02.06.2022 | vmware.com
Emotet Is Not Dead (Yet)

Learn more about the recent attack campaign leveraged the increasingly abused Excel 4.0 (XL4) macros to spread Emotet payloads.

11.01.2019 | micahflee.com
Lies That WikiLeaks Tells You
12.05.2023 | cloudflare.com
Cloudflare’s view of Internet disruptions in Pakistan

Following the arrest of ex-PM Imran Khan, violent protests led the Pakistani government to order the shutdown of mobile Internet services and blocking of social media platforms. We examine the impact of these shutdowns on Internet traffic in Pakistan and traffic to Cloudflare’s 1.1.1.1 DNS resolver.

25.03.2023 | bugzero.io
Bug Zero at a Glance [Week 18 –24 March]

What happened with Bug Zero?

15.04.2023 | bugzero.io
Bug Zero at a Glance [Week 08-14 April]

What happened with Bug Zero?

14.02.2020 | us-cert.gov
MAR-10271944-1.v1 – North Korean Trojan: HOTCROISSANT | CISA

Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

09.09.2024 | sekoia.io
A glimpse into the Quad7 operators' next moves and associated botnets

Uncover the secrets of the Quad7 botnet and its ever-evolving toolset. Learn about the new backdoors and protocols used by these operators.

03.07.2012 | slideshare.net
(Mis)trusting and (ab)using ssh

Presentation on Confraria de Segurança da Informação, about SSH. 2Jul2012

04.10.2023 | ahnlab.com
Lazarus 위협 그룹의 Volgmer, Scout 악성코드 분석 보고서 - ASEC BLOG

개요1. Volgmer 백도어 분석…. 1.1. Volgmer 초기 버전…….. 1.1.1. Volgmer 드로퍼 분석…….. 1.1.2. Volgmer 백도어 분석…. 1.2. Volgmer 후기 버전…….. 1.2.1. Volgmer 백도어 분석2. Scout 다운로더 분석…. 2.1. 드로퍼 (Volgmer, Scout)…. 2.2. Scout 다운로더 분석…….. 2.2.1. Scout 다운로더 v1…….. 2.2.2. Scout 다운로더 v23. 결론 목차 국가 차원의 지원을 받는 공격 그룹으로 알려진 Lazarus 위협 그룹은 2009년부터 활동이 확인되며 초기에는 한국에서 주로 활동하였지만 2016년 이후에는 전 세계 방위산업, 첨단산업, 금융을 공격하고 있다. Lazarus 그룹은 공격 과정에서 주로 스피어 피싱, 공급망 공격,...

09.09.2024 | malware.news
9th September – Threat Intelligence Report

For the latest discoveries in cyber research for the week of 9th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The German air traffic control agency, Deutsche Flugsicherung, has confirmed a cyberattack that impacted its administrative IT infrastructure. The extent of data accessed is still under investigation, and flight operations remained unaffected. No threat actor has claimed responsibility yet, though the attack is suspected to have been caused by ...

18.09.2024 | ahnlab.com
Microsoft Edge browser security update advisory - ASEC

Overview   Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.   Affected Products   Microsoft Edge (Chromium-based)   Resolved Vulnerabilities   Memory Reuse After Freeing Vulnerability in the Autofill Function in Microsoft Edge 128.0.6613.137/.138 (Chromium-based) (CVE-2024-8639) Reuse […]

02.07.2019 | f5.com
New Golang Malware is Spreading via Multiple Exploits to Mine Monero

A newcomer to the malware scene, Golang-based malware has been seen installing cryptominers specifically targeting Moreno cryptocurrency.

11.10.2023 | trellix.com
Unraveling the Illusion of Trust: The Innovative Attack Methodology Leveraging the "search-ms" URI Protocol Handler

Join us as we delve into the mysterious world of the "search" or "search-ms" URI protocol attack. Threat actors craft deceptive emails and compromised websites to trick users into executing malicious code disguised as trusted files.

