Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

Analyzing Penetration-Testing Tools That Threat Actors Use to Breach Systems and Steal Data

The use of legitimate Windows tools as part of malicious actors’ malware arsenal has become a common observation in cyber incursions in recent years. We’ve discussed such use in a previous article where PsExec, Windows Management Instrumentation (WMI), simple batch files or third-party tools such as PC Hunter and Process Hacker were used to disable endpoint security products, move laterally across networks, and exfiltrate information, among others. We have also extensively discussed legitimate tools that…

Read More

Private 5G Network Security Expectations Part 3

Private 5G Network Security Expectations Part 3

Q: Are you or do you expect to use cloud-based capabilities in your private network? Network cloudification?Base: n = 408 Source: 451 Research custom study Coexistence of technology evolution and cybersecurity Openness expands business opportunities, but there are always major security challenges. Many of us will remember the Apache Log4j vulnerability that occurred at the end of 2021. The use of open source is also promoted in O-RAN ALLIANCE mentioned above, but the biggest security…

Read More

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

How Shady Code Commits Compromise the Security of the Open-Source Ecosystem

Traditionally, concerns over open-source code security have revolved around whether or not open-source code could contain vulnerabilities, backdoors, or hidden malicious code. In recent months, however, we have observed a growth in a particular trend: Open-source code is being subjected to modifications to its functionality to express political protest. These instances of so-called “protestware” occur in the form of code changes by certain open-source code maintainers or backers in what could only be surmised as…

Read More

Data Distribution Service: Mitigating Risks Part 3

Data Distribution Service: Mitigating Risks Part 3

We created an attacker on the network that sends an RTPS payload with parameter Length set to 4 null bytes, causing the DDS layer underneath the ROS 2 node to crash abruptly. The Lidar sensor is still sending information about obstacles, but this is not delivered in time (if at all), causing the control loop to miss deadlines. Consequently, the robot will be blind to obstacles or won’t see them in time. Recommendations Following the…

Read More

Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

Unpacking Cloud-Based Cryptocurrency Miners That Abuse GitHub Actions and Azure Virtual Machines

In this section, we cover how malicious actors are leveraging Windows runners in their attempts to mine cryptocurrency, as well as the persistence techniques they use to dodge detection by GitHub to prevent their Actions from being disabled. GitHub provides the runner, a server designed to run workflows (aka Actions). Workflows are deployed on Azure and terminated after an enterprise’s automation is completed. While this service has its limits, users do not pay anything to…

Read More

Data Distribution Service: Exploring Vulnerabilities and Risks Part 2

Data Distribution Service: Exploring Vulnerabilities and Risks Part 2

Data Distribution Service: Exploring Vulnerabilities and Risks Part 2 Privacy & Risks In part two of our series, we’ll highlight both known and new DDS vulnerabilities and what they mean for mission critical operations. By: Trend Micro July 06, 2022 Read time:  ( words) In part one, we have an exhaustive overview of Data Distribution Services (DDS). We also highlighted where this middleware software is used, which includes systems that drive systems such as railways,…

Read More

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server

Brand-New HavanaCrypt Ransomware Poses as Google Software Update App Uses Microsoft Hosting Service IP Address as C&C Server We recently found a new ransomware family, which we have dubbed as HavanaCrypt, that disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. By: Nathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio July 06,…

Read More

Private 5G Network Security Expectations Part 1

Private 5G Network Security Expectations Part 1

Private 5G Network Security Expectations Part 1 Privacy & Risks Are “new” protocols and “private” networks sufficient for your cybersecurity requirements? By: Jun Morimoto July 05, 2022 Read time:  ( words) Corporate security teams are now facing multiple cybersecurity issues, including complex data privacy and compliance requirements, in addition to the rapidly advancing Digital Transformation. Trend Micro, in collaboration with 451 Research, a part of S&P Global Market Intelligence, conducted a survey on the private…

Read More

Private 5G Network Security Expectations Part 2

Private 5G Network Security Expectations Part 2

Private 5G Network Security Expectations Part 2 Privacy & Risks The importance of proof of “security” concepts in private 5G networks: Are verifications of system operations and new functions sufficient for your proof of concept in private wireless networks? By: Jun Morimoto July 05, 2022 Read time:  ( words) The implementation of private 5G is already real, according to a survey conducted by Trend Micro in collaboration with 451 Research, part of S&P Global Market…

Read More

Data Distribution Service: An Overview Part 1

Data Distribution Service: An Overview Part 1

In this three-part series, we focus on Data Distribution Service (DDS), which drives systems such as railways, autonomous cars, spacecraft, diagnostic imaging machines, luggage handling, and military tanks, among others. We’ll also explore the current status of DDS and highlight recommendations enterprises can take to minimize the threats associated with this middleware. But first, let’s discuss what DDS is and how it is applied in various industries. Overview DDS is a standardized middleware software based…

Read More
1 12 13 14 15 16 27