Threat Actors Target AWS EC2 Workloads to Steal Credentials

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Threat Actors Target AWS EC2 Workloads to Steal Credentials Cloud We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools. By: Nitesh Surana October 26, 2022 Read time:  ( words) Recently, we came across an exploitation attempt leveraging monitoring and visualization tool Weave Scope to enumerate the Amazon Web Services (AWS) instance metadata service (IMDS) from Elastic Compute Cloud (EC2)…

Read More

How Underground Groups Use Stolen Identities and Deepfakes

How Underground Groups Use Stolen Identities and Deepfakes

These deepfake videos are already being used to cause problems for public figures. Celebrities, high-ranking government officials, well-known corporate figures, and other people who have many high-resolution images and videos online are the most easily targeted. We see that social engineering scams using their faces and voices are already being proliferated.  Given the tools and available deepfake technology, we can expect to see even more attacks and scams aimed at manipulating victims through voice and…

Read More

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware Exploits & Vulnerabilities Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. By: Sunil Bharti September 21, 2022 Read time:  ( words) We observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is…

Read More

Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time:  ( words) The connectivity that we’ve experienced of late…

Read More

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Using Workload Security to detect WebLogic vulnerability exploitation Workload Security’s correlation of telemetry and detections provided the initial security context in this campaign, which allowed security teams and analysts to track and monitor the malicious actor’s activities. The following Workload Security modules worked to detect the exploitation of CVE-2020-14882 on vulnerable systems: Intrusion prevention system module Workload Security’s intrusion prevention system module can tap into incoming traffic and effectively block and detect malicious network traffic….

Read More

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus

The mhyprot2.sys driver that was found in this sequence was the one built in August 2020. Going back to social media streams, we can see that shortly after Genshin Impact was released in September 2020, this module was discussed in the gaming community because it was not removed even after the game was uninstalled and because it allowed bypassing of privileges. A PoC, provided by user kagurazakasanae, showed that a library terminated 360 Total Security….

Read More

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets

Analyzing the Hidden Danger of Environment Variables for Keeping Secrets Cloud While DevOps practitioners use environment variables to regularly keep secrets in applications, these could be conveniently abused by cybercriminals for their malicious activities, as our analysis shows. By: David Fiser, Alfredo Oliveira August 17, 2022 Read time:  ( words) The use of environment variables is a common practice in the DevOps community as it provides easy access to configuration properties. It comes in handy…

Read More

Oil and Gas Cybersecurity: Industry Overview Part 1

Oil and Gas Cybersecurity: Industry Overview Part 1

The oil and gas industry is no stranger to major cybersecurity attacks, attempting to disrupt operations and services. Most of the best understood attacks against the oil industry are initial attempts to break into the corporate networks of oil companies. Geopolitical tensions can cause major changes not only in physical space, but also in cyberspace. In March 2022, our researchers observed several alleged cyberattacks perpetrated by different groups. It has now become important more than…

Read More

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable endpoint security products, move laterally across networks, and exfiltrate information, among others. We have also extensively discussed legitimate tools that…

Read More

Data Distribution Service: Mitigating Risks Part 3

Data Distribution Service: Mitigating Risks Part 3

We created an attacker on the network that sends an RTPS payload with parameter Length set to 4 null bytes, causing the DDS layer underneath the ROS 2 node to crash abruptly. The Lidar sensor is still sending information about obstacles, but this is not delivered in time (if at all), causing the control loop to miss deadlines. Consequently, the robot will be blind to obstacles or won’t see them in time. Recommendations Following the…

Read More
1 2 3 4 5 9