10.09.2024 | bankinfosecurity.com
German Cyber Agency Investigating APT28 Phishing Campaign

The German cyber agency is reportedly investigating a phishing campaign tied to Russian state hacking group APT28 that used a bogus website mimicking an influential

29.07.2024 | infoblox.com
Not All That Glitters is Gold: Cybercriminals Get in the Games | Infoblox

Will you take the bait or avoid the hook? With fake Olympic merchandise websites, ticket scams, and hacktivists pursuing their political agendas; the games aren't just entertainment for the masses, they are a threat actor's golden opportunity.

31.01.2024 | trendmicro.com
Pawn Storm Uses Brute Force and Stealth Against High-Value Targets

To help defenders learn more about Pawn Storm's activities and adjust their defenses, we offer a technical analysis of some of the threat actor's recent and updated techniques.

24.10.2015 | wordpress.com
Protecting Windows Networks – UAC

In the good old days, users on Windows machines had admin access by default, so malware and hackers didn’t really have to work hard to get the system completely compromised – they reall…

20.07.2022 | securonix.com
Securonix Threat Labs Initial Coverage Advisory: STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)
06.09.2018 | cisa.gov
Primary Stuxnet Advisory | CISA
10.10.2024 | securityboulevard.com
2024 GigaOm Radar for SaaS Security Posture Management (SSPM) Report

In the fast-paced world of SaaS, productivity gains can come at a cost. With enterprises using over 100 different SaaS applications on average, many organizations find themselves in an unmanaged landscape, leaving critical data—and customer PII—vulnerable. The post 2024 GigaOm Radar for SaaS Security Posture Management (SSPM) Report appeared first on AppOmni.

26.04.2023 | thehackernews.com
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks

Charming Kitten, the notorious Iranian state-sponsored APT group, has targeted multiple victims in the US, Europe, the Middle East and India.

25.04.2023 | thehackernews.com
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

Iranian nation-state threat actor linked to new phishing attacks targeting Israel with an updated version of a backdoor called PowerLess.

26.09.2024 | malware.news
Severe Vulnerabilities in Cisco IOS, IOS XE and Other Products Addressed – Patch Now

Severe Vulnerabilities in Cisco IOS, IOS XE and Other Products Addressed – Patch Now Cisco, a leading provider of network technologies, has issued new security advisories addressing 16 vulnerabilities affecting key products, including Cisco IOS, IOS XE, and Catalyst SD-WAN Routers. Released on September 25, 2024, the advisories detail nine high severity vulnerabilities, including those that could lead to Denial-of-Service (DoS) attacks or privilege escalation, among other risks that may enable ...

23.01.2023 | sans.edu
SANS ISC Stormcast: Daily Network Security News Summary; Cyber Security Podcast

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich

19.03.2023 | medium.com
Top Best 100 Ethical Hacking Tools, Where to download them, and what it is used for.

Ethical hacking, also known as white hat hacking, identifies vulnerabilities in computer systems and networks to prevent cyberattacks. To…

19.09.2018 | criteo.com
JCrete 2018 - Criteo Engineering

What is JCrete As described on the web site: An Open Spaces Conference on an…

16.11.2023 | checkmarx.com
Attacker targeting Python developers 

For close to six months, a malicious actor has been stealthily uploading dozens of malicious Python packages, most of them mimicking the names of legitimate ones, to bait unsuspecting developers.

21.07.2023 | thehackernews.com
Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

Beware of BundleBot, a stealthy malware strain that's stealing sensitive info from compromised hosts! It spreads through Facebook Ads.

21.06.2022 | talosintelligence.com
Avos ransomware group expands with new attack arsenal

By Flavio Costa, * In a recent customer engagement, we observed a month-long AvosLocker campaign. * The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. * The initial ingress point in this incident was a pair of VMWare Horizon Unified Access Gateways that were vulnerable to Log4Shell.

04.09.2018 | f5.com
Apache Struts 2 Vulnerability (CVE-2018-11776) Exploited in CroniX Crypto-Mining Campaign

Attackers are exploiting new vulnerabilities almost as quickly as they're being discovered.

18.09.2023 | securityboulevard.com
Technical Analysis of Bandit Stealer

This blog provides an analysis of the most advanced info-stealer on the market Bandit Stealer. Harvests browsers, crypto wallet, credit card data and many more

24.06.2021 | netspi.com
Azure Persistence with Desired State Configurations

See how the Azure Desired State Configuration VM Extension can be utilized by pentesters for robust persistence and recurring tasks.

