research

New Ransomware Spotted: White Rabbit and Its Evasion Tactics

Posted on January 18, 2022January 18, 2022 by Admin

New Ransomware Spotted: White Rabbit and Its Evasion Tactics Ransomware We analyze the ransomware White Rabbit and bring into focus the familiar evasion tactics employed by this newcomer. By: Arianne Dela Cruz, Bren Matthew Ebriega, Don Ovid Ladores, Mary Yambao January 18, 2022 Read time: ( words) We spotted the new ransomware family White Rabbit discretely making a name for itself by executing an attack on a local US bank in December 2021. This newcomer takes a page from Egregor, a more established ransomware family, in hiding its malicious activity and carries a potential connection to the advanced persistent…

Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques

Posted on January 17, 2022January 17, 2022 by Admin

Since mid-2021, we have been investigating a rather elusive threat actor called Earth Lusca that targets organizations globally via a campaign that uses traditional social engineering techniques such as spear phishing and watering holes. The group’s primary motivation seems to be cyberespionage: the list of its victims includes high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organizations in Hong Kong, Covid-19 research organizations, and the media, among others. However,…

Cybersecurity for Industrial Control Systems: Part 1

Posted on January 15, 2022January 15, 2022 by Admin

Cybersecurity for Industrial Control Systems: Part 1 Ransomware In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats. By: Trend Micro Research January 15, 2022 Read time: ( words) The ever-changing technological landscape has made it possible for the business process on the IT side of an enterprise to be interconnected with the physical process on the OT…

Analyzing an Old Bug and Discovering CVE-2021-30995

Posted on January 14, 2022January 14, 2022 by Admin

On April 26, 2021 Apple patched CVE-2021-1740, which was a vulnerable function inside the system daemon process cfprefsd (these types of processes usually run in the background and handle system tasks). The bug could have been exploited to read arbitrary files, write arbitrary files, and get root privilege escalation. It was addressed in Apple’s Security Update 2021-002 (Catalina) for a variety of Apple operating systems, including iOS and macOS. However, in early August 2021, Zhipeng…

LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

Posted on January 11, 2022January 11, 2022 by Admin

First, we compiled the code into something easily handled by a fuzzer. For our purposes, we used the generation method that will allow us to cover as many code paths as possible with legitimate and dumb fuzzing using the AFL++ framework (evolution of AFL). This supplies some instrumentation for mutating pseudorandom bits, bytes, and words. We also attempted to collect every type of message that could be interpreted by the parser. We used the persistent…

Defending Systems Against Attacks With Layers of Remote Control

Posted on January 10, 2022January 10, 2022 by Admin

Fortunately, we were able to provide the customer with timely alert and intervention from the moment the initial intrusion via the cloud server was observed all the way to guidance during the cleanup and remediation process. Insights from the threat report and the threat handling perspective Incidents such as this provide security teams opportunities to see attacks from different angles and in a big-picture manner. We discuss key insights below that organizations can consider when…

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Posted on December 23, 2021December 23, 2021 by Admin

Evidence of attacks using the Log4j vulnerability was also shown in a test that triggered a bug on a Tesla car. For this case, the source does not provide much information on where it was actually executed. Nevertheless, this means that the exploitation of the vulnerability could still have an impact on the user’s privacy and the general security of the car because a back-end compromise could allow attackers to push actions to the car…

« 1 … 14 15 16 17 18 »

New Ransomware Spotted: White Rabbit and Its Evasion Tactics

Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques

Cybersecurity for Industrial Control Systems: Part 1

Analyzing an Old Bug and Discovering CVE-2021-30995

LoRaWAN’s Protocol Stacks: The Forgotten Targets at Risk

Defending Systems Against Attacks With Layers of Remote Control

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)