DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Changing the paths is likely something that an attacker will do, and this will cause some of the things we’ve previously discussed to change in the binaries and in the traffic patterns. For instance, if the getname in the DOH agent is changed, it will no longer go to 6765746e616d65 but will instead redirect to a subdomain of whatever it was changed to, converted to the hexadecimal system (an example being “trendmicroftr”, which would look…

Read More

Attack Surface Management 2022 Midyear Review Part 3

Attack Surface Management 2022 Midyear Review Part 3

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, we discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, we talk about how malicious actors take advantage of cloud tunnelling and how misconfiguration remains a headache for most organization. Malicious Actors Abuse Cloud Tunneling…

Read More

Latest on OpenSSL 3.0.7 Bug & Security-Fix

Latest on OpenSSL 3.0.7 Bug & Security-Fix

What to know and do about this week’s OpenSSL vulnerability A new vulnerability has just been disclosed in OpenSSL, an open-source cryptography library that is very widely used in a range of commercial and internal applications to provide encryption and other security and privacy capabilities. OpenSSL is found in applications deployed on-premises, in the cloud, in SaaS applications, on endpoints, servers, in IoT or OT environments, and more. What is the issue in OpenSSL? The…

Read More

Manufacturing Cybersecurity: Trends & Survey Response

Manufacturing Cybersecurity: Trends & Survey Response

Figure 5: Q19. Until now, what have been your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems? Q20.What do you believe your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems are over the next three years?(NB: Multiple choices allowed) We will consider the reasons and background for these results. One of the reasons why there is a high awareness of efforts to prevent recurrence is…

Read More

Comprehensive Traceability for Android Supply-Chain Security

Comprehensive Traceability for Android Supply-Chain Security

What is product traceability? Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant and avoiding litigation. In a recent example, Rivian, an electric car company, recently issued a recall…

Read More

Attack Surface Management 2022 Midyear Review Part 2

Attack Surface Management 2022 Midyear Review Part 2

The number of vulnerabilities published by CVE increased in the first half of 2022, with 12,380 records compared to 9,420 during the same period last year. This trend was also seen through Trend Micro ZDI. There was an increase from 770 Advisories issued between January 1st and June 30th 2021. Now, there are 944 total security alerts available via this program since the midyear of 2022 alone. Vulnerabilities with a high-severity rating made up the…

Read More

From Bounty to Exploit Observations About Cybercriminal Contests

From Bounty to Exploit Observations About Cybercriminal Contests

Cybercriminals have taken their own initiative to establish an informal way of conducting research and development by holding contests on forums. In this blog post, we go through the key takeaways we learned about these competitions. These contests are diverse and range from public calls for articles that describe new technologies to hackathons that can improve cybercriminals’ defenses. We elaborate on the details of their operation here. The following are our key takeaways: Cybercriminals often…

Read More

Where is the Origin QAKBOT Uses Valid Code Signing

Where is the Origin QAKBOT Uses Valid Code Signing

In this case, the assumption that the threat actor was directly issued certificates through abuse of the certificate issuance process is more strongly suspected than the stealing of the private key, but the protection of private keys on the user side is still a challenge. In the use of code signing certificates, private key protection on the user side has been enhanced over time, but it still has a long way to go before it…

Read More

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Threat Actors Target AWS EC2 Workloads to Steal Credentials Cloud We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools. By: Nitesh Surana October 26, 2022 Read time:  ( words) Recently, we came across an exploitation attempt leveraging monitoring and visualization tool Weave Scope to enumerate the Amazon Web Services (AWS) instance metadata service (IMDS) from Elastic Compute Cloud (EC2)…

Read More

Addressing Ransomware in Hospitals & Medical Devices

Manufacturing Cybersecurity: Trends & Survey Response

Ransomware attacks have been on the rise in recent years, and hospitals are increasingly becoming targets. In many cases, these attacks can have devastating consequences, disrupting vital services and putting patients’ lives at risk. Historically, ransomware was just another nuisance. Criminals would just do email phishing and attack every target they could. But as cybercriminals become more and more sophisticated, they create more complex attacks that target big-ticket victims such as healthcare facilities. There are…

Read More
1 7 8 9 10 11 27