28.10.2023 | bleepingcomputer.com
PC restarted by program, not sure if infected - Virus, Trojan, Spyware, and Malware Removal Help

PC restarted by program, not sure if infected - posted in Virus, Trojan, Spyware, and Malware Removal Help: I was using an icon changer program I downloaded from Major Geeks (which I presume is a safe website) and before running the program, I scanned it with Virus Total, my Avast Anti-Virus and even free version of Malwarebytes anti-malware. It all came clean, so I ran it. I was trying to change the icon of one of my drives with the program since I recently added a new 1TB ssd to my PC an...

28.01.2023 | intel471.com
An OSINT Story: It’s late Friday evening…

Taking a little break from our regular OSINT-themed posts, we wanted to mix it up a little this time and talk about the power of OSINT through a little…

13.04.2023 | elastic.co
BLISTER Loader — Elastic Security Labs

The BLISTER loader continues to be actively used to load a variety of malware.

25.03.2019 | 4sysops.com
Passing the Microsoft Azure Administrator Associate certification

In the last few months, Microsoft has released several role-based certifications covering their multiple cloud solutions. This post will cover their structure and resources to prepare yourself. Next, I'll dive into the Azure Administrator Associate certification, including how to prepare for the new lab-based scenarios.

27.10.2023 | bleepingcomputer.com
Persistent files. Stay even after I reinstall Windows. Is it malware? - Windows 10 Discussion

Page 1 of 2 - Persistent files. Stay even after I reinstall Windows. Is it malware? - posted in Windows 10 Discussion: I bought an old Lenovo t430 at a pawn shop for 20 bucks. It seems there is something strange going on with it. I have reinstalled windows numerous times but for some reason certain files stay with the same old date. 7/19. There also seems to be a ton of strange firewall rules. If someone could help me finally get it free of whatever is on it Id greatly appreciate...

19.04.2023 | redpacketsecurity.com
Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems - RedPacket Security

An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to

09.05.2023 | redpacketsecurity.com
Microsoft: Iranian hacking groups join Papercut attack spree - RedPacket Security

Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.

28.07.2023 | exploit-db.com
Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS

Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS.. webapps exploit for PHP platform

31.03.2023 | infosecwriteups.com
JWT Token Gatekeepers: Unleashing the Power of Secure Validation in Your Application

JSON Web Tokens (JWTs), sometimes pronounced “JOT,” are vital in securing access to your application’s resources by providing a compact…

12.06.2023 | infosecwriteups.com
Forging a Path to Account Takeover: Copy Password Reset Link Vulnerability worth $$$$.

Don’t stop on errors

26.04.2023 | redpacketsecurity.com
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks - RedPacket Security

The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a

25.04.2023 | redpacketsecurity.com
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor - RedPacket Security

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a

09.10.2024 | nationalcybersecurity.com
Insights from a Child Safety Online Symposium: Bridging Research and Policy | #childsafety | #kids | #chldern | #parents | #schoolsafey | National Cyber Security Consulting

Last week, CDT hosted a symposium with an expert group of academics, child safety researchers, digital rights advocates, and government representatives. These experts were convened with the goal of fostering collaboration between research and policy experts toward finding meaningful, research-driven discussions and solutions for protecting children online. The symposium, held under Chatham House Rule, was […]

01.04.2023 | nist.gov
NVD - CVE-2023-0191
09.04.2014 |
OpenSSL CVE-2014-0160 Heartbleed 嚴重漏洞 | DEVCORE 戴夫寇爾

OpenSSL 出現極嚴重漏洞 CVE-2014-0160,被稱為 Heartbleed。究竟是什麼漏洞嚴重到要稱為「心臟出血」呢?我的伺服器也跟著出血了嗎?越重要的函式庫越可能含有意想不到的嚴重漏洞,讓我們來看看這次 OpenSSL 出了什麼包!

