This Week in Security News – January 14, 2022

This Week in Security News – January 14, 2022

Read on: Defending Systems Against Attacks with Layers of Remote Control As organizations brace themselves for the year ahead, now is an opportune time to take stock of how they can strengthen their security posture and shore up their defenses. While organizations may have the power of leading-edge cybersecurity solutions on their side, malicious actors continue to work diligently to refine their methods and take advantage of vulnerabilities every chance they get. Congress To Update…

Read More

Analyzing an Old Bug and Discovering CVE-2021-30995

Analyzing an Old Bug and Discovering CVE-2021-30995

On April 26, 2021 Apple patched CVE-2021-1740, which was a vulnerable function inside the system daemon process cfprefsd (these types of processes usually run in the background and handle system tasks). The bug could have been exploited to read arbitrary files, write arbitrary files, and get root privilege escalation. It was addressed in Apple’s Security Update 2021-002 (Catalina) for a variety of Apple operating systems, including iOS and macOS. However, in early August 2021, Zhipeng…

Read More

LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

First, we compiled the code into something easily handled by a fuzzer. For our purposes, we used the generation method that will allow us to cover as many code paths as possible with legitimate and dumb fuzzing using the AFL++ framework (evolution of AFL). This supplies some instrumentation for mutating pseudorandom bits, bytes, and words. We also attempted to collect every type of message that could be interpreted by the parser. We used the persistent…

Read More

Defending Systems Against Attacks With Layers of Remote Control

Defending Systems Against Attacks With Layers of Remote Control

Fortunately, we were able to provide the customer with timely alert and intervention from the moment the initial intrusion via the cloud server was observed all the way to guidance during the cleanup and remediation process. Insights from the threat report and the threat handling perspective Incidents such as this provide security teams opportunities to see attacks from different angles and in a big-picture manner. We discuss key insights below that organizations can consider when…

Read More

The Log4j story, and how it has impacted our customers

The Log4j story, and how it has impacted our customers

The security research community had been expecting something like this to come along for a while. So it was with a sense of dread that we read news of a newly discovered CVSS 10.0 vulnerability in early December. The impact is already being felt around the globe as threat actors scramble to exploit the bug before defenders can apply their patches. It is a story that could take months or even years to play out….

Read More

Are Endpoints at Risk for Log4Shell Attacks

Are Endpoints at Risk for Log4Shell Attacks

The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can  allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3  rating based on CVSS version 2.0 in terms of critical risk — and…

Read More

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager

Staging a Quack: Reverse Analyzing a Fileless QAKBOT Stager We analyzed a fileless QAKBOT stager possibly connected to the recently reported Squirrelwaffle campaign. By: Abraham Camba, Jonna Santos, Gilbert Sison, Jay Yaneza December 17, 2021 Read time:  ( words) We recently published how Squirrelwaffle emerged as a loader using two exploits in a recent spam campaign in the Middle East. Further monitoring and analysis from our incident response and extended detection and response teams (IR/XDR)…

Read More

This Week in Security News – December 17, 2021

This Week in Security News – January 14, 2022

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read on Purple Fox’s infection chain observed by Trend Micro’s Managed XDR. Also, learn about the Log4j vulnerability that has the potential to cause ‘incalculable’ damage. Read on: A Look into Purple Fox’s Server Infrastructure In this blog, Trend Micro sheds light on the later stages of Purple…

Read More

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Volatile and Adaptable: Tracking the Movements of Modern Ransomware Ransomware Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users. By: Trend Micro Research December 15, 2021 Read time:  ( words) In the first half of 2021, we saw that modern ransomware threats were still active and evolving, using double extortion techniques to victimize targets. Unlike…

Read More

Tropic Trooper Targets Transportation and Government Organizations

Tropic Trooper Targets Transportation and Government Organizations

Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Source link

Read More
1 8 9 10 11