research

Are Endpoints at Risk for Log4Shell Attacks

Posted on December 18, 2021December 18, 2021 by Admin

The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3 rating based on CVSS version 2.0 in terms of critical risk — and…

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Posted on December 15, 2021December 15, 2021 by Admin

Volatile and Adaptable: Tracking the Movements of Modern Ransomware Ransomware Trend Micro’s tracking of modern ransomware, as well as of older families, shows which attacks are gaining momentum and which families are particularly dangerous for enterprises and private users. By: Trend Micro Research December 15, 2021 Read time: ( words) In the first half of 2021, we saw that modern ransomware threats were still active and evolving, using double extortion techniques to victimize targets. Unlike…

Tropic Trooper Targets Transportation and Government Organizations

Posted on December 14, 2021December 15, 2021 by Admin

Our long-term monitoring of the cyberespionage group Earth Centaur (aka Tropic Trooper) shows that the threat actors are equipped with new tools and techniques. The group seems to be targeting transportation companies and government agencies related to transportation. Source link

A Look Into Purple Fox’s Server Infrastructure

Posted on December 13, 2021December 16, 2021 by Admin

Operating system execution via SQL Server Purple Fox focuses on SQL servers as its target as opposed to normal computers for the former’s cryptocurrency-mining activities. This is mainly because of the more powerful hardware configuration — for both CPU and memory — that the servers would usually have. More specifically for SQL servers, the combination of CPU, memory, and disk factors should scale with the database-related operations to avoid bottlenecks in performance. These machines normally…

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

Posted on December 13, 2021December 16, 2021 by Admin

A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware…

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

Posted on December 10, 2021December 17, 2021 by Admin

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes Ransomware We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management. By: Don Ovid Ladores December 10, 2021 Read time: ( words) We analyzed new samples of the Yanluowang ransomware, a recently discovered ransomware family. One interesting aspect of these samples is…

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Posted on December 9, 2021December 19, 2021 by Admin

New IoT botnet techniques During the observation period, we noted four new techniques added to threat actors’ arsenals. One is a newly implemented technique in botnet families called Masquerading: Match Legitimate Name or Location (T1036.005). It is a Defense Evasion technique that likely reflect the manufacturers’ increasing interest and efforts in securing these IoT devices or appliances. The technique involves adversaries trying to match the name and location of legitimate and trusted programs to hide…

What You Can Do to Mitigate Cloud Misconfigurations

Posted on November 30, 2021December 20, 2021 by Admin

Our data also showed a high frequency of Amazon Simple Storage Service (S3) rule violations. Still, it is necessary to examine the data further before fearing for the worst. For one, not all Amazon S3 buckets are supposed to be encrypted. In some instances, encryption is not needed. These are cases where the data needs to be served in clear text such as for public sites or data that needs to be openly accessed through…

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

Posted on November 29, 2021December 20, 2021 by Admin

Finally, we will analyze the two threads. The C&C communication thread regularly makes a GET request to <C&C domain>/<C&C path>?id=<9digit number>&stat=<environment hash>. The environment hash is computed as an MD5 hash of string created by concatenating the following five values: Value 1 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyMachineGuid))Value 2 = to_uppercase(crc32(HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProductName))Value 3 = to_uppercase(crc32(user name))Value 4 = to_uppercase(crc32(computer name))Value 5 = concatenate Value1 Value2 Value3 Value4 It might receive a response in the following format: !lexec;<url to download>restartdelproc…

« 1 … 15 16 17 18 »

Are Endpoints at Risk for Log4Shell Attacks

Volatile and Adaptable: Tracking the Movements of Modern Ransomware

Tropic Trooper Targets Transportation and Government Organizations

A Look Into Purple Fox’s Server Infrastructure

Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs

Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)