10.09.2024 | tistory.com
김수키(Kimsuky) 에서 만든 악성코드-Terms and conditions(이용 약관).msc(2024.9.6)

오늘은 김수키(Kimsuky) 에서 만든 악성코드-Terms and conditions.msc에 대해 알아보겠습니다. 일단 해당 악성코드 해쉬값은 다음과 같습니다. 파일명:Terms and conditions.msc 사이즈:141 KB MD5:81d224649328a61c899be9403d1de92d SHA-1:f4895809cb38fa1f225340e99c05e477a5017111 SHA-256:cea22277e0d7fe38a3755bdb8baa9fe203bd54ad4d79c7068116f15a50711b09 해당 악성코드는 Terms and conditions(이용 약관) 이라는 제목으로 유포하고 있으며 PowerShell을 사용하여 외부에서 스크립트를 다운로드하고 실행하는 동작을 하는 것이 특징입니..

07.02.2018 | optiv.com
Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers. The attacks are focusing on Linux hosts that are running unpatched versions of Apache, JBoss and WebLogic. Attackers are exploiting Remote Code Execution exploits specific to the services in order to infect hosts with the mining malware. Infected hosts are configured to add a cronjob for download of the minerd ELF 64-bit executable and various configuration files for mining to the attacker’s wallet.

29.10.2023 | bleepingcomputer.com
Windows Command Processor is requesting permission to make changes - Virus, Trojan, Spyware, and Malware Removal Help

Windows Command Processor is requesting permission to make changes - posted in Virus, Trojan, Spyware, and Malware Removal Help: Hello,   I am running Windows 11, and for the past few weeks every time I turn on my laptop I get a pop that reads: Do you want to allow this app to make changes to your device?   The app is Windows command prompt.  If I click no it just pops back up until I click yes,   I scanned my computer completely with Total AV and found no viruses....

01.10.2021 | objective-see.com
Made In America: Green Lambert for OS X
05.06.2023 | infosecwriteups.com
Build Centralized Security Workflows in Github: A tale of Reusable Workflows

This blog walks you through how you can leverage github’s reusable workflows to create a centralised github repository for all your github…

31.12.2024 | silentpush.com
Explore Historic DNS -search with risk scores — Silent Push Threat Intelligence

A traditional DNS lookup gives you where a selected DNS record points at that moment in time, so today if I do a lookup for bbc.co.uk it will give me 4 IPs that it points to, one of them being 151.101.0.81. A Passive DNS search shows you a DNS history as seen in passively collected traffic. So

16.07.2020 | wired.com
Iranian Spies Accidentally Leaked Videos of Themselves Hacking

IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it’s targeting.

06.07.2023 | packetstormsecurity.com
Iranian hacking group impersonating nuclear experts to gain intel from Western think tanks

Proofpoint researcher tells SC Media campaign targeted — fewer than 10 individuals who received spearphishing emails from TA453, aka "Charming Kitten."

09.10.2024 | nationalcybersecurity.com
Texas AG sues TikTok for allegedly violating child safety law | #childsafety | #kids | #chldern | #parents | #schoolsafey | National Cyber Security Consulting

Texas Attorney General Ken Paxton has filed a lawsuit against TikTok, accusing the social media platform of violating the state’s new child safety law, the Securing Children Online through Parental Empowerment Act (SCOPE). Paxton claims TikTok has not complied with the law, particularly regarding the handling of personal data from minors. While TikTok offers a […]

06.12.2022 | lacework.com
AndroxGh0st - the python malware exploiting your AWS keys

Over the past year, nearly a third of compromised key incidents observed by Lacework are believed to be for the purposes of spamming or malicious email campaigns. And the majority of this activity has been linked to the same python malware dubbed AndroxGh0st

05.08.2024 | securelist.com
LianSpy: Android spyware leveraging Yandex Disk as C2

Previously unknown spyware LianSpy targets Android devices by exploiting root privileges to steal data and leveraging Yandex Disk cloud service as C2.

