research

Oil and Gas Cybersecurity: Trends & Response to Survey

Posted on October 13, 2022October 13, 2022 by Admin

Q10：Thinking about the last 12 months, post-incident, does your organization make cybersecurity improvements in order to minimize the risks of future attacks? (N＝829) Compared to other industries, the disrupted time during cyberattacks is longer and the amount of damage is large, but the result is that they appear to be reluctant to improve cybersecurity. As mentioned above, it is difficult to stop the system, and even maintenance is required once a year, assuming continuous operation….

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

Posted on October 12, 2022October 12, 2022 by Admin

Tactic / Technique Notes TA0001 Initial Access T1566.001 Phishing: Spear phishing Attachment Victims receive spear phishing emails with attached malicious zip files – typically password protected or HTML file. That file contains an ISO file. T1566.001 Phishing: Spear phishing Link QAKBOT has spread through emails with newly created malicious links. TA0002 Execution T1204.001 User Execution: Malicious Link QAKBOT has gained execution through users accessing malicious link T1204.002 User Execution: Malicious Link QAKBOT has gained execution…

How Water Labbu Exploits Electron-Based Applications

Posted on October 5, 2022October 6, 2022 by Admin

We discovered that the Cobalt Strike instance added a persistence registry key to load an exploit file from an online code repository controlled by Water Labbu. The repository hosted multiple exploit files of CVE-2021-21220 (a Chromium vulnerability affecting versions before 89.0.4389.128) to execute a Cobalt Strike stager. It also contained files designed to target Meiqia (美洽), a Chinese desktop-based live chat app for online customer support that is used on websites. MeiQia (美洽) was developed…

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

Posted on October 3, 2022October 5, 2022 by Admin

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency Cyber Crime The parasitic Water Labbu capitalizes on the social engineering schemes of other scammers, injecting malicious JavaScript code into their malicious decentralized application websites to steal cryptocurrency. By: Joseph C Chen, Jaromir Horejsi October 03, 2022 Read time: ( words) We discovered a threat actor we named Water Labbu that was targeting cryptocurrency scam websites. Typically, cryptocurrency scammers use social engineering techniques, interacting with victims to…

Security Risks in Logistics APIs Used by E-Commerce Platforms

Posted on September 20, 2022September 20, 2022 by Admin

Security Risks in Logistics APIs Used by E-Commerce Platforms Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes September 20, 2022 Read time: ( words) The connectivity that we’ve experienced of late…

The Risk of Ransomware Supply Chain Attacks

Posted on September 20, 2022September 22, 2022 by Admin

Ransomware has been a major threat to cybersecurity throughout the years, dominating boardroom discussions. It is a type of malware that prevents or limits users from accessing their systems. Malicious actors lock the system’s screen or user files until a hefty ransom is paid. First seen in Russia between 2005 and 2006, ransomware’s popularity as a business model spread across the globe. By 2012, Trend Micro has observed a continuous spread of infections across Europe…

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

Posted on September 14, 2022September 14, 2022 by Admin

Using Workload Security to detect WebLogic vulnerability exploitation Workload Security’s correlation of telemetry and detections provided the initial security context in this campaign, which allowed security teams and analysts to track and monitor the malicious actor’s activities. The following Workload Security modules worked to detect the exploitation of CVE-2020-14882 on vulnerable systems: Intrusion prevention system module Workload Security’s intrusion prevention system module can tap into incoming traffic and effectively block and detect malicious network traffic….

« 1 … 6 7 8 9 10 … 18 »

Oil and Gas Cybersecurity: Trends & Response to Survey

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike

How Water Labbu Exploits Electron-Based Applications

Water Labbu Abuses Malicious DApps to Steal Cryptocurrency

The Risk of Ransomware Supply Chain Attacks

A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)