posted on by Admin
Attack Surface Management 2022 Midyear Review Part 1

Attack Surface Management 2022 Midyear Review Part 1 Privacy & Risks In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year. By: Trend Micro October 20, 2022 Read time:  ( words) The digital age is an exciting time for businesses as it offers the opportunity to be more efficient and effective with how things are done. Many companies have taken…

Read More

TeamTNT Returns – or Does It?

Posted on by Admin
TeamTNT Returns – or Does It?

Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal. Source link

Read More

Oil and Gas Cybersecurity: Trends & Response to Survey

Posted on by Admin
Oil and Gas Cybersecurity: Trends & Response to Survey

Q10:Thinking about the last 12 months, post-incident, does your organization make cybersecurity improvements in order to minimize the risks of future attacks? (N=829) Compared to other industries, the disrupted time during cyberattacks is longer and the amount of damage is large, but the result is that they appear to be reluctant to improve cybersecurity. As mentioned above, it is difficult to stop the system, and even maintenance is required once a year, assuming continuous operation….

Read More

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Posted on by Admin
Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Tactic / Technique Notes TA0001 Initial Access T1566.001 Phishing: Spear phishing Attachment Victims receive spear phishing emails with attached malicious zip files – typically password protected or HTML file. That file contains an ISO file. T1566.001 Phishing: Spear phishing Link QAKBOT has spread through emails with newly created malicious links. TA0002 Execution T1204.001 User Execution: Malicious Link QAKBOT has gained execution through users accessing malicious link T1204.002 User Execution: Malicious Link QAKBOT has gained execution…

Read More

How Water Labbu Exploits Electron-Based Applications

Posted on by Admin
How Water Labbu Exploits Electron-Based Applications

We discovered that the Cobalt Strike instance added a persistence registry key to load an exploit file from an online code repository controlled by Water Labbu. The repository hosted multiple exploit files of  CVE-2021-21220 (a Chromium vulnerability affecting versions before 89.0.4389.128) to execute a Cobalt Strike stager. It also contained files designed to target Meiqia (美洽), a Chinese desktop-based live chat app for online customer support that is used on websites. MeiQia (美洽) was developed…

Read More

Tracking Earth Aughisky’s Malware and Changes

Posted on by Admin
Tracking Earth Aughisky’s Malware and Changes

Tracking Earth Aughisky’s Malware and Changes APT & Targeted Attacks For over 10 years, security researchers have been observing and keeping tabs of APT group Earth Aughisky’s malware families and the connections, including previously documented malware that have yet to be attributed. By: CH Lei October 04, 2022 Read time:  ( words) For security researchers and analysts monitoring advanced persistent threat (APT) groups’ attacks and tools, Earth Aughisky (also known as Taidoor) is among the…

Read More

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Posted on by Admin
Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency Cyber Crime The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency. By: Joseph C Chen, Jaromir Horejsi October 03, 2022 Read time:  ( words) We discovered a threat actor we named Water Labbu that was targeting cryptocurrency scam websites. Typically, cryptocurrency scammers use social engineering techniques,  interacting with victims to…

Read More

Stronger Cloud Security in Azure Function Using Custom Cloud Container

Posted on by Admin
Stronger Cloud Security in Azure Function Using Custom Cloud Container

Stronger Cloud Security in Azure Function Using Custom Cloud Container Cloud In this entry, we discuss how developers can use custom cloud container image and the distroless approach to minimize security gaps in Azure Functions. By: David Fiser, Alfredo Oliveira September 29, 2022 Read time:  ( words) We have written extensively on the security gaps in Azure Functions and Azure App Services, including their consequences. One way developers can enhance cloud security and minimize these…

Read More
1 8 9 10 11 12 27