21.02.2019 | ahnlab.com
[주의] '2차 북미정상회담' 내용의 한글취약점 문서 - ASEC BLOG

안랩 ASEC은 곧 이루어질 2차 북미정상회담과 관련된 내용의 한글 EPS(Encapsulated PostScript) 취약점 악성 문서 파일이 유포되고 있는 정황을 포착하였다. EPS 파일을 이용한 악성 한글 HWP문서에 대한 상세한 취약점 정보와 보안 업데이트 정보는 아래의 포스팅을 참고하면 된다. – https://asec.ahnlab.com/1181 (제목: [주의] EPS 파일을 이용한 악성 한글 HWP 문서 | 업데이트 필수) – 2018.11.22  [그림-1] EPS 취약점 한글파일 내용 해당 파일은 내부 취약점이 있는 EPS 개체를 포함하고 있어 보안에 취약한 환경에서 파일을 열람할 시, Internet Explorer 브라우저(iexplore.exe)에 인젝션(Injection)을 수행하여 2차 악성 DLL 파일을 다운로드 및 실행하는 기능을 한다. [그림-2] EPS 내부 난독화 된 데이터 일부와 복호화 코드 위 [그림-2]에서 쉘코드에 해당하는 데이터(주황색 글씨)를 1바이트 키 값(0x64)으로 XOR하여 실행한다. [그림-3] XOR 복호화된 데이터 일부 한글보안 패치가 이루어지지 않은 시스템에서는 (한글 프로그램에서 EPS 처리를 담당하는) 정상 “gswin32c.exe” 프로세스에 의해 [그림-3]의 빨간 박스의...

03.10.2023 | zscaler.com
Statc Stealer: Decoding the Elusive Malware Threat

Beware of Statc Stealer: Hidden in ads, it unleashes malicious files. Stay vigilant, protect your devices and data from this stealthy threat.

17.03.2023 | mitigated.io
Out of Sight, Out of Code: Why You Need to Keep Your Secrets Safe

Imagine you’re a spy in a thrilling, action-packed movie. Your mission? To protect the world’s most precious secrets from falling into the…

06.09.2024 | darkowl.com
What is a Brute Force Attack?

In this blog series, we aim to explain and simplify some of the most commonly used terms. Let's dive into brute force attacks.

16.03.2023 | mitigated.io
Collaboration: The Key To Vulnerability Management

In today’s interconnected world, collaborating on vulnerability and risk mitigation is no longer a luxury — it is necessary for any…

20.06.2023 | infosecwriteups.com
Securing Your Infra: Exploring Nuclei’s Defense Arsenal

Hello Folks I came up with a New Project in Devsecops. This Project is Inspired by this ProjectDiscovery blog —…

23.07.2023 | medium.com
TheHive 5 Incident Management System: Enhancing Cybersecurity Resilience and Collaboration

TheHive is a robust and feature-rich open-source Security Incident Response Platform (SIRP) that enables organizations to effectively…

13.04.2021 | lacework.com
Carbine Loader Cryptojacking Campaign

Lacework Labs recently came across an interesting shell script that's part of an opportunistic Cryptojacking (T1496) campaign.

05.09.2024 | medium.com
Exploit VSFTPD 2.3.4

Understanding Vulnerabilities in VSFTPD 2.3.4

07.09.2023 | securityintelligence.com
New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

A new phishing campaign conducted by Hive0117 was recently discovered, delivering the fileless malware called DarkWatchman. Explore the analysis from IBM X-Force researchers.

09.10.2024 | nationalcybersecurity.com
UN cybercrime treaty rejection detrimental to US, says lead negotiator | #cybercrime | #infosec | National Cyber Security Consulting

Possible U.S. repudiation of the United Nations cybercrime treaty ahead of the UN General Assembly amid increased opposition by Biden administration officials and the tech sector was noted by Ambassador Deborah McCarthy, who served as the lead U.S. treaty negotiator for the ad hoc committee, to be damaging to the country following the treaty’s approval by the […]

06.09.2024 | medium.com
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully…

30.08.2024 | 1275.ru
Irannexus APT IOCs - SEC-1275-1

Irannexus APT IOCs - SEC-1275-1

14.08.2024 | blog.google
Iranian backed group steps up phishing campaigns against Israel, U.S.

Google’s Threat Analysis Group shares insights on APT42, an Iranian government-backed threat actor.

