endpoints

A Closer Look at Windows Kernel Threats

Posted on December 19, 2022December 19, 2022 by Admin

Windows kernel threats have long been favored by malicious actors because it can allow them to obtain high-privileged access and detection evasion capabilities. These hard-to-banish threats are still crucial components in malicious campaigns’ kill chains to this day. In fact, SentinelOne recently discovered malicious actors abusing Microsoft-signed drivers in targeted attacks against organizations in the telecommunication, business process outsourcing (BPO), managed security service provider (MSSP), and financial services industries. This month, SophosLabs also reported their…

Agenda Ransomware Uses Rust to Target More Vital Industries

Posted on December 16, 2022December 16, 2022 by Admin

Agenda Ransomware Uses Rust to Target More Vital Industries Ransomware This year, various ransomware-as-a-service groups have developed versions of their ransomware in Rust, including Agenda. Agenda’s Rust variant has targeted vital industries like its Go counterpart. In this blog, we will discuss how the Rust variant works. By: Nathaniel Morales, Ivan Nicole Chavez, Nathaniel Gregory Ragasa, Don Ovid Ladores, Jeffrey Francis Bonaobra, Monte de Jesus December 16, 2022 Read time: ( words) This year, ransomware-as-a-service…

Ransomware Business Models: Future Pivots and Trends

Posted on December 15, 2022December 15, 2022 by Admin

RDP port 3389 remains a popular service abused by ransomware actors to gain initial access to systems located and connected to on-premise infrastructure. However, as more organizations shift to the cloud services for file storage and active directory systems, ransomware groups will look for more opportunities to develop and/or exploit vulnerabilities not yet leveraged at scale. Evolutions Gradual evolutions in the current modern ransomware models as we know them are expected to be tweaked in…

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Posted on December 14, 2022December 14, 2022 by Admin

In late September 2022, threat researchers uncovered a supply-chain attack carried out by malicious actors using a trojanized installer of Comm100, a chat-based customer engagement application. Our investigation of the incident revealed that the breadth and depth of the campaign’s impact were greater than what the researchers had initially thought; we also found that more applications and their respective versions had been affected and established that attacks began much earlier than their first reckoning on…

Earth Preta Spear-Phishing Governments Worldwide

Posted on November 18, 2022November 18, 2022 by Admin

In our observation of the campaigns, we noted that, Earth Preta abused fake Google accounts to distribute the malware via spear-phishing emails, initially stored in an archive file (such as rar/zip/jar) and distributed through Google Drive links. Users are then lured into downloading and triggering the malware to execute, TONEINS, TONESHELL, and PUBLOAD. PUBLOAD has been previously reported, but we add new technical insights in this entry that tie it to TONEINS and TONESHELL, newly…

Pilfered Keys Free App Infected by Malware Steals Keychain Data

Posted on November 16, 2022November 16, 2022 by Admin

Pilfered Keys Free App Infected by Malware Steals Keychain Data Malware Open-source applications are a practical way to save money while keeping up with your productivity. However, this can be abused by threat actors to steal your data. Find out how one app was used to gather information of Apple users. By: Luis Magisa, Qi Sun November 16, 2022 Read time: ( words) Today, malware spreads easily, infecting computers of various users. Commonly found on…

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Posted on November 11, 2022November 11, 2022 by Admin

At line 28, if the offset value of the payload subpath inside the PKG file is not equal to zero, the “-[PKLeopardPackage payloadExtractorWithDestination:externalRoot:error:]” function will call the “-[PKPayloadCopier initWithArchivePath:offset:destination:]” function. Similar to the second method, there is a “triple fetch” issue. If the offset value is equal to zero, it will extract the payload from a special external root path, which seems to be unrestricted and can be controlled by an attacker. This means that…

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Posted on November 9, 2022November 9, 2022 by Admin

Hack the Real Box: APT41’s New Subgroup Earth Longzhi APT & Targeted Attacks We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. By: Hara Hiroaki, Ted Lee November 09, 2022 Read time: ( words) In early 2022, we investigated an incident that compromised a company…

Attack Surface Management 2022 Midyear Review Part 3

Posted on November 3, 2022November 5, 2022 by Admin

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, we discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, we talk about how malicious actors take advantage of cloud tunnelling and how misconfiguration remains a headache for most organization. Malicious Actors Abuse Cloud Tunneling…

Attack Surface Management 2022 Midyear Review Part 2

Posted on October 27, 2022October 27, 2022 by Admin

The number of vulnerabilities published by CVE increased in the first half of 2022, with 12,380 records compared to 9,420 during the same period last year. This trend was also seen through Trend Micro ZDI. There was an increase from 770 Advisories issued between January 1st and June 30th 2021. Now, there are 944 total security alerts available via this program since the midyear of 2022 alone. Vulnerabilities with a high-severity rating made up the…

« 1 2 3 4 5 6 … 11 »

A Closer Look at Windows Kernel Threats

Agenda Ransomware Uses Rust to Target More Vital Industries

Probing Weaponized Chat Applications Abused in Supply-Chain Attacks

Earth Preta Spear-Phishing Governments Worldwide

Pilfered Keys Free App Infected by Malware Steals Keychain Data

CVE-2019-8561 A Hard-to-Banish PackageKit Framework Vulnerability in macOS

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Attack Surface Management 2022 Midyear Review Part 3

Attack Surface Management 2022 Midyear Review Part 2

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)