reports

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

Posted on November 9, 2022November 9, 2022 by Admin

Hack the Real Box: APT41’s New Subgroup Earth Longzhi APT & Targeted Attacks We looked into the campaigns deployed by a new subgroup of advanced persistent threat (APT) group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August. By: Hara Hiroaki, Ted Lee November 09, 2022 Read time: ( words) In early 2022, we investigated an incident that compromised a company…

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Posted on November 8, 2022November 8, 2022 by Admin

Changing the paths is likely something that an attacker will do, and this will cause some of the things we’ve previously discussed to change in the binaries and in the traffic patterns. For instance, if the getname in the DOH agent is changed, it will no longer go to 6765746e616d65 but will instead redirect to a subdomain of whatever it was changed to, converted to the hexadecimal system (an example being “trendmicroftr”, which would look…

Attack Surface Management 2022 Midyear Review Part 3

Posted on November 3, 2022November 5, 2022 by Admin

With the rise of ransomware and other vulnerabilities, it has been an eventful year in cybersecurity. In part two, we discussed these issues at length today as well as their implications on a global scale for both businesses large (and small). In the last and final part of the series, we talk about how malicious actors take advantage of cloud tunnelling and how misconfiguration remains a headache for most organization. Malicious Actors Abuse Cloud Tunneling…

Latest on OpenSSL 3.0.7 Bug & Security-Fix

Posted on October 31, 2022November 5, 2022 by Admin

What to know and do about this week’s OpenSSL vulnerability A new vulnerability has just been disclosed in OpenSSL, an open-source cryptography library that is very widely used in a range of commercial and internal applications to provide encryption and other security and privacy capabilities. OpenSSL is found in applications deployed on-premises, in the cloud, in SaaS applications, on endpoints, servers, in IoT or OT environments, and more. What is the issue in OpenSSL? The…

Manufacturing Cybersecurity: Trends & Survey Response

Posted on October 28, 2022October 28, 2022 by Admin

Figure 5: Q19. Until now, what have been your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems? Q20.What do you believe your organization’s top two reasons for implementing cybersecurity measures to protect your ICS/OT systems are over the next three years？(NB: Multiple choices allowed) We will consider the reasons and background for these results. One of the reasons why there is a high awareness of efforts to prevent recurrence is…

Comprehensive Traceability for Android Supply-Chain Security

Posted on October 28, 2022October 28, 2022 by Admin

What is product traceability? Product supply-chain traceability is a very important aspect in manufacturing as it contributes directly to product safety, quality, and, as an emerging trend, product sustainability and ethics. In terms of safety, automotive manufacturers consistently announce product recalls to protect their customers from failure of faulty parts, as well as to protect themselves by being compliant and avoiding litigation. In a recent example, Rivian, an electric car company, recently issued a recall…

Attack Surface Management 2022 Midyear Review Part 2

Posted on October 27, 2022October 27, 2022 by Admin

The number of vulnerabilities published by CVE increased in the first half of 2022, with 12,380 records compared to 9,420 during the same period last year. This trend was also seen through Trend Micro ZDI. There was an increase from 770 Advisories issued between January 1st and June 30th 2021. Now, there are 944 total security alerts available via this program since the midyear of 2022 alone. Vulnerabilities with a high-severity rating made up the…

From Bounty to Exploit Observations About Cybercriminal Contests

Posted on October 27, 2022October 27, 2022 by Admin

Cybercriminals have taken their own initiative to establish an informal way of conducting research and development by holding contests on forums. In this blog post, we go through the key takeaways we learned about these competitions. These contests are diverse and range from public calls for articles that describe new technologies to hackathons that can improve cybercriminals’ defenses. We elaborate on the details of their operation here. The following are our key takeaways: Cybercriminals often…

Where is the Origin QAKBOT Uses Valid Code Signing

Posted on October 27, 2022October 27, 2022 by Admin

In this case, the assumption that the threat actor was directly issued certificates through abuse of the certificate issuance process is more strongly suspected than the stealing of the private key, but the protection of private keys on the user side is still a challenge. In the use of code signing certificates, private key protection on the user side has been enhanced over time, but it still has a long way to go before it…

Threat Actors Target AWS EC2 Workloads to Steal Credentials

Posted on October 26, 2022October 26, 2022 by Admin

Threat Actors Target AWS EC2 Workloads to Steal Credentials Cloud We found malicious samples attempting to steal Amazon Elastic Compute Cloud (EC2) Workloads’ access keys and tokens via typosquatting and the abuse of legitimate tools. By: Nitesh Surana October 26, 2022 Read time: ( words) Recently, we came across an exploitation attempt leveraging monitoring and visualization tool Weave Scope to enumerate the Amazon Web Services (AWS) instance metadata service (IMDS) from Elastic Compute Cloud (EC2)…

« 1 … 7 8 9 10 11 … 27 »

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

DeimosC2: What SOC Analysts and Incident Responders Need to Know About This C&C Framework

Attack Surface Management 2022 Midyear Review Part 3

Comprehensive Traceability for Android Supply-Chain Security

Attack Surface Management 2022 Midyear Review Part 2

From Bounty to Exploit Observations About Cybercriminal Contests

Where is the Origin QAKBOT Uses Valid Code Signing

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)