15.05.2023 | mandiant.com
Permhash — No Curls Necessary | Mandiant
20.08.2024 | proofpoint.com
Iranian hackers targeted Jewish figure with malware attached to podcast invite, researchers say

Hackers with suspected ties to Iran’s military targeted a prominent Jewish religious figure in a phishing campaign, researchers said Tuesday.

20.02.2013 | dontneedcoffee.com
CVE-2013-0431 (java 1.7 update 11) ermerging in Exploit Kits

Soon after Oracle released Java 7 Update 11, fixing exploit widely used (CVE-2013-0422), Adam Gowdiak warned on Full Disclosure about successful security sandbox bypass via a bug in MBeanInstantiator.

20.08.2024 | proofpoint.com
IRGC-Linked Hackers Roll Malware into Monolithic Trojan

Charming Kitten goes retro and consolidates its backdoor into a tighter package, abandoning the malware framework trend.

08.10.2024 | anquanke.com
手搓一个16进制编辑器-安全客 - 安全资讯平台

安全客 - 安全资讯平台

26.11.2018 | ahnlab.com
Analysis of CVE-2018-8174 Vulnerability - ASEC BLOG

AhnLab ASEC performed an analysis on IE vulnerability CVE-2018-8174 which is being widely used to distribute ransomware and Korean malware. This vulnerability is used to distribute Magniber ransomware as well, and users must apply security patch to prevent damage that can be done. MS security update page (CVE-2018-8174) – https://portal.msrc.microsoft.com/ko-kr/security-guidance/advisory/CVE-2018-8174 01. Summary 1) CVE-2018-8174 overview CVE-2018-8174 vulnerability is created as a result of object reuse that occurs when Use After Free vulnerability of VBScript engine surfaces. This vulnerability allows remote execution, and the affected versions are: Internet explorer 8, Internet explorer 9, Internet explorer 10, Internet explorer 11 (1803 or older version), Windows 10 (1803 or older), Windows 7, Windows 8, and Windows Server. 02. Background Knowledge 1) How VBScript engine runs a...

24.03.2021 | sekoia.io
Hunting and detecting Cobalt Strike

In this blogpost, we describe step by step how to ensure a proactive and defensive posture against Cobalt Strike.

01.02.2023 | ahnlab.com
윈도우 도움말 파일(*.chm) 로 유포 중인 AsyncRAT - ASEC BLOG

최근 악성코드의 유포 형태가 다양하게 변화하고 있다. 그 중 윈도우 도움말 파일(*.chm) 을 이용한 악성코드가 작년부터 증가하고 있으며, ASEC 블로그를 통해 아래와 같이 여러 차례 소개해왔다. 최근에는 AsyncRAT 악성코드가 chm 을 이용하여 유포 중인 것으로 확인되었다. 전체적인 동작 과정은 [그림 1] 과 같으며, 각 과정에 대해 아래에서 설명한다. 먼저, chm 파일을 실행하게 되면 기존에 소개했던 유형과는 다르게 빈 화면의 도움말 창이 생성된다. 이때 사용자 모르게 실행되는 악성 스크립트의 내용은 [그림 3] 과 같으며, 이전 유형들에 비해 비교적 간단한 형태인 것을...

16.01.2023 | medium.com
The main concepts of Principles of Security

Lab 1

11.08.2023 | nist.gov
NVD - CVE-2020-36037
09.10.2024 | nationalcybersecurity.com
Balancing Cybersecurity and Digital Employee Experience | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting

Balancing cybersecurity with a seamless digital employee experience (DEX) has become a critical challenge. Ensuring security often comes at the expense of usability, while prioritizing user experience can lead to risky behaviors that compromise organizational security. Striking the right balance is essential for both protecting corporate assets and ensuring employees remain productive and satisfied. I […]

12.02.2016 | paloaltonetworks.com
A Look Into Fysbis: Sofacy’s Linux Backdoor

Unit 42 takes a look into Fysbis: Sofacy’s Linux backdoor.

22.06.2023 | redpacketsecurity.com
Chinese APT15 hackers resurface with new Graphican malware - RedPacket Security

The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named 'Graphican' in a new campaign between late 2022 and

21.02.2017 | fortinet.com
FortiGuard Labs - Global Healthcare Threat Telemetry for Q4 2016

This Global Healthcare Threat Telemetry report examines the threat landscape of the global healthcare industry in Q4 2016. It is based on threat telemetry obtained by FortiGuard Labs’ research grou…

23.02.2024 | threathunt.blog
Hunting for signs of SEO poisoning - Threat hunting with hints of incident response

How to hunt for SEO poisoning? Well this is a good question to which I don't have a good answer. This query is going to go through the very basics of how this can be started but it is not really that easy to do. I've had several different ideas of how to hunt for

10.08.2020 | perimeterx.com
CSP Bypass Vulnerability in Google Chrome Discovered - Almost Every Website In The World Was At Risk | PerimeterX

CSP Bypass Vulnerability in Google Chrome Discovered - Almost Every Website In The World Was At Risk

03.04.2023 | medium.com
Demystifying Information Security, Cybersecurity, and IT Security

Hello folks! and welcome to my blog, where I discuss various aspects of technology and security. In this article, I aim to eliminate any…

28.01.2016 | securelist.com
BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents

Few days ago, we came by a new document that appears to be part of the ongoing attacks BlackEnergy against Ukraine. Unlike previous Office files used in the recent attacks, this is not an Excel workbook, but a Microsoft Word document.

17.04.2018 | googleblog.com
DNS over TLS support in Android P Developer Preview

Posted by Erik Kline, Android software engineer, and Ben Schwartz, Jigsaw software engineer [Cross-posted from the Android Developers Blog...

06.07.2018 | blogspot.com
Categorizing and Enriching Security Events in an ELK with the Help of Sysmon and ATT&CK

Lately, I have been working on a few projects such as OSSEM , HELK and ThreatHunter-Playbook with a main goal of integrating all of the...

10.09.2024 | infosecwriteups.com
Windows reverse shell that (almost) always works.

Summary

14.11.2023 | socprime.com
Remcos RAT Detection: UAC-0050 Hackers Launch Phishing Attacks Impersonating the Security Service of Ukraine - SOC Prime

Detect UAC-0050 phishing attacks impersonating the Security Service of Ukraine to spread Remcos RAT with Sigma rules from SOC Prime.

11.09.2024 | medium.com
The Key Role of Cybersecurity Strategy in Ensuring Enterprise Resilience

A cybersecurity strategy is a high-level document that outlines how an organization safeguards its assets and address its cybersecurity…

20.06.2023 | cisco.com
Accelerating Europe’s Connectivity: fast forward to sustainable, secure, and resilient networks

In this blog, we share our insights and recommendations for effective EU connectivity policies. Europe has brought forward various initiatives to address connectivity gaps, whilst the sector is undergoing a deep transformation in how connectivity is delivered and consumed. In this blog, we share our insights and recommendations for effective EU connectivity policies. Europe has brought forward various initiatives to address connectivity gaps, whilst the sector is undergoing a deep transformation in how connectivity is delivered and consumed.

30.08.2024 | thehackernews.com
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns

Iranian hackers linked to GreenCharlie deploy sophisticated phishing campaigns targeting U.S. political campaigns.

31.10.2017 | securityriskadvisors.com
New Vulnerability, Same Old Tomcat: CVE-2017-12617 - Security Risk Advisors

Tomcat has been a staple target for penetration testers and malicious actors for years. With ample opportunities to exploit security misconfigurations in the management GUI (tomcat:tomcat….) or technical vulnerabilities, it’s no wonder attackers continue to pay attention to the platform. On top of these issues, Apache Tomcat is often running as a System service, elevating […]

06.12.2007 | darknet.org.uk
MSF eXploit Builder - Free Win32 Exploit Development Platform - Darknet - Hacking Tools, Hacker News & Cyber Security

The MSF eXploit Builder (MSF-XB) is a free win32 application (GUI) that wants to be an Exploit Development Platform - to speed up exploit development.

20.04.2017 | malerisch.net
Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)

A blog about security research, web application security, software bugs and exploits.